From ssilva at sgvwater.com Tue Apr 1 00:41:00 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 1 00:41:58 2008 Subject: wiki still suggesting ordb In-Reply-To: <47F14A3E.4000202@appstate.edu> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> <47F0E2C8.3070807@ecs.soton.ac.uk> <47F13BEA.9010709@ecs.soton.ac.uk> <47F14A3E.4000202@appstate.edu> Message-ID: on 3-31-2008 1:31 PM Laramie Combs spake the following: > Julian Field wrote: >> >> >> Scott Silva wrote: >>> on 3-31-2008 6:10 AM Julian Field spake the following: >>>> Thanks for that. Fixed the problem now. Hopefully other people can >>>> edit the page too. >>>> >>>> shuttlebox wrote: >>>>> On Mon, Mar 31, 2008 at 1:22 PM, Julian Field >>>>> wrote: >>>>> >>>>>> I've fixed the perms as much as I can (currently everything is world >>>>>> writable) and it still complains. >>>>>> Damn wikis :-( >>>>>> >>>>> >>>>> I found this: >>>>> >>>>> http://wiki.splitbrain.org/wiki:acl >>>>> >>>>> Maybe its of some help. >>>>> >>>>> >>>> >>>> Jules >>>> >>> Looks to be working now, but the edit now points to a soon to be >>> obsolete since spamhaus recommends to use zen instead of sbl+xbl. >>> >> Didn't know that one. Fixed. >> I've changed the default shipped MailScanner.conf file so it uses >> spamhaus-ZEN by default. >> That should be okay for a new installation shouldn't it? >> I'll add a note saying that they shouldn't use spamhaus lists unless >> they are a low-volume site or they have paid for a direct feed. >> >> Does that sound okay? >> >> Jules >> > My 2 cents worth says that I don't like zen because it includes the PBL, > which has gotten us into hot water in the past. There is a discalimer > on their site that says > > "Caution: Because the PBL lists normal customer IP space, do not use PBL > on smarthosts or SMTP AUTH outbound servers for your own customers (or > you risk blocking your own customers if their dynamic IPs are in the > PBL). Do not use PBL in filters that do any ?deep parsing? of Received > headers, or for other than checking IP addresses that hand off to your > mailservers." > > This was the case for us, as these same boxes do in and outbound > traffic, and caused us to start marking our own mail. Dropping back to > sbl-xbl fixed it for us. > > -Laramie I dug through the spamhaus website and now I can't find any mention of dropping the sbl+xbl lookups. Maybe they had a change of heart, or clients have complained because they want to avoid the PBL lookups. I have to admit I haven't looked there since late november. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/a6f72750/signature.bin From ssilva at sgvwater.com Tue Apr 1 00:43:50 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 1 00:45:16 2008 Subject: perms on bayes_journal In-Reply-To: <47F152C4.3030308@openenterprise.ca> References: <47F152C4.3030308@openenterprise.ca> Message-ID: on 3-31-2008 2:08 PM Johnny Stork spake the following: > I have found for some reason, on my MS (current) setup running on > Centos5, that the files in /etc/Mailcanner/bayes/ keep getting the > permissions changed and I am not sure how this is happening. Right now > they show > > root@gateway:/etc/MailScanner# ls -la bayes/ > total 14464 > drwxrwxrwx 2 777 root 4096 Mar 31 13:31 . > drwxr-xr-x 6 root root 4096 Mar 31 13:04 .. > -rw------- 1 777 root 48480 Mar 31 14:01 bayes_journal > -rwxrwxrwx 1 777 root 1152 Mar 31 13:41 bayes.mutex > -rwxrwxrwx 1 777 root 10514432 Mar 31 13:41 bayes_seen > -rw------- 1 777 root 5308416 Mar 31 13:41 bayes_toks > -rwxrwxrwx 1 777 root 423 Sep 24 2007 razor-agent.log > -rwxrwxrwx 1 777 root 0 Sep 24 2007 Starting > -rwxrwxrwx 1 777 root 0 Sep 24 2007 Update > > > > > And so bayes_journal and bayes_toks cant be accessed by MailScanner > which runs as root. I have to go in an chmod 777 bayes* in order for > MailScanner/SA to access those files, or to show the Bayes stats in the > MailWatch interface. > > Is there some place I should be setting the permissions for those files? > I dont want to have to keep going in an manually changing the modes. It looks like at one time you CHOWN'd to 777, which probably isn't what you wanted. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/4baa44fd/signature.bin From tech1 at computer-care.com.au Tue Apr 1 01:32:03 2008 From: tech1 at computer-care.com.au (Glen Prestidge) Date: Tue Apr 1 01:32:07 2008 Subject: [SPAM-LOW] Re: Every email is tagged as spam In-Reply-To: <20080331061959.0affeae7@scorpio> Message-ID: <001e01c8938f$cf092ab0$3c80a8c0@CWDOMAIN.local> Hi Gerard / others Not sure about where I am going to turn this off, I have only just starting playing around with this software ( or learning it) The items are now updated I have run portmanager p5-Mail-SpamAssassin-3.2.4_3 MailScanner-4.67.6_1 clamav-0.92.1_1 This server that these apps were installed on, has not been updated for about 6mths and this all started occurring prior to the portupgrade / portmanager Glen -----Original Message----- From: Gerard [mailto:gerard@seibercom.net] Sent: Monday, 31 March 2008 6:20 PM To: mailscanner@lists.mailscanner.info Cc: Glen Prestidge Subject: [SPAM-LOW] Re: Every email is tagged as spam On Mon, 31 Mar 2008 09:54:01 +0800 "Glen Prestidge" wrote: > I am having a problem with a customer's server running freebsd 6.2 > with Mailscanner + clamav + Spamassin > These are the version of what is currently installed > p5-Mail-SpamAssassin-3.1.7_1 > clamav-0.88. > MailScanner-4.55.10 > Every email that we get send to that server is classified as spam even > though no text in the email or it's from a legitimate source > I am reluctant to upgrade the software, using the portmanager program > on freebsd - it installs a new version of mail tools which knocks out > mailscanner. > This only started since Thursday of last week and nothing on the > server has been updated from what I can see, and staff at the office > don't have access to any of the servers there. First, check to see if you are using ordb.org. If you are, remove it. There are several postings on this list, and others, regarding it. Second, the program versions you listed above are seriously out-of-date. Especially, 'clamav', which I believe had a security problem that was corrected in the newest version. In any case, its scanning speed was improved vastly. I use FreeBSD myself, so I know something about it. I would recommend that you first update your ports tree. Then, assuming you are using the latest version of 'portmanager', run: 'portmanager -u -p -l -y' sans quotation marks. Reboot the system and check to see if 'Mailscanner' starts and runs correctly. It should. If not, reinstall 'MailScanner'. cd /usr/ports/mail/mailscanner make clean && make && make deinstall && make reinstall Actually, I do not have a problem when updating. I am not sure why you would either. -- Gerard gerard@seibercom.net The great nations have always acted like gangsters and the small nations like prostitutes. Stanley Kubrick From mark at msapiro.net Tue Apr 1 01:37:30 2008 From: mark at msapiro.net (Mark Sapiro) Date: Tue Apr 1 01:38:02 2008 Subject: what am I dealing with here? In-Reply-To: <10964996.201207001679729.JavaMail.root@mail.lctn.org> References: <20080331211705.GA1260@msapiro> <10964996.201207001679729.JavaMail.root@mail.lctn.org> Message-ID: <20080401003730.GA408@msapiro> On Mon, Mar 31, 2008 at 05:14:39PM -0500, admin@lctn.org wrote: > As long as kms.k12.mn.us has even just an A record in DNS, it will > get spam directed to that address. > > Removing the 10 kms.k12.mn.us MX might help, but probably not > completely. > > All our schools configure their firewall, so they only receive mail from our mailscanner. We leave the MX record in place, incase our server goes down, so they will still get their mail by removing the rule. It seems I misunderstood? I thought you said in your original post that the connect to kms.k12.mn.us was from a Venezuelan IP. You didn't show any Received: headers after the alleged connect from n75.bullet.mail.sp1.yahoo.com [98.136.44.51] to relay-4.lctn.org, so I don't see that, and maybe I got it wrong. Now that I look more closely, it seems that the Venezuelan IP was the possible original source of the message which then passed through some Yahoo servers to you. So if your question was how to give this message a higher score, I defer to Julian's response at . -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From hvdkooij at vanderkooij.org Tue Apr 1 06:31:33 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 1 06:32:37 2008 Subject: [SPAM-LOW] Re: Every email is tagged as spam In-Reply-To: <001e01c8938f$cf092ab0$3c80a8c0@CWDOMAIN.local> References: <001e01c8938f$cf092ab0$3c80a8c0@CWDOMAIN.local> Message-ID: <47F1C8B5.3080801@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glen Prestidge wrote: | Hi Gerard / others | | Not sure about where I am going to turn this off, I have only just starting | playing around with this software ( or learning it) Then you have not done what you should have done. Read the archives because this is what the mailinglist is chatting about all week. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH8cizBvzDRVjxmYERAsSSAKCZEfRF3V9+2P6ZGWyLaeyibVYu1gCgoUbs kg3Bf0/JoA7lVpxIW+wNCbo= =YjpY -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Apr 1 06:44:02 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 1 06:44:34 2008 Subject: what am I dealing with here? In-Reply-To: <29632052.2921206978809589.JavaMail.root@mail.lctn.org> References: <29632052.2921206978809589.JavaMail.root@mail.lctn.org> Message-ID: <47F1CBA2.5080704@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 admin@lctn.org wrote: | I got a call from a school we scan mail for, complaining they are | getting some inappropriate email, which is sailing through our scanner | with a very low score. Think VERY, VERY hard on wether you need yahoo to send email to you. I have actually blocked it all together. I get shitloads of spam from their servers and no one I know is using Yahoo. So nothing is lost in blocking it. If you still want it then make sure you do not give them any credit by giving negative spam points for having a valid DKIM header for example. | 127.0.0.1 relay-4.lctn.org (GeoIP Lookup Failed) [ ] [ | ] [ ] [ ] This is a config problem on your host. It should not list a loopback address with your hostname attached to it. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH8cugBvzDRVjxmYERAtF8AJ9YyMVu3hMZI0sKJj4YoJjKZ1MmNwCghDfS fyqqEfebkflRRHo6ryymo5M= =yQlr -----END PGP SIGNATURE----- From jan-peter at koopmann.eu Tue Apr 1 07:48:47 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Tue Apr 1 07:50:14 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com><47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org><47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org><47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org><47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org><223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> Message-ID: Hi, this will probably be my last comment to this as well since it really makes no sense any more. If (!) I understood Peters setup correctly - which due to some later comments is only a 90% fact - I totally agree with Matt, Glenn, Stephen etc. > Well I guess that it all comes down to what works best for you, I like > being on this list because we can all share stuff together and some > really good stuff comes up quite alot.... Good to here. But if your setup under any circumstances produces backscatter (and I am pretty sure there are joe-job attacks that your scenario will not DISCARD) it is not only your problem and your network anymore. However, since no backscatter will ever reach my clients or my mailserver I do not really care about that so much personally. So yes: Please continue whatever you are doing. > ~For me I like very much *not* to know about what my clients do with > their email servers which are all not MailScanners of any kind. I > like > very much to filter their email very effectively, without having to > even > go to their site or configure any of their servers. All of us agree to this point. And all solutions we presented fulfill this requirement 100%. And most of us here are not talking about small mail installations with a few thousand mails per day. I am pretty sure that Julians implementations scale far higher than that. And Stephen is actually living from a mail-filtering product that is doing exactly what you want and doing it so efficiently that even a very small box can filter millions of mails per day and do that for thousand of domains and backend servers. > For the avoidance of doubt my clients are the ones who pay my mortgage, > this way works supremely well for me and those clients. I still think some of the magic of your implementation did not reach us. What if I send a mail to one of your clients and do get the address wrong? I am not a spammer. I would expect to receive a valid NDR for that. - Is the message going to be discarded? If yes: by whom? - If being rejected: By whom? - Who/what is making the decision whether to accept, reject, discard, deliver the message (coming from a valid sender going to an invalid recipient) based on what? - Is my mail then finally going to your (not the client's) postmaster mailbox? If so, bare in mind that this is very unexpected behavior and in some countries even on the verge of being illegal. If you rejected at the correct level I would receive a NDR and the only person having to deal with it is the person who made the mistake in the first place: I. Not your clients, not you. In your explanation (which I am honestly looking forward to) please humor me and assume that there is no such thing as a reliable list of spammers (neither IP nor address based), since as Stephen pointed out, there is none. IPs keep changing every few days, even if you block all dial-in networks. Addresses of spammers are fluctuating as well and in many cases are perfectly valid due to spoofing. So how do you make that decision? > There might be one day where I might want to use a REJECT, but 3 > million+ messages a month and I still haven't found a use for it yet > over a discard. See my example above. And please try to answer to some of the points others made. If you accept a mail that you later have to discard/reject you are either wasting your mailscanner resources, lose information (or send it to someones postmaster box where it does not belong) or produce backscatter. > Things get messy real quick with this type of volume of mail, > especially > when you don't hold any mailboxes on any of your own machines. That is completely irrelevant. If you do a smart recipient verification with caching (using postfix, milter-ahead, exim, barricade mx) this will cost you very little. Even millions of mails a day will not bring this particular system down. A really DDossy joe-job might influence your system but from what I understand it will do so much more in your current setup. You only gain. And no: You do not need to know anything about the client's system. That is the beauty. Even if you encounter a dumb smarthost: Some implementation (exim for sure) will discover this and interpret the answer so that it will not ask that smarthost (let's call it proxy!) again since it would make no sense. >> It actually doesn't. Work better, that is:-). But I'm pretty certain >> I'll bnever convince you of that...;-). >> And the beuty of the call-ahead... is that you needn't care onewhit >> about smarthosts or anything. Because when that host accept the mail, >> you are out of the DSN-loop... it is their problem;-). >>you are out of the DSN-loop... it is their problem;-). >--I'm their postmaster--- remember--- my clients don't want it to be "their problem".. If they accept the mail (for whatever reason): How is it not their problem? The only point where the actual decision whether the recipient is correct or not can be determined is the final host with the mailboxes on it (this does not mean that the front-end MX could not automatically learn valid/invalid recipients and do the rejection where it should take place which is at the earliest possible time/position): The client's machine. Every installation I know (and I have seen quite a few) is capable of rejecting invalid recipients. Even Exchange 5.5 with proper tools is. And besides the obvious case of a deliberate spam-trap there is absolutely no point whatsoever in accepting mail for nonexistent recipients on the final machines since this will most definitely result in wasting of resources (theirs and ours). Even if you - with yet to be described magic - manage to discard all their unnecessary NDRs: They have to send it. Now if this is a small client with a small box and I would start a joe-job with about a million mails to them, this would really mean trouble for their MTA and their connectivity. :-) Therefore: Either their system is setup correctly and only accepts mails for valid recipients or they are doing something wrong. If you are their smarthost for outgoing mails as well I would demand that their system only accepts mails for valid recipients. Otherwise you have a totally unnecessary problem on your machine. We are not talking about rocket science. In most MTAs we are talking about either the default configuration or very few very well documented config-lines. In Exchange we are talking about two checkboxes (if I remember correctly) that need to be checked. If they fail to do this it is their problem. And yes: You have every right to do it differently and create problems you would not have with other solutions. As long as it stays your problem I am totally fine with that. And thanks to Stephen (and his crew) I could not care less about backscatter... :-) Kind regards, JP From MailScanner at ecs.soton.ac.uk Tue Apr 1 10:04:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 10:05:27 2008 Subject: perms on bayes_journal In-Reply-To: <47F152C4.3030308@openenterprise.ca> References: <47F152C4.3030308@openenterprise.ca> Message-ID: <47F1FAA9.8080308@ecs.soton.ac.uk> Johnny Stork wrote: > I have found for some reason, on my MS (current) setup running on > Centos5, that the files in /etc/Mailcanner/bayes/ keep getting the > permissions changed and I am not sure how this is happening. Right now > they show > > root@gateway:/etc/MailScanner# ls -la bayes/ > total 14464 > drwxrwxrwx 2 777 root 4096 Mar 31 13:31 . > drwxr-xr-x 6 root root 4096 Mar 31 13:04 .. > -rw------- 1 777 root 48480 Mar 31 14:01 bayes_journal > -rwxrwxrwx 1 777 root 1152 Mar 31 13:41 bayes.mutex > -rwxrwxrwx 1 777 root 10514432 Mar 31 13:41 bayes_seen > -rw------- 1 777 root 5308416 Mar 31 13:41 bayes_toks > -rwxrwxrwx 1 777 root 423 Sep 24 2007 razor-agent.log > -rwxrwxrwx 1 777 root 0 Sep 24 2007 Starting > -rwxrwxrwx 1 777 root 0 Sep 24 2007 Update > > > > > And so bayes_journal and bayes_toks cant be accessed by MailScanner > which runs as root. I think you've got a typo here somewhere. If MailScanner is running as root, then by definition it can access all files. > I have to go in an chmod 777 bayes* in order for MailScanner/SA to > access those files, or to show the Bayes stats in the MailWatch > interface. > > Is there some place I should be setting the permissions for those > files? I dont want to have to keep going in an manually changing the > modes. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ben.tisdall at photobox.com Tue Apr 1 11:01:14 2008 From: ben.tisdall at photobox.com (Ben Tisdall) Date: Tue Apr 1 11:03:21 2008 Subject: Rationale of bumping bayes scores Message-ID: <47F207EA.9090907@photobox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, what's the thinking behind the bumping up/down of SA scores for bayes rules in the default config? We've got spam that's tripping dcc, razor etc but being allowed due to bayes_00 subtracting 15 points. I'm guessing I'll be told to fix our bayes db :) Best regards, Ben. - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH8gfqZ929emua3lsRAgd5AJ9WWZizhPv6qchKE/zRkW6U3BsQkgCfTy4z dSVyAKIVxYXUlqhdQM+B2sE= =9BIZ -----END PGP SIGNATURE----- From gerard at seibercom.net Tue Apr 1 11:28:30 2008 From: gerard at seibercom.net (Gerard) Date: Tue Apr 1 11:29:29 2008 Subject: Every email is tagged as spam In-Reply-To: <001e01c8938f$cf092ab0$3c80a8c0@CWDOMAIN.local> References: <20080331061959.0affeae7@scorpio> <001e01c8938f$cf092ab0$3c80a8c0@CWDOMAIN.local> Message-ID: <20080401062830.140a5dc7@scorpio> On Tue, 1 Apr 2008 08:32:03 +0800 "Glen Prestidge" wrote: > Gerard > "Glen Prestidge" wrote: > > > I am having a problem with a customer's server running freebsd 6.2 > > with Mailscanner + clamav + Spamassin > > > These are the version of what is currently installed > > p5-Mail-SpamAssassin-3.1.7_1 > > clamav-0.88. > > MailScanner-4.55.10 > > > Every email that we get send to that server is classified as spam > > even though no text in the email or it's from a legitimate source > > > I am reluctant to upgrade the software, using the portmanager > > program on freebsd - it installs a new version of mail tools which > > knocks out mailscanner. > > > This only started since Thursday of last week and nothing on the > > server has been updated from what I can see, and staff at the office > > don't have access to any of the servers there. > > First, check to see if you are using ordb.org. If you are, remove it. > There are several postings on this list, and others, regarding it. > > Second, the program versions you listed above are seriously > out-of-date. Especially, 'clamav', which I believe had a security > problem that was corrected in the newest version. In any case, its > scanning speed was improved vastly. > > I use FreeBSD myself, so I know something about it. I would recommend > that you first update your ports tree. Then, assuming you are using > the latest version of 'portmanager', run: 'portmanager -u -p -l -y' > sans quotation marks. Reboot the system and check to see if > 'Mailscanner' starts and runs correctly. It should. If not, reinstall > 'MailScanner'. > > cd /usr/ports/mail/mailscanner > make clean && make && make deinstall && make reinstall > > Actually, I do not have a problem when updating. I am not sure why you > would either. > Hi Gerard / others > > Not sure about where I am going to turn this off, I have only just > starting playing around with this software ( or learning it) > > The items are now updated I have run portmanager > > p5-Mail-SpamAssassin-3.2.4_3 > MailScanner-4.67.6_1 > clamav-0.92.1_1 > > This server that these apps were installed on, has not been updated > for about 6mths and this all started occurring prior to the > portupgrade / portmanager Glen, please don't top post. It makes following a thread a lot more difficult than it needs to be. Could you please describe in detail exactly what your problem is now. You will need to include logs, configuration files, etc. where relevant to the problem(s) you are experiencing. For the record, did you remove any reference to: ordb.org in your configuration file? Also, did you try rebooting your system after updating? You should also check out the clamd.conf file since it is significantly different from the one you were using with your older version of clamav. Changes made to these files will not be reflected until you restart the daemons; therefore, I would suggest that you make any required modifications to them prior to rebooting the system or restarting the programs. One last thing, since I do not know the specifics of your system, did you read the '/usr/ports/UPDATING' file to see if there were any notes that pertained to files being updated on your system? It is always a good place to start. -- Gerard gerard@seibercom.net The early worm gets the bird. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080401/fa82c623/signature.bin From veliogluh at itu.edu.tr Tue Apr 1 11:53:23 2008 From: veliogluh at itu.edu.tr (Hakan VELIOGLU) Date: Tue Apr 1 11:54:37 2008 Subject: clamd and clamav with failover In-Reply-To: <001e01c8938f$cf092ab0$3c80a8c0@CWDOMAIN.local> References: <001e01c8938f$cf092ab0$3c80a8c0@CWDOMAIN.local> Message-ID: <20080401135323.j2m8jtox354owwcs@webmail.itu.edu.tr> Hi, Can mailscanner use clamav and clamd with failover. I mean it uses clamd for primary scanner and when clamd gets down or crashed it could use clamav until the next reload ( or restart). Is there a trick that I can use this behaviour. Hakan ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From MailScanner at ecs.soton.ac.uk Tue Apr 1 13:43:58 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 13:44:47 2008 Subject: Rationale of bumping bayes scores In-Reply-To: <47F207EA.9090907@photobox.com> References: <47F207EA.9090907@photobox.com> Message-ID: <47F22E0E.6080103@ecs.soton.ac.uk> Ben Tisdall wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > what's the thinking behind the bumping up/down of SA scores for bayes > rules in the default config? We've got spam that's tripping dcc, razor > etc but being allowed due to bayes_00 subtracting 15 points. Since when did bayes_00 score -15? I thought it was about -2.6. What version of SpamAssassin are you running? Are you running sa-update every night? > > I'm guessing I'll be told to fix our bayes db :) > > Best regards, > > Ben. > > - -- > Ben Tisdall > Linux Systems Administrator > www.photobox.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iD8DBQFH8gfqZ929emua3lsRAgd5AJ9WWZizhPv6qchKE/zRkW6U3BsQkgCfTy4z > dSVyAKIVxYXUlqhdQM+B2sE= > =9BIZ > -----END PGP SIGNATURE----- Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From admin at lctn.org Tue Apr 1 13:45:11 2008 From: admin at lctn.org (admin@lctn.org) Date: Tue Apr 1 13:45:54 2008 Subject: what am I dealing with here? In-Reply-To: <5365473.401207053881908.JavaMail.root@mail.lctn.org> Message-ID: <10067728.421207053911694.JavaMail.root@mail.lctn.org> >If you still want it then make sure you do not give them any credit by >giving negative spam points for having a valid DKIM header for example. >This is a config problem on your host. It should not list a loopback >address with your hostname attached to it. Thanks much for the comments. I was messing with the host settings a few days ago, and didn't realize I had left the loopback address in place. Fixed that now. As far as blocking Yahoo, that is not a viable solution, since I cannot dictate who can send mail to the 20 school districts I manage. I had lost the doc that was sent to me from the school that has noticed the issue. I retrieved it last night, and was looking over the header info. Two that I looked at had bogus to, and from info, so I am not sure how it even ended up at the school. That was the info I meant to send with my first post. It almost seemed like the sender was bouncing off of my server, but I don't see any indication the server has been compromised. I included one header below. Received: from relay-4.lctn.org [64.8.148.4] by kms.k12.mn.us with ESMTP (SMTPD-9.22) id AECD01E4; Sat, 29 Mar 2008 06:58:05 -0500 Received: from n78.bullet.mail.sp1.yahoo.com (n78.bullet.mail.sp1.yahoo.com [98.136.44.42]) by relay-4.lctn.org (Postfix) with SMTP id D27BB3800C8 for ; Sat, 29 Mar 2008 06:58:00 -0500 (CDT), Found to be clean Received: from [216.252.122.217] by n78.bullet.mail.sp1.yahoo.com with NNFMP; 29 Mar 2008 11:57:44 -0000 Received: from [69.147.65.167] by t2.bullet.sp1.yahoo.com with NNFMP; 29 Mar 2008 11:57:44 -0000 Received: from [127.0.0.1] by omp502.mail.sp1.yahoo.com with NNFMP; 29 Mar 2008 11:57:44 -0000 X-Yahoo-Newman-Property: ymail-5 X-Yahoo-Newman-Id: 223248.63370.bm@omp502.mail.sp1.yahoo.com Received: (qmail 73645 invoked by uid 60001); 29 Mar 2008 11:57:44 -0000 X-YMail-OSG: ya5jHRQVM1kffY18TagCnS1ihBmgHFS_ulpGyHyQwVzTfSAuwOoldZGW9FojvBQlb18qMfMvN3MuLoq2.KCS_I9XqZK55uVSh__twWr_vWlplfoIsNtigd_4tqzQvBZURj1aoqnNzHZtajobmri5AowZIdKwaTQKD3Ge0QbN0isrvH4.gsG2Y_G4dmDX4a6gkZiJ7skAFIn24wV0qGtnc4Qi8.lGhzxxES0uoVwZjA-- Received: from [77.218.62.119] by web45109.mail.sp1.yahoo.com via HTTP; Sat, 29 Mar 2008 04:57:43 PDT Date: Sat, 29 Mar 2008 04:57:43 -0700 (PDT) From: elke vanzanten Subject: hey To: kelekia@interpac.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1049636514-1206791863=:70178" Content-Transfer-Encoding: 8bit Message-ID: <8831.70178.qm@web45109.mail.sp1.yahoo.com> X-Spam-Status: No X-RCPT-TO: Status: ` X-UIDL: 436929799 X-IMail-ThreadID: 2ecc00ca00001b26 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080401/2d20c1e0/attachment.html From campbell at cnpapers.com Tue Apr 1 13:56:47 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Apr 1 13:57:26 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F16A55.7090508@fsl.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> Message-ID: <47F2310F.4020900@cnpapers.com> Sorry, all of you that have replied, but, as the original poster of this thread, I have to admit that I might have not asked the question very well, as it looks as if you are all misunderstanding the original question. Let me try to rephrase it, please: Which is better: sendmail or postfix? :-) Anyway, I think I get the point by the way this has drifted around. I'll put my servers to the test with both REJECT and DISCARD and see which does better. One thing I might add though, is that I can see the benefit of both ways, especially in my situation here. I have two servers that are primary for two different domains. Each primary is backup for the other domain. I do call-ahead using MimeDefang. I think I have all bases covered, and even think that using either option would result in pretty much the same end result. There are so many different ways an email network can be constructed that it appears to be a non-absolute answer. Thanks so much. Steve From campbell at cnpapers.com Tue Apr 1 14:00:24 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Apr 1 14:00:47 2008 Subject: perms on bayes_journal In-Reply-To: References: <47F152C4.3030308@openenterprise.ca> Message-ID: <47F231E8.7050109@cnpapers.com> Scott Silva wrote: > on 3-31-2008 2:08 PM Johnny Stork spake the following: >> I have found for some reason, on my MS (current) setup running on >> Centos5, that the files in /etc/Mailcanner/bayes/ keep getting the >> permissions changed and I am not sure how this is happening. Right >> now they show >> >> root@gateway:/etc/MailScanner# ls -la bayes/ >> total 14464 >> drwxrwxrwx 2 777 root 4096 Mar 31 13:31 . >> drwxr-xr-x 6 root root 4096 Mar 31 13:04 .. >> -rw------- 1 777 root 48480 Mar 31 14:01 bayes_journal >> -rwxrwxrwx 1 777 root 1152 Mar 31 13:41 bayes.mutex >> -rwxrwxrwx 1 777 root 10514432 Mar 31 13:41 bayes_seen >> -rw------- 1 777 root 5308416 Mar 31 13:41 bayes_toks >> -rwxrwxrwx 1 777 root 423 Sep 24 2007 razor-agent.log >> -rwxrwxrwx 1 777 root 0 Sep 24 2007 Starting >> -rwxrwxrwx 1 777 root 0 Sep 24 2007 Update >> >> >> >> >> And so bayes_journal and bayes_toks cant be accessed by MailScanner >> which runs as root. I have to go in an chmod 777 bayes* in order for >> MailScanner/SA to access those files, or to show the Bayes stats in >> the MailWatch interface. >> >> Is there some place I should be setting the permissions for those >> files? I dont want to have to keep going in an manually changing the >> modes. > It looks like at one time you CHOWN'd to 777, which probably isn't > what you wanted. > Isn't that an invalid user '777' and not a chmod '777'? Did you copy these from another machine that had a user with 777 as the user id and that doesn't exist on the current machine? Steve From martyn at invictawiz.com Tue Apr 1 13:59:42 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Tue Apr 1 14:03:54 2008 Subject: what am I dealing with here? In-Reply-To: <47F1CBA2.5080704@vanderkooij.org> References: <29632052.2921206978809589.JavaMail.root@mail.lctn.org> <47F1CBA2.5080704@vanderkooij.org> Message-ID: <47F231BE.1060005@invictawiz.com> Hugo van der Kooij wrote: > admin@lctn.org wrote: > | I got a call from a school we scan mail for, complaining they are > | getting some inappropriate email, which is sailing through our scanner > | with a very low score. > > Think VERY, VERY hard on wether you need yahoo to send email to you. I > have actually blocked it all together. I get shitloads of spam from > their servers and no one I know is using Yahoo. So nothing is lost in > blocking it. > > If you still want it then make sure you do not give them any credit by > giving negative spam points for having a valid DKIM header for example. > > | 127.0.0.1 relay-4.lctn.org (GeoIP Lookup Failed) [ ] [ > | ] [ ] [ ] > > This is a config problem on your host. It should not list a loopback > address with your hostname attached to it. > > Hugo. > A general lookout for anyone in the UK. You should think very hard before you block Yahoo. Yahoo handle the email for BT Internet so block Yahoo, and you are blocking BT Internet. One or two unhappy users? Martyn Routley -------------------------------------------------------- Invictawiz - The Internet in Plain English, Guaranteed web: http://www.invictawiz.com voip: 6000@sip.invictawiz.com phone: 0845 003 9020 Reg Addr: 9 Eastmead Ave, Ashford, Kent, TN23 7SB Co. No: 04253262 -------------------------------------------------------- ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- From ajcartmell at fonant.com Tue Apr 1 14:27:37 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Tue Apr 1 14:28:19 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F2310F.4020900@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> Message-ID: > Which is better: sendmail or postfix? :-) Running a production server under Fedora Core, or CentOS? ;) Anthony -- www.fonant.com - Quality web sites From ben.tisdall at photobox.com Tue Apr 1 15:10:01 2008 From: ben.tisdall at photobox.com (Ben Tisdall) Date: Tue Apr 1 15:10:50 2008 Subject: Rationale of bumping bayes scores In-Reply-To: <47F22E0E.6080103@ecs.soton.ac.uk> References: <47F207EA.9090907@photobox.com> <47F22E0E.6080103@ecs.soton.ac.uk> Message-ID: <47F24239.2050501@photobox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: |> Since when did bayes_00 score -15? I thought it was about -2.6. |> What version of SpamAssassin are you running? Are you running sa-update |> every night? | Ah. I was looking at this in spam.assassin.prefs.conf on the box in question. # Bump up SpamAssassin scores on the high and low end score BAYES_00 -15.0 score BAYES_05 -10.0 score BAYES_95 10.0 score BAYES_99 15.0 In my haste I hadn't noticed that on my other two MS boxen these were commented. Chalk that one up to my predecessor I guess... And yes, update_spamassassin runs nightly. Thank you Jules. Best regards, Ben. - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH8kI5Z929emua3lsRAjl1AKCP4ieNFy9euNGpA/5sLw7A6Lh0fQCfRjhN w3xoX296PkItN1+tVJSu1bs= =pe98 -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Tue Apr 1 15:31:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 15:32:18 2008 Subject: MailScanner ANNOUNCE: 4.68.8 stable released Message-ID: <47F24745.2090703@ecs.soton.ac.uk> Folks, I have just released the latest stable release of MailScanner version 4.68.8. This is *not* an April Fool's joke :-) Major new improvements this month are: - Support for the *very fast* fpscand daemon supplied with F-Prot version 6. - New method of updating bad phishing sites configuration list to use major new fireproof delivery system. Many thanks to Matt Hampton for all his help with this. - filename.rules.conf and filetype.rules.conf can now list email addresses. Emails containing attachments matching these names or types will be diverted to these addresses instead of the original recipients. - New "Automatic Syntax Check" option (on by default) to check your configuration is syntactically correct before trying to start up. Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Support for the Fpscand daemon that is supplied with F-Prot version 6. Add this line to your virus.scanners.conf f-protd-6 /bin/false /usr/local/f-prot and set "Virus Scanners = f-protd-6" in your MailScanner.conf. This is very much faster than the f-prot-6 command-line scanner. 3 Improved the list of ignored web-bug filenames. 3 New update_bad_phishing_sites script to use major new fireproof delivery system. Many thanks to Matt Hampton for all his time and support with this. 3 Updated to Catalan translation. 3 Updated support for Vexira "vascan" virus scanner. 3 Changed location of Web-Bug Replacement image. upgrade_MailScanner_conf will put in the new URL. This will give significantly better response to your users. 3 Added new option "Log SpamAssassin Rule Actions" so that you can see exactly what actions fire on what messages from the "SpamAssassin Rule Actions" setting. 3 Added new option to the filename.rules.conf and filetype.rules.conf files. Instead of "allow", "deny" or "deny+delete", you can now specify a space or comma-separated list of email addresses. If the filename or filetype rule is matched, the message is sent to these new addresses instead of the ones given in the original email address. 3 Updated support for latest versions of Esets virus scanner from Nod32. 4 Added Net-DNS and Digest-SHA1 to the main MailScanner distributions so that they are installed appropriately ready for when you install Razor. This way they are installed as RPMs and not just plain Perl modules, as the RPM of Razor requires them to have been installed as RPMs. 4 New configuration option "Automatic Syntax Check" added, default is "yes", which causes a quick syntax check of the MailScanner.conf file and the other configuration files, printing out errors on the console, instead of just logging them to your system's mail log as it did before. This will hopefully make it easier for novices to get going successfully. 5 SpamAssassin Cache will no longer cache "timed out" responses. 5 Upgraded to perl-Digest-SHA1 version 2.11. 6 Added SpamAssassin MCP patch for 3.2.4. 7 Changed default supplied High-Scoring Spam Actions to "store". That way users don't have to work out how to change it, to reduce their spam a lot. * Fixes * 2 Improved MakeNameSafe() to fix problems caused by f-protd-6 working with filenames containing spaces (which it cannot handle!). 2-2 Fixed error in --lint support for F-Protd-6. 2-3 Typo, missed out a "$" :-( 3 Fixed important bug in f-protd handling code. 4 Fixes to Ruleset-From-Function.pm Custom Function code. 5 Fixed various issues with new automatic syntax check (--lintlite) code. 6 Fixed IPBlock problem with MailScanner --lintlite. 6 Fixed Postfix milter problem (thanks Glenn!). 7 Fixed problem with Inline images in HTML signatures. Now works with nested multiple replies. 8 Fixed bug where original unsafe filename wasn't used correctly when auto- replacing attachments with zipped copies to save space in mail stores. Thanks to Armand Leroux at Capgemini for finding this one. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.siddall at elirion.net Tue Apr 1 16:00:16 2008 From: richard.siddall at elirion.net (Richard Siddall) Date: Tue Apr 1 16:01:05 2008 Subject: Way OT: What's the status of Julian's World Tour? Message-ID: <47F24E00.6040107@elirion.net> What's the status of Julian's World Tour? http://wiki.mailscanner.info/doku.php#jules_world_tour According to the MailScanner wiki, the USA section was supposed to happen in 2007: http://wiki.mailscanner.info/doku.php?id=worldtour:usa Presumably this didn't happen due to Julian's illness last year. Anyone want to post an updated target date? Regards, Richard Siddall From Kevin_Miller at ci.juneau.ak.us Tue Apr 1 16:07:11 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Apr 1 16:07:51 2008 Subject: How to check for existing mail accounts? In-Reply-To: <12776790.391206754928334.JavaMail.root@zimbra.mckerrs.net> References: <12776790.391206754928334.JavaMail.root@zimbra.mckerrs.net> Message-ID: Brian McKerr wrote: > > I have a Zimbra server which, of course, runs openldap and I *used* > to do dynamic LDAP look ups to see if user accounts were valid from > my MS/Postfix gateway. It worked well, but I have since changed to > *not* use LDAP dynamically because whenever I do maintenance on the > zimbra box, the gateway box cannot validate users and therefor > bounces mail. Not good. I now have a script that runs every hour and > it does an LDAP lookup and dumps all valid user account names into a > file that then gets hashed for postfix to look up. Now I can leave > the zimbra machine (vm) down for any amount of time during the night > to take a 'cold' backup of it, without worrying about bouncing > emails. One thing you can do is to have multiple MX hosts, so that when you do service on one, it isn't listening to inbound traffic, hence no bounces. All the traffic is handled by the other mail gateway(s). The backups don't necessarily have to be that beefy - just powerful enough to handle the load for a short time while you do the maintenance... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Tue Apr 1 17:10:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 17:11:15 2008 Subject: Way OT: What's the status of Julian's World Tour? In-Reply-To: <47F24E00.6040107@elirion.net> References: <47F24E00.6040107@elirion.net> Message-ID: <47F25E75.3070508@ecs.soton.ac.uk> Richard, Richard Siddall wrote: > What's the status of Julian's World Tour? > http://wiki.mailscanner.info/doku.php#jules_world_tour > > According to the MailScanner wiki, the USA section was supposed to > happen in 2007: http://wiki.mailscanner.info/doku.php?id=worldtour:usa > > Presumably this didn't happen due to Julian's illness last year. Anyone > want to post an updated target date? It's going to have to go on hold for a while, I'm afraid. I am currently awaiting an appointment date for my assessment week in hospital in Cambridge, UK, when they will decide if I qualify for a liver transplant. There is a lot of competition, and if you aren't sick enough they don't put you on the list. After that (I should hear a result within a few weeks of the assessment week) I will either be available, and not on the list, or I will be put on the waiting list for a new liver. At that point I can't go further than something like 3 or 4 hours from Cambridge as the call can come at any time of day or night, on any day of the year. So, as far as I understand it, holidays are off until your turn comes round, you have had the op, survived it, and recovered sufficiently to be able to travel. This whole process could easily take at least 2 years. Which is a bummer as it's one of many things I had planned for last year. Ho hum. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Apr 1 17:17:17 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 1 17:20:38 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F2310F.4020900@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> Message-ID: on 4-1-2008 5:56 AM Steve Campbell spake the following: > Sorry, all of you that have replied, but, as the original poster of this > thread, I have to admit that I might have not asked the question very > well, as it looks as if you are all misunderstanding the original > question. Let me try to rephrase it, please: > > Which is better: sendmail or postfix? :-) > Linux or BSD? Blond, brunette, or redhead? Red, white, or Chablis? Pale, lager, or ale? So many questions, so little time!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080401/12dc2e8b/signature.bin From alex at nkpanama.com Tue Apr 1 17:31:17 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 1 17:32:19 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> Message-ID: <145617D3-6E9F-4F05-93F9-D7E81049F165@nkpanama.com> The real question on everyone's mind is... have they fixed the SWAPPING!?!?! :-P On Apr 1, 2008, at 8:27 AM, Anthony Cartmell wrote: >> Which is better: sendmail or postfix? :-) > > Running a production server under Fedora Core, or CentOS? ;) > > Anthony > -- > www.fonant.com - Quality web sites > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue Apr 1 17:35:10 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 1 17:37:12 2008 Subject: clamd and clamav with failover In-Reply-To: <20080401135323.j2m8jtox354owwcs@webmail.itu.edu.tr> References: <001e01c8938f$cf092ab0$3c80a8c0@CWDOMAIN.local> <20080401135323.j2m8jtox354owwcs@webmail.itu.edu.tr> Message-ID: on 4-1-2008 3:53 AM Hakan VELIOGLU spake the following: > Hi, > > Can mailscanner use clamav and clamd with failover. I mean it uses clamd > for > primary scanner and when clamd gets down or crashed it could use clamav > until > the next reload ( or restart). > > Is there a trick that I can use this behaviour. > The trick is to run something like mon or monit (or even a well crafted cron script) that checks your critical services and restarts them if they die. You can also run a second virus scanner for backup. If you use a corporate desktop scanner, you might have an entitlement to a commandline scanner that is supported by MailScanner. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080401/91ff499c/signature.bin From ssilva at sgvwater.com Tue Apr 1 17:45:21 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 1 17:45:40 2008 Subject: perms on bayes_journal In-Reply-To: <47F231E8.7050109@cnpapers.com> References: <47F152C4.3030308@openenterprise.ca> <47F231E8.7050109@cnpapers.com> Message-ID: on 4-1-2008 6:00 AM Steve Campbell spake the following: > > > Scott Silva wrote: >> on 3-31-2008 2:08 PM Johnny Stork spake the following: >>> I have found for some reason, on my MS (current) setup running on >>> Centos5, that the files in /etc/Mailcanner/bayes/ keep getting the >>> permissions changed and I am not sure how this is happening. Right >>> now they show >>> >>> root@gateway:/etc/MailScanner# ls -la bayes/ >>> total 14464 >>> drwxrwxrwx 2 777 root 4096 Mar 31 13:31 . >>> drwxr-xr-x 6 root root 4096 Mar 31 13:04 .. >>> -rw------- 1 777 root 48480 Mar 31 14:01 bayes_journal >>> -rwxrwxrwx 1 777 root 1152 Mar 31 13:41 bayes.mutex >>> -rwxrwxrwx 1 777 root 10514432 Mar 31 13:41 bayes_seen >>> -rw------- 1 777 root 5308416 Mar 31 13:41 bayes_toks >>> -rwxrwxrwx 1 777 root 423 Sep 24 2007 razor-agent.log >>> -rwxrwxrwx 1 777 root 0 Sep 24 2007 Starting >>> -rwxrwxrwx 1 777 root 0 Sep 24 2007 Update > >>> >>> >>> >>> >>> And so bayes_journal and bayes_toks cant be accessed by MailScanner >>> which runs as root. I have to go in an chmod 777 bayes* in order for >>> MailScanner/SA to access those files, or to show the Bayes stats in >>> the MailWatch interface. >>> >>> Is there some place I should be setting the permissions for those >>> files? I dont want to have to keep going in an manually changing the >>> modes. >> It looks like at one time you CHOWN'd to 777, which probably isn't >> what you wanted. >> > > Isn't that an invalid user '777' and not a chmod '777'? Did you copy > these from another machine that had a user with 777 as the user id and > that doesn't exist on the current machine? > > Steve > It could be, but I thing typing chown instead of chmod is a more reasonable explaination. You can chown by user or group id also. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080401/f772e636/signature.bin From alex at nkpanama.com Tue Apr 1 17:52:13 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 1 17:53:06 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> Message-ID: <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> Baker, Eccleston or Tennant? On Apr 1, 2008, at 11:17 AM, Scott Silva wrote: >> Which is better: sendmail or postfix? :-) > Linux or BSD? > > Blond, brunette, or redhead? > > Red, white, or Chablis? > > Pale, lager, or ale? From campbell at cnpapers.com Tue Apr 1 18:16:32 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Apr 1 18:19:30 2008 Subject: perms on bayes_journal In-Reply-To: References: <47F152C4.3030308@openenterprise.ca> <47F231E8.7050109@cnpapers.com> Message-ID: <47F26DF0.5080307@cnpapers.com> Scott Silva wrote: > on 4-1-2008 6:00 AM Steve Campbell spake the following: >> >> >> Scott Silva wrote: >>> on 3-31-2008 2:08 PM Johnny Stork spake the following: >>>> I have found for some reason, on my MS (current) setup running on >>>> Centos5, that the files in /etc/Mailcanner/bayes/ keep getting the >>>> permissions changed and I am not sure how this is happening. Right >>>> now they show >>>> >>>> root@gateway:/etc/MailScanner# ls -la bayes/ >>>> total 14464 >>>> drwxrwxrwx 2 777 root 4096 Mar 31 13:31 . >>>> drwxr-xr-x 6 root root 4096 Mar 31 13:04 .. >>>> -rw------- 1 777 root 48480 Mar 31 14:01 bayes_journal >>>> -rwxrwxrwx 1 777 root 1152 Mar 31 13:41 bayes.mutex >>>> -rwxrwxrwx 1 777 root 10514432 Mar 31 13:41 bayes_seen >>>> -rw------- 1 777 root 5308416 Mar 31 13:41 bayes_toks >>>> -rwxrwxrwx 1 777 root 423 Sep 24 2007 razor-agent.log >>>> -rwxrwxrwx 1 777 root 0 Sep 24 2007 Starting >>>> -rwxrwxrwx 1 777 root 0 Sep 24 2007 Update >> >>>> >>>> >>>> >>>> >>>> And so bayes_journal and bayes_toks cant be accessed by MailScanner >>>> which runs as root. I have to go in an chmod 777 bayes* in order >>>> for MailScanner/SA to access those files, or to show the Bayes >>>> stats in the MailWatch interface. >>>> >>>> Is there some place I should be setting the permissions for those >>>> files? I dont want to have to keep going in an manually changing >>>> the modes. >>> It looks like at one time you CHOWN'd to 777, which probably isn't >>> what you wanted. >>> >> >> Isn't that an invalid user '777' and not a chmod '777'? Did you copy >> these from another machine that had a user with 777 as the user id >> and that doesn't exist on the current machine? >> >> Steve >> > It could be, but I thing typing chown instead of chmod is a more > reasonable explaination. You can chown by user or group id also. Somehow, Scott, I didn't see that in your previous post. We're on the same page, though. What every it was, it wasn't modded to 777. Old eyes and all Steve From empirical.humanist at gmail.com Tue Apr 1 18:45:33 2008 From: empirical.humanist at gmail.com (Kirk Lowery) Date: Tue Apr 1 18:46:09 2008 Subject: How to deliver quarantined email with exim Message-ID: I have a bunch of "false positives" in the quarantined directory of MailScanner. I want to use exim to deliver these messages, but they are the *-D *-H files that exim normally needs. Exim delivers mail to a cyrus imap server, and that is why I'd like exim to deliver these false positives. I've looked at the man pages, tried a bunch of options, googled and got no clear answer. Can anyone point me toward a solution? TIA! Kirk From empirical.humanist at gmail.com Tue Apr 1 18:46:59 2008 From: empirical.humanist at gmail.com (Kirk Lowery) Date: Tue Apr 1 18:47:10 2008 Subject: How to deliver quarantined email with exim In-Reply-To: References: Message-ID: On Tue, Apr 1, 2008 at 1:45 PM, Kirk Lowery wrote: > I have a bunch of "false positives" in the quarantined directory of > MailScanner. I want to use exim to deliver these messages, but they > are the *-D *-H files that exim normally needs. That should be: ".. but they are NOT the *-D *-H files..." :-) Kirk From MailScanner at ecs.soton.ac.uk Tue Apr 1 18:58:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 18:59:02 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> Message-ID: <47F277B1.2080705@ecs.soton.ac.uk> Baker, without a doubt. Alex Neuman wrote: > Baker, Eccleston or Tennant? > > On Apr 1, 2008, at 11:17 AM, Scott Silva wrote: >>> Which is better: sendmail or postfix? :-) >> Linux or BSD? >> >> Blond, brunette, or redhead? >> >> Red, white, or Chablis? >> >> Pale, lager, or ale? > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 1 19:01:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 19:02:17 2008 Subject: How to deliver quarantined email with exim In-Reply-To: References: Message-ID: <47F2788E.4060000@ecs.soton.ac.uk> Move them into /var/spool/exim/input, make sure they have exactly the same ownership, group and permissions as all the other files in there, and Exim should pick them up and deliver them. To hurry the process along, something like /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here should kick it into making a delivery attempt. Kirk Lowery wrote: > I have a bunch of "false positives" in the quarantined directory of > MailScanner. I want to use exim to deliver these messages, but they > are the *-D *-H files that exim normally needs. > > Exim delivers mail to a cyrus imap server, and that is why I'd like > exim to deliver these false positives. I've looked at the man pages, > tried a bunch of options, googled and got no clear answer. > > Can anyone point me toward a solution? > > TIA! > > Kirk > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.freegard at fsl.com Tue Apr 1 19:18:44 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Apr 1 19:20:35 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> Message-ID: <47F27C84.6070102@fsl.com> Alex Neuman wrote: > Baker Tom or Colin? Cheers, Steve. (Tom Baker was the best...) From campbell at cnpapers.com Tue Apr 1 19:25:58 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Tue Apr 1 19:27:15 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F277B1.2080705@ecs.soton.ac.uk> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> Message-ID: <47F27E36.6060509@cnpapers.com> I can see I have a lot to learn about system administration as I don't have a clue there about what these even are. Steve Julian Field wrote: > Baker, without a doubt. > > Alex Neuman wrote: >> Baker, Eccleston or Tennant? >> >> On Apr 1, 2008, at 11:17 AM, Scott Silva wrote: >>>> Which is better: sendmail or postfix? :-) >>> Linux or BSD? >>> >>> Blond, brunette, or redhead? >>> >>> Red, white, or Chablis? >>> >>> Pale, lager, or ale? >> > > Jules > From empirical.humanist at gmail.com Tue Apr 1 19:38:33 2008 From: empirical.humanist at gmail.com (Kirk Lowery) Date: Tue Apr 1 19:39:16 2008 Subject: How to deliver quarantined email with exim In-Reply-To: <47F2788E.4060000@ecs.soton.ac.uk> References: <47F2788E.4060000@ecs.soton.ac.uk> Message-ID: On Tue, Apr 1, 2008 at 2:01 PM, Julian Field wrote: > Move them into /var/spool/exim/input, make sure they have exactly the > same ownership, group and permissions as all the other files in there, > and Exim should pick them up and deliver them. > To hurry the process along, something like > /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here > should kick it into making a delivery attempt. Thanks for your response. Here's what happened: delivering 1Jgjhp-0003fH-PS LOG: MAIN Spool file 1Jgjhp-0003fH-PS-D not found Is there something wrong with my conf file? Kirk From bpirie at rma.edu Tue Apr 1 19:45:38 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Apr 1 19:44:39 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F27E36.6060509@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> Message-ID: <47F282D2.7040404@rma.edu> >>>> Pale, lager, or ale? What do you mean, OR?! ;) Brendan From steinkel at pa.net Tue Apr 1 19:47:09 2008 From: steinkel at pa.net (Leland J. Steinke) Date: Tue Apr 1 19:47:50 2008 Subject: The Good Doctor (was: Re: OT: Sendmail REJECT or DISCARD preference) In-Reply-To: <47F27E36.6060509@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> Message-ID: <47F2832D.6050807@pa.net> Steve Campbell wrote: > I can see I have a lot to learn about system administration as I don't > have a clue there about what these even are. http://en.wikipedia.org/wiki/Doctor_Who It's been on TV all over the world for the last 45 years. Even when on hiatus on the BBC for several years, it was still playing in the US on PBS. New-ish episodes are on BBC America Saturdays at 7PM Eastern. Sarah Jane, Leela, Peri, or either of the Romanas (or Rose or Martha? (or Jack, if one swings that way? (grin))) Leland From MailScanner at ecs.soton.ac.uk Tue Apr 1 19:49:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 19:51:21 2008 Subject: How to deliver quarantined email with exim In-Reply-To: References: <47F2788E.4060000@ecs.soton.ac.uk> Message-ID: <47F283CF.10804@ecs.soton.ac.uk> Kirk Lowery wrote: > On Tue, Apr 1, 2008 at 2:01 PM, Julian Field > wrote: > > >> Move them into /var/spool/exim/input, make sure they have exactly the >> same ownership, group and permissions as all the other files in there, >> and Exim should pick them up and deliver them. >> To hurry the process along, something like >> /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here >> should kick it into making a delivery attempt. >> > > Thanks for your response. > > Here's what happened: > > delivering 1Jgjhp-0003fH-PS > LOG: MAIN > Spool file 1Jgjhp-0003fH-PS-D not found > > Is there something wrong with my conf file? > Not if it normally works. See if you can make the outgoing exim do a complete run of the queue. It should do this periodically anyway, so the reason it couldn't find the file might be that it has already been delivered. Has the files (-D and -H) gone since you moved them there? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Tue Apr 1 19:50:14 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 1 19:51:32 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F27E36.6060509@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> Message-ID: <47F283E6.3060100@evi-inc.com> Yes, one of the earliest lessens systems admins should learn is that web-searching is your friend :) http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=Baker+Eccleston+Tennant&spell=1 The entire first page of hits is all topic relevant :) Steve Campbell wrote: > I can see I have a lot to learn about system administration as I don't > have a clue there about what these even are. > > Steve > > Julian Field wrote: >> Baker, without a doubt. >> >> Alex Neuman wrote: >>> Baker, Eccleston or Tennant? >>> >>> On Apr 1, 2008, at 11:17 AM, Scott Silva wrote: >>>>> Which is better: sendmail or postfix? :-) >>>> Linux or BSD? >>>> >>>> Blond, brunette, or redhead? >>>> >>>> Red, white, or Chablis? >>>> >>>> Pale, lager, or ale? >>> >> >> Jules >> > From spamlists at coders.co.uk Tue Apr 1 19:53:16 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Tue Apr 1 19:54:28 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F282D2.7040404@rma.edu> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F282D2.7040404@rma.edu> Message-ID: <47F2849C.6030509@coders.co.uk> Brendan Pirie wrote: >>>>> Pale, lager, or ale? > > What do you mean, OR?! ;) > > Brendan > When this popped up in message notifier in Thunderbird I was expecting this comment to be in reply to the Blonde, brunette, or redhead..... suppose I better get my mind out of the gutter...... matt From steve.freegard at fsl.com Tue Apr 1 20:01:38 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Apr 1 20:03:31 2008 Subject: The Good Doctor In-Reply-To: <47F2832D.6050807@pa.net> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F2832D.6050807@pa.net> Message-ID: <47F28692.7000809@fsl.com> Leland J. Steinke wrote: > Sarah Jane, Leela, Peri, or either of the Romanas (or Rose or Martha? > (or Jack, if one swings that way? (grin))) Romana Mk 2 without the shadow of a doubt ;-) From empirical.humanist at gmail.com Tue Apr 1 20:04:23 2008 From: empirical.humanist at gmail.com (Kirk Lowery) Date: Tue Apr 1 20:05:05 2008 Subject: How to deliver quarantined email with exim In-Reply-To: <47F283CF.10804@ecs.soton.ac.uk> References: <47F2788E.4060000@ecs.soton.ac.uk> <47F283CF.10804@ecs.soton.ac.uk> Message-ID: On Tue, Apr 1, 2008 at 2:49 PM, Julian Field wrote: > > > > Kirk Lowery wrote: > > On Tue, Apr 1, 2008 at 2:01 PM, Julian Field > > wrote: > > > > > >> Move them into /var/spool/exim/input, make sure they have exactly the > >> same ownership, group and permissions as all the other files in there, > >> and Exim should pick them up and deliver them. > >> To hurry the process along, something like > >> /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here > >> should kick it into making a delivery attempt. > >> > > > > Thanks for your response. > > > > Here's what happened: > > > > delivering 1Jgjhp-0003fH-PS > > LOG: MAIN > > Spool file 1Jgjhp-0003fH-PS-D not found > > > > Is there something wrong with my conf file? > > > Not if it normally works. See if you can make the outgoing exim do a > complete run of the queue. It should do this periodically anyway, so the > reason it couldn't find the file might be that it has already been > delivered. Has the files (-D and -H) gone since you moved them there? In the incoming exim queue new messages are coming in. They have the "-D" and "-H" suffix added to the message id. When I run "exim -q", they are delivered just fine. But the messages from the MailScanner quarantine directory do not have two files per message with these suffixes. There is only one file with the message id as the file name. Kirk From MailScanner at ecs.soton.ac.uk Tue Apr 1 20:33:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 20:34:05 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F2849C.6030509@coders.co.uk> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F282D2.7040404@rma.edu> <47F2849C.6030509@coders.co.uk> Message-ID: <47F28DFA.4020400@ecs.soton.ac.uk> Matt Hampton wrote: > Brendan Pirie wrote: >>>>>> Pale, lager, or ale? >> >> What do you mean, OR?! ;) >> >> Brendan >> > When this popped up in message notifier in Thunderbird I was expecting > this comment to be in reply to the Blonde, brunette, or redhead..... > > suppose I better get my mind out of the gutter...... > > matt I'm glad to see this thread has descended into a 100% harmless OT natter. It so easily could have gone the other way :-) By the way, has anyone tried the new version? It's working okay for me so far. Matt ---- Do your HTML image signatures still work? The code to generate them has changed quite a lot. They should work rather better now with luck (he says, automatically cursing the whole thing :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doc at maddoc.net Tue Apr 1 20:47:18 2008 From: doc at maddoc.net (Doc Schneider) Date: Tue Apr 1 20:48:18 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F28DFA.4020400@ecs.soton.ac.uk> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F282D2.7040404@rma.edu> <47F2849C.6030509@coders.co.uk> <47F28DFA.4020400@ecs.soton.ac.uk> Message-ID: <47F29146.1000000@maddoc.net> Julian Field wrote: > > > Matt Hampton wrote: >> Brendan Pirie wrote: >>>>>>> Pale, lager, or ale? >>> >>> What do you mean, OR?! ;) >>> >>> Brendan >>> >> When this popped up in message notifier in Thunderbird I was expecting >> this comment to be in reply to the Blonde, brunette, or redhead..... >> >> suppose I better get my mind out of the gutter...... >> >> matt > I'm glad to see this thread has descended into a 100% harmless OT > natter. It so easily could have gone the other way :-) > By the way, has anyone tried the new version? It's working okay for me > so far. > > Matt ---- Do your HTML image signatures still work? The code to generate > them has changed quite a lot. They should work rather better now with > luck (he says, automatically cursing the whole thing :-) > > Jules > I installed the new version just now and it looks good.. But reserve the right to curse! HAR! -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From MailScanner at ecs.soton.ac.uk Tue Apr 1 20:48:58 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 20:49:51 2008 Subject: How to deliver quarantined email with exim In-Reply-To: References: <47F2788E.4060000@ecs.soton.ac.uk> <47F283CF.10804@ecs.soton.ac.uk> Message-ID: <47F291AA.70202@ecs.soton.ac.uk> Kirk Lowery wrote: > On Tue, Apr 1, 2008 at 2:49 PM, Julian Field > wrote: > >> >> Kirk Lowery wrote: >> > On Tue, Apr 1, 2008 at 2:01 PM, Julian Field >> > wrote: >> > >> > >> >> Move them into /var/spool/exim/input, make sure they have exactly the >> >> same ownership, group and permissions as all the other files in there, >> >> and Exim should pick them up and deliver them. >> >> To hurry the process along, something like >> >> /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here >> >> should kick it into making a delivery attempt. >> >> >> > >> > Thanks for your response. >> > >> > Here's what happened: >> > >> > delivering 1Jgjhp-0003fH-PS >> > LOG: MAIN >> > Spool file 1Jgjhp-0003fH-PS-D not found >> > >> > Is there something wrong with my conf file? >> > >> Not if it normally works. See if you can make the outgoing exim do a >> complete run of the queue. It should do this periodically anyway, so the >> reason it couldn't find the file might be that it has already been >> delivered. Has the files (-D and -H) gone since you moved them there? >> > > In the incoming exim queue new messages are coming in. They have the > "-D" and "-H" suffix added to the message id. When I run "exim -q", > they are delivered just fine. But the messages from the MailScanner > quarantine directory do not have two files per message with these > suffixes. There is only one file with the message id as the file name. > You need to look up the "Quarantine Whole Messages As Queue Files =" setting in MailScanner.conf. If you want to be able to release messages by dropping them back into the outgoing queue, this needs to be set to "yes". I guess yours is "no" right now. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajos1 at onion.demon.co.uk Tue Apr 1 21:53:42 2008 From: ajos1 at onion.demon.co.uk (ajos1 at onion) Date: Tue Apr 1 20:54:21 2008 Subject: Which one? Message-ID: - I notice in the latest stable release... There are: MailScanner-perl-MIME-Base64-3.05-5.src.rpm and perl-MIME-Base64-3.07-1.src.rpm What is the preferred solution? (I use my own scripts to keep perl Spick and Span...) == ===================================================================== = = "What's it called when you put off procrastinating?" = ===================================================================== = Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid??? = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From ssilva at sgvwater.com Tue Apr 1 20:53:05 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 1 20:55:49 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F28DFA.4020400@ecs.soton.ac.uk> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F282D2.7040404@rma.edu> <47F2849C.6030509@coders.co.uk> <47F28DFA.4020400@ecs.soton.ac.uk> Message-ID: on 4-1-2008 12:33 PM Julian Field spake the following: > > > Matt Hampton wrote: >> Brendan Pirie wrote: >>>>>>> Pale, lager, or ale? >>> >>> What do you mean, OR?! ;) >>> >>> Brendan >>> >> When this popped up in message notifier in Thunderbird I was expecting >> this comment to be in reply to the Blonde, brunette, or redhead..... >> >> suppose I better get my mind out of the gutter...... >> >> matt > I'm glad to see this thread has descended into a 100% harmless OT > natter. It so easily could have gone the other way :-) > By the way, has anyone tried the new version? It's working okay for me > so far. > > Matt ---- Do your HTML image signatures still work? The code to generate > them has changed quite a lot. They should work rather better now with > luck (he says, automatically cursing the whole thing :-) > > Jules > Installing this afternoon (here at least) it is probably already night there! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080401/04c8f5a7/signature.bin From ssilva at sgvwater.com Tue Apr 1 20:56:59 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 1 21:00:13 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F277B1.2080705@ecs.soton.ac.uk> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> Message-ID: on 4-1-2008 10:58 AM Julian Field spake the following: > Baker, without a doubt. > Tom or Colin? I'm assuming Tom. He was the first I remember. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080401/b9f7a206/signature.bin From MailScanner at ecs.soton.ac.uk Tue Apr 1 21:04:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 21:05:00 2008 Subject: How to deliver quarantined email with exim In-Reply-To: <47F291AA.70202@ecs.soton.ac.uk> References: <47F2788E.4060000@ecs.soton.ac.uk> <47F283CF.10804@ecs.soton.ac.uk> <47F291AA.70202@ecs.soton.ac.uk> Message-ID: <47F29551.9090104@ecs.soton.ac.uk> Julian Field wrote: > > > Kirk Lowery wrote: >> On Tue, Apr 1, 2008 at 2:49 PM, Julian Field >> wrote: >> >>> >>> Kirk Lowery wrote: >>> > On Tue, Apr 1, 2008 at 2:01 PM, Julian Field >>> > wrote: >>> > >>> > >>> >> Move them into /var/spool/exim/input, make sure they have >>> exactly the >>> >> same ownership, group and permissions as all the other files in >>> there, >>> >> and Exim should pick them up and deliver them. >>> >> To hurry the process along, something like >>> >> /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here >>> >> should kick it into making a delivery attempt. >>> >> >>> > >>> > Thanks for your response. >>> > >>> > Here's what happened: >>> > >>> > delivering 1Jgjhp-0003fH-PS >>> > LOG: MAIN >>> > Spool file 1Jgjhp-0003fH-PS-D not found >>> > >>> > Is there something wrong with my conf file? >>> > >>> Not if it normally works. See if you can make the outgoing exim do a >>> complete run of the queue. It should do this periodically anyway, >>> so the >>> reason it couldn't find the file might be that it has already been >>> delivered. Has the files (-D and -H) gone since you moved them there? >>> >> >> In the incoming exim queue new messages are coming in. They have the >> "-D" and "-H" suffix added to the message id. When I run "exim -q", >> they are delivered just fine. But the messages from the MailScanner >> quarantine directory do not have two files per message with these >> suffixes. There is only one file with the message id as the file name. >> > You need to look up the "Quarantine Whole Messages As Queue Files =" > setting in MailScanner.conf. If you want to be able to release > messages by dropping them back into the outgoing queue, this needs to > be set to "yes". I guess yours is "no" right now. It is currently set to no by default when you install MailScanner the first time. Should I leave it at "no" or change it to "yes"? Discuss. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 1 21:04:44 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 1 21:05:18 2008 Subject: How to deliver quarantined email with exim In-Reply-To: <47F291AA.70202@ecs.soton.ac.uk> References: <47F2788E.4060000@ecs.soton.ac.uk> <47F283CF.10804@ecs.soton.ac.uk> <47F291AA.70202@ecs.soton.ac.uk> Message-ID: <223f97700804011304w1db9adb1k12be72ad291f489b@mail.gmail.com> On 01/04/2008, Julian Field wrote: > > > Kirk Lowery wrote: > > On Tue, Apr 1, 2008 at 2:49 PM, Julian Field > > wrote: > > > >> > >> Kirk Lowery wrote: > >> > On Tue, Apr 1, 2008 at 2:01 PM, Julian Field > >> > wrote: > >> > > >> > > >> >> Move them into /var/spool/exim/input, make sure they have exactly the > >> >> same ownership, group and permissions as all the other files in there, > >> >> and Exim should pick them up and deliver them. > >> >> To hurry the process along, something like > >> >> /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here > >> >> should kick it into making a delivery attempt. > >> >> > >> > > >> > Thanks for your response. > >> > > >> > Here's what happened: > >> > > >> > delivering 1Jgjhp-0003fH-PS > >> > LOG: MAIN > >> > Spool file 1Jgjhp-0003fH-PS-D not found > >> > > >> > Is there something wrong with my conf file? > >> > > >> Not if it normally works. See if you can make the outgoing exim do a > >> complete run of the queue. It should do this periodically anyway, so the > >> reason it couldn't find the file might be that it has already been > >> delivered. Has the files (-D and -H) gone since you moved them there? > >> > > > > In the incoming exim queue new messages are coming in. They have the > > "-D" and "-H" suffix added to the message id. When I run "exim -q", > > they are delivered just fine. But the messages from the MailScanner > > quarantine directory do not have two files per message with these > > suffixes. There is only one file with the message id as the file name. > > > > You need to look up the "Quarantine Whole Messages As Queue Files =" > setting in MailScanner.conf. If you want to be able to release messages > by dropping them back into the outgoing queue, this needs to be set to > "yes". I guess yours is "no" right now. > Um... Doesn't exim have the "convenience" sendmail command? In which case one should be able to do the usual "sendmail -t -o -i < file" thing ... These files would be RFC822 "coded" files, that that command should be able to handle directly. They're in the spam quarantine, right? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From spamlists at coders.co.uk Tue Apr 1 21:10:02 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Tue Apr 1 21:11:32 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F28DFA.4020400@ecs.soton.ac.uk> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F282D2.7040404@rma.edu> <47F2849C.6030509@coders.co.uk> <47F28DFA.4020400@ecs.soton.ac.uk> Message-ID: <47F2969A.4040802@coders.co.uk> Julian Field wrote: > I'm glad to see this thread has descended into a 100% harmless OT > natter. It so easily could have gone the other way :-) Well it got close - what with the talk about swapping ;-) > By the way, has anyone tried the new version? It's working okay for me > so far. Have been running the last beta for a few days - upgraded to the stable about 30 seconds after this email arrived. > > Matt ---- Do your HTML image signatures still work? The code to > generate them has changed quite a lot. They should work rather better > now with luck (he says, automatically cursing the whole thing :-) > Yup - working nicely thanks. Am looking to roll this out to our users this month after I get back from holiday. matt From MailScanner at ecs.soton.ac.uk Tue Apr 1 21:19:10 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 1 21:20:08 2008 Subject: Which one? In-Reply-To: References: Message-ID: <47F298BE.501@ecs.soton.ac.uk> The 3.07 one is what you want to use. The other one is left over from when I used to have to distribute my own tweaked patched version of the RPM, but I believe that was quite a long time ago. I'll remove it from future releases. Thanks for letting me know about this one. Cheers, Jules. ajos1 at onion wrote: > - > > I notice in the latest stable release... There are: > > MailScanner-perl-MIME-Base64-3.05-5.src.rpm > > and > > perl-MIME-Base64-3.07-1.src.rpm > > What is the preferred solution? (I use my own scripts to keep perl Spick and Span...) > > == > ===================================================================== > = > = "What's it called when you put off procrastinating?" > = > ===================================================================== > = Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid??? > = Call... +44 8457 90 90 90 http://www.samaritans.org/ > ===================================================================== > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 1 21:52:15 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 1 21:52:51 2008 Subject: How to deliver quarantined email with exim In-Reply-To: <47F29551.9090104@ecs.soton.ac.uk> References: <47F2788E.4060000@ecs.soton.ac.uk> <47F283CF.10804@ecs.soton.ac.uk> <47F291AA.70202@ecs.soton.ac.uk> <47F29551.9090104@ecs.soton.ac.uk> Message-ID: <223f97700804011352s68fdf03xb4818dbe39605729@mail.gmail.com> On 01/04/2008, Julian Field wrote: > > > Julian Field wrote: > > > > > > Kirk Lowery wrote: > >> On Tue, Apr 1, 2008 at 2:49 PM, Julian Field > >> wrote: > >> > >>> > >>> Kirk Lowery wrote: > >>> > On Tue, Apr 1, 2008 at 2:01 PM, Julian Field > >>> > wrote: > >>> > > >>> > > >>> >> Move them into /var/spool/exim/input, make sure they have > >>> exactly the > >>> >> same ownership, group and permissions as all the other files in > >>> there, > >>> >> and Exim should pick them up and deliver them. > >>> >> To hurry the process along, something like > >>> >> /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here > >>> >> should kick it into making a delivery attempt. > >>> >> > >>> > > >>> > Thanks for your response. > >>> > > >>> > Here's what happened: > >>> > > >>> > delivering 1Jgjhp-0003fH-PS > >>> > LOG: MAIN > >>> > Spool file 1Jgjhp-0003fH-PS-D not found > >>> > > >>> > Is there something wrong with my conf file? > >>> > > >>> Not if it normally works. See if you can make the outgoing exim do a > >>> complete run of the queue. It should do this periodically anyway, > >>> so the > >>> reason it couldn't find the file might be that it has already been > >>> delivered. Has the files (-D and -H) gone since you moved them there? > >>> > >> > >> In the incoming exim queue new messages are coming in. They have the > >> "-D" and "-H" suffix added to the message id. When I run "exim -q", > >> they are delivered just fine. But the messages from the MailScanner > >> quarantine directory do not have two files per message with these > >> suffixes. There is only one file with the message id as the file name. > >> > > You need to look up the "Quarantine Whole Messages As Queue Files =" > > setting in MailScanner.conf. If you want to be able to release > > messages by dropping them back into the outgoing queue, this needs to > > be set to "yes". I guess yours is "no" right now. > > It is currently set to no by default when you install MailScanner the > first time. > Should I leave it at "no" or change it to "yes"? > Discuss. I see little point in changing it. There are equally well-functioning methods for releasing a message. Only real difference is that it would be a bit harder to release to analternate recipient with "yes", and that you lose the envelope information with "no". For the latter, use of the logs (text or MailWatch) is needed, where MailWatch (of course) helps a lot... And need the setting, if one wants to use the envelope recipient for the release. Does it matter much either way? For both, there are gotchas for the "out-of-the-box" user/admin...:-). Probably a bit better with things as they are (means I needn't change that for MW:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martyn at invictawiz.com Tue Apr 1 21:54:32 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Tue Apr 1 21:55:23 2008 Subject: The Good Doctor In-Reply-To: <47F28692.7000809@fsl.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F2832D.6050807@pa.net> <47F28692.7000809@fsl.com> Message-ID: <47F2A108.1050308@invictawiz.com> Steve Freegard wrote: > Leland J. Steinke wrote: >> Sarah Jane, Leela, Peri, or either of the Romanas (or Rose or Martha? >> (or Jack, if one swings that way? (grin))) > > Romana Mk 2 without the shadow of a doubt ;-) No way! It has to be Donna. -- Martyn Routley -------------------------------------------------------- Invictawiz - The Internet in Plain English, Guaranteed web: http://www.invictawiz.com voip: 6000@sip.invictawiz.com phone: 0845 003 9020 Reg Addr: 9 Eastmead Ave, Ashford, Kent, TN23 7SB Co. No: 04253262 -------------------------------------------------------- ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- From dave.list at pixelhammer.com Tue Apr 1 22:27:40 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 1 22:28:51 2008 Subject: The Good Doctor In-Reply-To: <47F2A108.1050308@invictawiz.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F2832D.6050807@pa.net> <47F28692.7000809@fsl.com> <47F2A108.1050308@invictawiz.com> Message-ID: <47F2A8CC.1060603@pixelhammer.com> Martyn Routley wrote: > Steve Freegard wrote: >> Leland J. Steinke wrote: >>> Sarah Jane, Leela, Peri, or either of the Romanas (or Rose or Martha? >>> (or Jack, if one swings that way? (grin))) >> >> Romana Mk 2 without the shadow of a doubt ;-) > > No way! > It has to be Donna. > I liked Kaylee from Firefly, something about a girl half in coveralls with a bit of dirt on her face. I can't resist them, I always like the tomboys. Kaylee would sit down and talk Perl with Julian while she changed out a nic card on a running server with nothing but a butter knife. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From steve.freegard at fsl.com Tue Apr 1 23:06:45 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Apr 1 23:08:34 2008 Subject: The Good Doctor In-Reply-To: <47F2A8CC.1060603@pixelhammer.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F2832D.6050807@pa.net> <47F28692.7000809@fsl.com> <47F2A108.1050308@invictawiz.com> <47F2A8CC.1060603@pixelhammer.com> Message-ID: <47F2B1F5.90407@fsl.com> DAve wrote: > I liked Kaylee from Firefly, something about a girl half in coveralls > with a bit of dirt on her face. I can't resist them, I always like the > tomboys. > > Kaylee would sit down and talk Perl with Julian while she changed out a > nic card on a running server with nothing but a butter knife. > I think we have a winner! From doc at maddoc.net Tue Apr 1 23:22:21 2008 From: doc at maddoc.net (Doc Schneider) Date: Tue Apr 1 23:23:20 2008 Subject: The Good Doctor In-Reply-To: <47F2B1F5.90407@fsl.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F2832D.6050807@pa.net> <47F28692.7000809@fsl.com> <47F2A108.1050308@invictawiz.com> <47F2A8CC.1060603@pixelhammer.com> <47F2B1F5.90407@fsl.com> Message-ID: <47F2B59D.8040903@maddoc.net> Steve Freegard wrote: > DAve wrote: >> I liked Kaylee from Firefly, something about a girl half in coveralls >> with a bit of dirt on her face. I can't resist them, I always like the >> tomboys. >> >> Kaylee would sit down and talk Perl with Julian while she changed out >> a nic card on a running server with nothing but a butter knife. >> > > I think we have a winner! FWIW: The same actress plays the new Doctor on Stargate Atlantis. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ssilva at sgvwater.com Tue Apr 1 23:46:35 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 1 23:46:53 2008 Subject: The Good Doctor In-Reply-To: <47F2B59D.8040903@maddoc.net> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F2832D.6050807@pa.net> <47F28692.7000809@fsl.com> <47F2A108.1050308@invictawiz.com> <47F2A8CC.1060603@pixelhammer.com> <47F2B1F5.90407@fsl.com> <47F2B59D.8040903@maddoc.net> Message-ID: on 4-1-2008 3:22 PM Doc Schneider spake the following: > Steve Freegard wrote: >> DAve wrote: >>> I liked Kaylee from Firefly, something about a girl half in coveralls >>> with a bit of dirt on her face. I can't resist them, I always like the >>> tomboys. >>> >>> Kaylee would sit down and talk Perl with Julian while she changed out >>> a nic card on a running server with nothing but a butter knife. >>> >> I think we have a winner! > > FWIW: The same actress plays the new Doctor on Stargate Atlantis. > But she isn't half in coveralls anymore! ;-P You have to admit that Billie Piper had a certain "cuteness" about her as Rose Tyler. And isn't it amazing how many tech lists can veer off course when Sci-fi comes into the discussion. Forget politics and world hunger! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080401/fccdb581/signature.bin From alex at nkpanama.com Tue Apr 1 23:55:28 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 1 23:56:26 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F277B1.2080705@ecs.soton.ac.uk> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> Message-ID: We all remember our first doctor quite fondly. On Apr 1, 2008, at 12:58 PM, Julian Field wrote: > Baker, without a doubt. From jim.barber at ddihealth.com Wed Apr 2 00:43:59 2008 From: jim.barber at ddihealth.com (Jim Barber) Date: Wed Apr 2 00:44:44 2008 Subject: How to deliver quarantined email with exim In-Reply-To: References: <47F2788E.4060000@ecs.soton.ac.uk> Message-ID: <47F2C8BF.1090204@ddihealth.com> I just resubmit the quarantined message like so: cat 1Jgjhp-0003fH-PS | exim -ti However this assumes that you have your MailScanner set up to not check messages that originate from the local host otherwise it will just get quarantined again. ---------- Jim Barber DDI Health Kirk Lowery wrote: > On Tue, Apr 1, 2008 at 2:01 PM, Julian Field > wrote: > >> Move them into /var/spool/exim/input, make sure they have exactly the >> same ownership, group and permissions as all the other files in there, >> and Exim should pick them up and deliver them. >> To hurry the process along, something like >> /usr/sbin/exim -C /etc/exit/exit_send.conf -Mc message-id-here >> should kick it into making a delivery attempt. > > Thanks for your response. > > Here's what happened: > > delivering 1Jgjhp-0003fH-PS > LOG: MAIN > Spool file 1Jgjhp-0003fH-PS-D not found > > Is there something wrong with my conf file? > > Kirk From igueths at lava-net.com Wed Apr 2 00:44:23 2008 From: igueths at lava-net.com (Igor Gueths) Date: Wed Apr 2 00:44:59 2008 Subject: MailScanner-4.68.8 hangs at startup Message-ID: <20080401234423.GA31833@lava-net.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi all. I am attempting to upgrade from a previous MailSCanner-4.58.8 installation; however, I am running into a rather interesting problem. If I specify Run as User, and Run as Group to be postfix in MailScanner.conf, and then try to start MailSCanner with check_mailscanner, the parent hangs without starting any children. I was able to narrow down this precise cause by taking an original MailScanner.conf, and only editing the two above options, and specifying MTA to be Postfix. If I don't specify Run as USer or Run as Group to be Postfix, MailSCanner starts up just fine. I was also able to strace the parent, which seems to show the children attempting to start and then exiting: fork() = 32467 rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0 close(4) = 0 close(4) = -1 EBADF (Bad file descriptor) Anyone have any other ideas that I could try to get this going? The only thing I modified from the previous 4.58.8 installation was a new version of SpamAssassin, and of course the newer configuration file. I am also running Postfix-2.3.7. Thanks in advance! - -- Igor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iQIUAwUBR/LI16e2pgKIdGq4AQrsag/2M0qhXGlH+eAiLA1t+fUxBczVbYSbny9C X3YFuoPPooxOWoj11AeKObs1pc+YqlBqITdLC2m9TH0HMsOFpqFxAJq2S7HjlkiU iY88QbVfc68Di1MfGbM6qMpT6VOQtJb87HOS30yGEXhya/HGPNH/74zF1bgm7/UP 5rpBD9R+iZJzo/3R56AMPCsAgm6lg9NCbIRMZwqwaB/3cPn0k9QnCBduZ5xMAPil pQDd/QlBA8Bdv/FAfCK6j6pOukZPS0u8TK0dwZOxAQFm8uh3oe1YTPrxOX/ssMeX A4gJbQh4cq9GBwj1nEx3wzhI4Jss8dC32o7P386WLCTh6rXXl2vMiXcZbbuZc9Cl ic0h+aJ46IDz+1nXYf2Fk+9VFUjr1SAwr7CVIyW6aqhgawyn6f/a0vrLL3dyTGYu IgEA77BnvfKE/soxKLdqA8xdonLOC2YWvlo8tdTu9Ua+DKXoxf6OAZaBiO12FXC1 t1liDMsOpJLqR+qQ04LCLzv38/1iorgnhHTm/qY9bXz31k3zbIR7oKXLaAlypzaS UEHPm7mUELFc1A89K5Bu9YHzGB9TW2NInpL4JaZmN33Yi2J2DNls4snqO48GqDcI RJMcLBOjkOOgcw7bN9yV9eGfOXBp23pgACJzpS3upXAdYIzNgqzyh7HZS9U8f8nZ pYpcY1nJvQ== =Z73d -----END PGP SIGNATURE----- From doc at maddoc.net Wed Apr 2 00:46:43 2008 From: doc at maddoc.net (Doc Schneider) Date: Wed Apr 2 00:47:43 2008 Subject: The Good Doctor In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F2832D.6050807@pa.net> <47F28692.7000809@fsl.com> <47F2A108.1050308@invictawiz.com> <47F2A8CC.1060603@pixelhammer.com> <47F2B1F5.90407@fsl.com> <47F2B59D.8040903@maddoc.net> Message-ID: <47F2C963.7070507@maddoc.net> Scott Silva wrote: > on 4-1-2008 3:22 PM Doc Schneider spake the following: >> Steve Freegard wrote: >>> DAve wrote: >>>> I liked Kaylee from Firefly, something about a girl half in coveralls >>>> with a bit of dirt on her face. I can't resist them, I always like the >>>> tomboys. >>>> >>>> Kaylee would sit down and talk Perl with Julian while she changed out >>>> a nic card on a running server with nothing but a butter knife. >>>> >>> I think we have a winner! >> >> FWIW: The same actress plays the new Doctor on Stargate Atlantis. >> > But she isn't half in coveralls anymore! ;-P She is still sort of techie. > You have to admit that Billie Piper had a certain "cuteness" about her > as Rose Tyler. Yeppers there is a winner! > And isn't it amazing how many tech lists can veer off course when Sci-fi > comes into the discussion. Forget politics and world hunger! > Could that be cause most tech lists members are all living in a new frontier? Or just cause we're all an odd bunch? I vote the latter. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From hvdkooij at vanderkooij.org Wed Apr 2 06:09:28 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Apr 2 06:10:38 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F2310F.4020900@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> Message-ID: <47F31508.9010807@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Campbell wrote: | Which is better: sendmail or postfix? :-) Which ever YOU are more familiar with. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH8xUGBvzDRVjxmYERAqFgAKCLSpSIpQyt+dmKP9aPSnupT8KFGwCfSl46 JZ3H4RutF3jFjvf+Rem0Rgo= =DpkF -----END PGP SIGNATURE----- From Robert.Meurlin at se.fujitsu.com Wed Apr 2 09:38:11 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Wed Apr 2 09:41:39 2008 Subject: spam with score 0.0 Message-ID: <797363C57EE0884786F428AAABCD469201490BC0@sea0120sex2.nordic.x> Hello, gets a number of spam that slipps trough the filter with the score 0.0 and if i look in detail it says "rebuilding Spamassassin" . What does that mean? is it becouse it has to mutch work to do that some spam slipps trough? Spam Report: Score Matching Rule Description rebuilding SpamAssassin Rob. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080402/a8d657e2/attachment-0001.html From maillists at conactive.com Wed Apr 2 13:13:51 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 2 13:15:01 2008 Subject: SA times out Message-ID: I'm getting a certain kind of Russian spam for some weeks now that always gets thru unscanned because SA times out. So, I set the SA timeout from 30 to 120 seconds and it still times out. However, timing on the command line shows that SA takes long for this kind of message (and it's a slow system by today's figures, anyway), but not *that* long that it could hit this limit. I takes about 1.4 minutes to process such a message, consistently. That's well below 2 minutes. So, why does MailScanner still let it time out? MailScanner 4.54.6 SA 3.2.4 *no* network tests mailscanner log shows only those timeouts, nothing else. I guess I would need to add more verbose logging, but then I would get logging for *all* messages, right? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From empirical.humanist at gmail.com Wed Apr 2 13:51:20 2008 From: empirical.humanist at gmail.com (Kirk Lowery) Date: Wed Apr 2 13:51:56 2008 Subject: How to deliver quarantined email with exim In-Reply-To: <47F2C8BF.1090204@ddihealth.com> References: <47F2788E.4060000@ecs.soton.ac.uk> <47F2C8BF.1090204@ddihealth.com> Message-ID: On Tue, Apr 1, 2008 at 7:43 PM, Jim Barber wrote: > I just resubmit the quarantined message like so: > > cat 1Jgjhp-0003fH-PS | exim -ti > > However this assumes that you have your MailScanner set up to not check > messages that originate from the local host otherwise it will just get > quarantined again. *This* was what I was looking for. And, yes, MailScanner is off when I do this. Thanks to everyone who responded. I learned a lot. Best, Kirk From warren.guy at calorieking.com Wed Apr 2 14:49:06 2008 From: warren.guy at calorieking.com (Warren Guy) Date: Wed Apr 2 14:51:12 2008 Subject: MailScanner children hanging on startup when spam.lists.conf file is open by another process Message-ID: <47F38ED2.9010408@calorieking.com> Hello everyone, I encountered a strange problem this evening, where a colleague had inadvertently left open a terminal on our mail server with the spam.lists.conf configuration file open in vi, which seemed to cause the MailScanner child processes to die when they (re-)started. At first I thought perhaps SpamAssassin or ClamAV was causing some problem, but the problem still occurred with spam checks and virus scanning disabled from MailScanner.conf. Has anyone encountered similar behaviour? This machine is running MailScanner 4.64.3, Postfix 2.1, Perl 5.8.8 on FreeBSD 4. Output from mailscanner log: (from where MailScanner appeared to die, when the last child restarted): Apr 2 17:22:20 (mailserver) MailScanner[53468]: MailScanner child dying of old age Apr 2 17:22:20 (mailserver) MailScanner[46053]: MailScanner E-Mail Virus Scanner version 4.64.3 starting... (when restarting): Apr 2 20:56:46 (mailserver) MailScanner[35284]: MailScanner child caught a SIGHUP Apr 2 20:56:46 (mailserver) MailScanner[35209]: MailScanner child caught a SIGHUP Apr 2 20:56:46 (mailserver) MailScanner[33392]: MailScanner child caught a SIGHUP Apr 2 20:56:46 (mailserver) MailScanner[29785]: MailScanner child caught a SIGHUP Apr 2 20:56:46 (mailserver) MailScanner[46053]: MailScanner child caught a SIGHUP Apr 2 20:56:53 (mailserver) MailScanner[23048]: MailScanner E-Mail Virus Scanner version 4.64.3 starting... Apr 2 20:56:58 (mailserver) MailScanner[23050]: MailScanner E-Mail Virus Scanner version 4.64.3 starting... Apr 2 20:57:03 (mailserver) MailScanner[23054]: MailScanner E-Mail Virus Scanner version 4.64.3 starting... Apr 2 20:57:09 (mailserver) MailScanner[23058]: MailScanner E-Mail Virus Scanner version 4.64.3 starting... Apr 2 20:57:14 (mailserver) MailScanner[23069]: MailScanner E-Mail Virus Scanner version 4.64.3 starting... Which is where it hangs. Output from `ps`: postfix 25760 0.0 1.9 19936 19308 ?? I 9:05PM 0:00.11 MailScanner: starting children (perl5.8.8) postfix 25561 0.0 1.9 19936 19308 ?? I 9:05PM 0:00.11 MailScanner: starting children (perl5.8.8) postfix 25495 0.0 1.9 19936 19308 ?? I 9:04PM 0:00.11 MailScanner: starting children (perl5.8.8) postfix 25494 0.0 1.9 19936 19308 ?? I 9:04PM 0:00.11 MailScanner: starting children (perl5.8.8) postfix 25493 0.0 1.9 19936 19308 ?? I 9:04PM 0:00.12 MailScanner: starting children (perl5.8.8) postfix 25492 0.0 1.8 19300 18760 ?? Is 9:04PM 0:00.01 MailScanner: master waiting for children, sleeping (perl5.8.8) -- Warren Guy Senior System Administrator CalorieKing -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080402/02d37c8a/signature.bin From warren.guy at calorieking.com Wed Apr 2 15:00:21 2008 From: warren.guy at calorieking.com (Warren Guy) Date: Wed Apr 2 15:01:52 2008 Subject: MailScanner children hanging on startup when spam.lists.conf file is open by another process In-Reply-To: <47F38ED2.9010408@calorieking.com> References: <47F38ED2.9010408@calorieking.com> Message-ID: <47F39175.80908@calorieking.com> Sorry for the extraneous post, but just wanted to clarify a couple of things: Warren Guy wrote: > I encountered a strange problem this evening, where a colleague had > inadvertently left open a terminal on our mail server with the > spam.lists.conf configuration file open in vi, which seemed to cause the > MailScanner child processes to die when they (re-)started. The processes weren't "dying", but rather seemed to hang. > (from where MailScanner appeared to die, when the last child restarted): That is, when MailScanner stopped processing mail after the last child process hung on restarting. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080402/647b160c/signature.bin From MailScanner at ecs.soton.ac.uk Tue Apr 1 15:31:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 15:06:39 2008 Subject: MailScanner ANNOUNCE: 4.68.8 stable released Message-ID: <47F24745.2090703@ecs.soton.ac.uk> Folks, I have just released the latest stable release of MailScanner version 4.68.8. This is *not* an April Fool's joke :-) Major new improvements this month are: - Support for the *very fast* fpscand daemon supplied with F-Prot version 6. - New method of updating bad phishing sites configuration list to use major new fireproof delivery system. Many thanks to Matt Hampton for all his help with this. - filename.rules.conf and filetype.rules.conf can now list email addresses. Emails containing attachments matching these names or types will be diverted to these addresses instead of the original recipients. - New "Automatic Syntax Check" option (on by default) to check your configuration is syntactically correct before trying to start up. Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Support for the Fpscand daemon that is supplied with F-Prot version 6. Add this line to your virus.scanners.conf f-protd-6 /bin/false /usr/local/f-prot and set "Virus Scanners = f-protd-6" in your MailScanner.conf. This is very much faster than the f-prot-6 command-line scanner. 3 Improved the list of ignored web-bug filenames. 3 New update_bad_phishing_sites script to use major new fireproof delivery system. Many thanks to Matt Hampton for all his time and support with this. 3 Updated to Catalan translation. 3 Updated support for Vexira "vascan" virus scanner. 3 Changed location of Web-Bug Replacement image. upgrade_MailScanner_conf will put in the new URL. This will give significantly better response to your users. 3 Added new option "Log SpamAssassin Rule Actions" so that you can see exactly what actions fire on what messages from the "SpamAssassin Rule Actions" setting. 3 Added new option to the filename.rules.conf and filetype.rules.conf files. Instead of "allow", "deny" or "deny+delete", you can now specify a space or comma-separated list of email addresses. If the filename or filetype rule is matched, the message is sent to these new addresses instead of the ones given in the original email address. 3 Updated support for latest versions of Esets virus scanner from Nod32. 4 Added Net-DNS and Digest-SHA1 to the main MailScanner distributions so that they are installed appropriately ready for when you install Razor. This way they are installed as RPMs and not just plain Perl modules, as the RPM of Razor requires them to have been installed as RPMs. 4 New configuration option "Automatic Syntax Check" added, default is "yes", which causes a quick syntax check of the MailScanner.conf file and the other configuration files, printing out errors on the console, instead of just logging them to your system's mail log as it did before. This will hopefully make it easier for novices to get going successfully. 5 SpamAssassin Cache will no longer cache "timed out" responses. 5 Upgraded to perl-Digest-SHA1 version 2.11. 6 Added SpamAssassin MCP patch for 3.2.4. 7 Changed default supplied High-Scoring Spam Actions to "store". That way users don't have to work out how to change it, to reduce their spam a lot. * Fixes * 2 Improved MakeNameSafe() to fix problems caused by f-protd-6 working with filenames containing spaces (which it cannot handle!). 2-2 Fixed error in --lint support for F-Protd-6. 2-3 Typo, missed out a "$" :-( 3 Fixed important bug in f-protd handling code. 4 Fixes to Ruleset-From-Function.pm Custom Function code. 5 Fixed various issues with new automatic syntax check (--lintlite) code. 6 Fixed IPBlock problem with MailScanner --lintlite. 6 Fixed Postfix milter problem (thanks Glenn!). 7 Fixed problem with Inline images in HTML signatures. Now works with nested multiple replies. 8 Fixed bug where original unsafe filename wasn't used correctly when auto- replacing attachments with zipped copies to save space in mail stores. Thanks to Armand Leroux at Capgemini for finding this one. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner-announce mailing list mailscanner-announce@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-announce Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Apr 2 15:15:08 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 15:15:32 2008 Subject: MailScanner children hanging on startup when spam.lists.conf file is open by another process In-Reply-To: <47F38ED2.9010408@calorieking.com> References: <47F38ED2.9010408@calorieking.com> Message-ID: <47F394EC.1020703@ecs.soton.ac.uk> Interesting locking problem. Does this only happen on BSD? Warren Guy wrote: > Hello everyone, > > I encountered a strange problem this evening, where a colleague had > inadvertently left open a terminal on our mail server with the > spam.lists.conf configuration file open in vi, which seemed to cause > the MailScanner child processes to die when they (re-)started. > > At first I thought perhaps SpamAssassin or ClamAV was causing some > problem, but the problem still occurred with spam checks and virus > scanning disabled from MailScanner.conf. > > Has anyone encountered similar behaviour? This machine is running > MailScanner 4.64.3, Postfix 2.1, Perl 5.8.8 on FreeBSD 4. > > Output from mailscanner log: > > (from where MailScanner appeared to die, when the last child restarted): > > Apr 2 17:22:20 (mailserver) MailScanner[53468]: MailScanner child > dying of old age > Apr 2 17:22:20 (mailserver) MailScanner[46053]: MailScanner E-Mail > Virus Scanner version 4.64.3 starting... > > (when restarting): > > Apr 2 20:56:46 (mailserver) MailScanner[35284]: MailScanner child > caught a SIGHUP > Apr 2 20:56:46 (mailserver) MailScanner[35209]: MailScanner child > caught a SIGHUP > Apr 2 20:56:46 (mailserver) MailScanner[33392]: MailScanner child > caught a SIGHUP > Apr 2 20:56:46 (mailserver) MailScanner[29785]: MailScanner child > caught a SIGHUP > Apr 2 20:56:46 (mailserver) MailScanner[46053]: MailScanner child > caught a SIGHUP > Apr 2 20:56:53 (mailserver) MailScanner[23048]: MailScanner E-Mail > Virus Scanner version 4.64.3 starting... > Apr 2 20:56:58 (mailserver) MailScanner[23050]: MailScanner E-Mail > Virus Scanner version 4.64.3 starting... > Apr 2 20:57:03 (mailserver) MailScanner[23054]: MailScanner E-Mail > Virus Scanner version 4.64.3 starting... > Apr 2 20:57:09 (mailserver) MailScanner[23058]: MailScanner E-Mail > Virus Scanner version 4.64.3 starting... > Apr 2 20:57:14 (mailserver) MailScanner[23069]: MailScanner E-Mail > Virus Scanner version 4.64.3 starting... > > Which is where it hangs. > > Output from `ps`: > > postfix 25760 0.0 1.9 19936 19308 ?? I 9:05PM 0:00.11 MailScanner: > starting children (perl5.8.8) > postfix 25561 0.0 1.9 19936 19308 ?? I 9:05PM 0:00.11 MailScanner: > starting children (perl5.8.8) > postfix 25495 0.0 1.9 19936 19308 ?? I 9:04PM 0:00.11 MailScanner: > starting children (perl5.8.8) > postfix 25494 0.0 1.9 19936 19308 ?? I 9:04PM 0:00.11 MailScanner: > starting children (perl5.8.8) > postfix 25493 0.0 1.9 19936 19308 ?? I 9:04PM 0:00.12 MailScanner: > starting children (perl5.8.8) > postfix 25492 0.0 1.8 19300 18760 ?? Is 9:04PM 0:00.01 MailScanner: > master waiting for children, sleeping (perl5.8.8) > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 2 15:23:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 15:23:27 2008 Subject: spam with score 0.0 In-Reply-To: <797363C57EE0884786F428AAABCD469201490BC0@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490BC0@sea0120sex2.nordic.x> Message-ID: <47F396CA.3080807@ecs.soton.ac.uk> What are your settings in MailScanner.conf for these two? # If you are using the Bayesian statistics engine on a busy server, # you may well need to force a Bayesian database rebuild and expiry # at regular intervals. This is measures in seconds. # 1 day = 86400 seconds. # To disable this feature set this to 0. # Note: If you enable this feature, set "bayes_auto_expire 0" in # spam.assasssin.prefs.conf which you will find in the same # directory as this file. Rebuild Bayes Every = 0 # The Bayesian database rebuild and expiry may take a 2 or 3 minutes # to complete. During this time you can either wait, or simply # disable SpamAssassin checks until it has completed. Wait During Bayes Rebuild = no You may have a cron job that fires off sa-learn every night or something like that. Or else you have "bayes_auto_expire 1" in your spam.assassin.prefs.conf file or other SpamAssassin configuration file. Personally I would have MailScanner do the bayes rebuilds every night and wait for them to complete. This depends a bit on how long the nightly rebuild takes. The settings here are very much up to your own preference, but this is where to start looking for the solution to your problem. Hope that helps a bit! Jules. Meurlin Robert wrote: > Hello, > gets a number of spam that slipps trough the filter with the score 0.0 > and if i look in detail it says "rebuilding Spamassassin" . What does > that mean? is it becouse it has to mutch work to do that some spam > slipps trough? > > Spam Report: Score Matching Rule Description > rebuilding SpamAssassin > > Rob. > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 2 15:27:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 15:27:44 2008 Subject: MailScanner children hanging on startup when spam.lists.conf file is open by another process In-Reply-To: <47F39175.80908@calorieking.com> References: <47F38ED2.9010408@calorieking.com> <47F39175.80908@calorieking.com> Message-ID: <47F397B6.9020109@ecs.soton.ac.uk> Warren Guy wrote: > Sorry for the extraneous post, but just wanted to clarify a couple of > things: > > Warren Guy wrote: >> I encountered a strange problem this evening, where a colleague had >> inadvertently left open a terminal on our mail server with the >> spam.lists.conf configuration file open in vi, which seemed to cause >> the MailScanner child processes to die when they (re-)started. > > The processes weren't "dying", but rather seemed to hang. If for some reason BSD vi was insisting on putting an all-out lock on the file while your colleague was editing it, then the child processes would indeed hang waiting for access to the file. It should only be opening it for read though. Never seen this one before. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 2 15:24:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 15:31:03 2008 Subject: SA times out In-Reply-To: References: Message-ID: <47F39721.3000603@ecs.soton.ac.uk> What happens if you put one of those Russian spam in your incoming mail queue, run MailScanner --debug --debug-sa and watch what happens? The --debug-sa now outputs time stamps with every debug line output, so you can see exactly how long it is waiting at each stage. Kai Schaetzl wrote: > I'm getting a certain kind of Russian spam for some weeks now that always > gets thru unscanned because SA times out. So, I set the SA timeout from 30 > to 120 seconds and it still times out. However, timing on the command line > shows that SA takes long for this kind of message (and it's a slow system > by today's figures, anyway), but not *that* long that it could hit this > limit. I takes about 1.4 minutes to process such a message, consistently. > That's well below 2 minutes. > So, why does MailScanner still let it time out? > MailScanner 4.54.6 > SA 3.2.4 > *no* network tests > > mailscanner log shows only those timeouts, nothing else. I guess I would > need to add more verbose logging, but then I would get logging for *all* > messages, right? > > Kai > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From warren.guy at calorieking.com Wed Apr 2 15:47:55 2008 From: warren.guy at calorieking.com (Warren Guy) Date: Wed Apr 2 15:50:19 2008 Subject: MailScanner children hanging on startup when spam.lists.conf file is open by another process In-Reply-To: <47F394EC.1020703@ecs.soton.ac.uk> References: <47F38ED2.9010408@calorieking.com> <47F394EC.1020703@ecs.soton.ac.uk> Message-ID: <47F39C9B.1090805@calorieking.com> Julian Field wrote: > Interesting locking problem. Does this only happen on BSD? I can confirm that the problem also occurs on FreeBSD 6.3 and Postfix 2.5, however this machine is running the same version of MailScanner (4.64.3) and Perl (5.8.8). I can't speak for any other platforms. Is anyone else willing to try and replicate this? :) I've just noticed that the FreeBSD port was updated to 4.67.6 a few days ago, so I'll probably give that a go some time soon anyway. -- Warren Guy Senior System Administrator CalorieKing -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080402/09161bed/signature.bin From Kevin_Miller at ci.juneau.ak.us Wed Apr 2 15:56:36 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Apr 2 15:57:18 2008 Subject: SA times out In-Reply-To: <47F39721.3000603@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > What happens if you put one of those Russian spam in your incoming > mail queue, run MailScanner --debug --debug-sa and watch what > happens? The --debug-sa now outputs time stamps with every debug line > output, so you can see exactly how long it is waiting at each stage. If there's a bunch of messages in the incoming queue, how do you specify which message you want to test against? I don't know if that functionality is already there, but perhaps a feature request could be a CLI switch to specify the message ID so MS only scans the particular message(s) that you're interested in observing. Best... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From steinkel at pa.net Wed Apr 2 16:03:39 2008 From: steinkel at pa.net (Leland J. Steinke) Date: Wed Apr 2 16:04:18 2008 Subject: The Good Doctor In-Reply-To: <47F2A108.1050308@invictawiz.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> <47F16A55.7090508@fsl.com> <47F2310F.4020900@cnpapers.com> <66D363A7-9578-4064-89B2-94E897DD12FC@nkpanama.com> <47F277B1.2080705@ecs.soton.ac.uk> <47F27E36.6060509@cnpapers.com> <47F2832D.6050807@pa.net> <47F28692.7000809@fsl.com> <47F2A108.1050308@invictawiz.com> Message-ID: <47F3A04B.4050203@pa.net> Martyn Routley wrote: > No way! > It has to be Donna. > Am I bowered? (Or is it "bovvered"?) Sorry, "Nan" on the Catherine Tate Show excluded her from the running entirely! Leland From MailScanner at ecs.soton.ac.uk Wed Apr 2 16:10:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 16:11:44 2008 Subject: MailScanner children hanging on startup when spam.lists.conf file is open by another process In-Reply-To: <47F39C9B.1090805@calorieking.com> References: <47F38ED2.9010408@calorieking.com> <47F394EC.1020703@ecs.soton.ac.uk> <47F39C9B.1090805@calorieking.com> Message-ID: <47F3A203.8060907@ecs.soton.ac.uk> Warren Guy wrote: > Julian Field wrote: >> Interesting locking problem. Does this only happen on BSD? > > I can confirm that the problem also occurs on FreeBSD 6.3 and Postfix > 2.5, however this machine is running the same version of MailScanner > (4.64.3) and Perl (5.8.8). I can't speak for any other platforms. Is > anyone else willing to try and replicate this? :) > > I've just noticed that the FreeBSD port was updated to 4.67.6 a few > days ago, so I'll probably give that a go some time soon anyway. I have opened it read-only in MailScanner. So if vi on BSD is locking out even attempts to just read the file, there's not a whole lot I can do about this, sorry. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 2 16:16:58 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 16:17:23 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> Message-ID: <47F3A36A.10008@ecs.soton.ac.uk> Kevin Miller wrote: > Julian Field wrote: > >> What happens if you put one of those Russian spam in your incoming >> mail queue, run MailScanner --debug --debug-sa and watch what >> happens? The --debug-sa now outputs time stamps with every debug line >> output, so you can see exactly how long it is waiting at each stage. >> > > If there's a bunch of messages in the incoming queue, how do you specify > which message you want to test against? You can't. > I don't know if that > functionality is already there, It's not. > but perhaps a feature request could be a > CLI switch to specify the message ID so MS only scans the particular > message(s) that you're interested in observing. > Good idea. I'll take a look. Would a single ID do? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From warren.guy at calorieking.com Wed Apr 2 16:37:02 2008 From: warren.guy at calorieking.com (Warren Guy) Date: Wed Apr 2 16:39:09 2008 Subject: MailScanner children hanging on startup when spam.lists.conf file is open by another process In-Reply-To: <47F3A203.8060907@ecs.soton.ac.uk> References: <47F38ED2.9010408@calorieking.com> <47F394EC.1020703@ecs.soton.ac.uk> <47F39C9B.1090805@calorieking.com> <47F3A203.8060907@ecs.soton.ac.uk> Message-ID: <47F3A81E.6030601@calorieking.com> Julian Field wrote: > I have opened it read-only in MailScanner. So if vi on BSD is locking > out even attempts to just read the file, there's not a whole lot I can > do about this, sorry. This does indeed seem to be the case. From the vi man page, the "lock" configuration variable defaults to on: lock [on] Attempt to get an exclusive lock on any file being edited, read or written. I guess that would do it :>. Thanks for your help. -- Warren Guy Senior System Administrator CalorieKing -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080402/30033604/signature.bin From Kevin_Miller at ci.juneau.ak.us Wed Apr 2 16:46:00 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Apr 2 16:46:43 2008 Subject: SA times out In-Reply-To: <47F3A36A.10008@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Kevin Miller wrote: >> If there's a bunch of messages in the incoming queue, how do you >> specify which message you want to test against? > You can't. >> I don't know if that >> functionality is already there, > It's not. >> but perhaps a feature request could be a >> CLI switch to specify the message ID so MS only scans the particular >> message(s) that you're interested in observing. >> > Good idea. I'll take a look. Would a single ID do? I'd think so, at this stage. Maybe someone will need multiple message functionality in the future, but I'd hazard a guess that if more than one message is problematic, that the trouble would be common amongst them, hence, a single test would probably be sufficient... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Wed Apr 2 16:45:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 16:46:43 2008 Subject: SA times out In-Reply-To: <47F3A36A.10008@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> Message-ID: <47F3AA32.50303@ecs.soton.ac.uk> Julian Field wrote: > > > Kevin Miller wrote: >> Julian Field wrote: >> >>> What happens if you put one of those Russian spam in your incoming >>> mail queue, run MailScanner --debug --debug-sa and watch what >>> happens? The --debug-sa now outputs time stamps with every debug line >>> output, so you can see exactly how long it is waiting at each stage. >>> >> >> If there's a bunch of messages in the incoming queue, how do you specify >> which message you want to test against? > You can't. >> I don't know if that >> functionality is already there, > It's not. >> but perhaps a feature request could be a >> CLI switch to specify the message ID so MS only scans the particular >> message(s) that you're interested in observing. >> > Good idea. I'll take a look. Would a single ID do? All done. It will be in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From philip at zeiglers.net Wed Apr 2 16:47:39 2008 From: philip at zeiglers.net (Philip Zeigler) Date: Wed Apr 2 16:48:35 2008 Subject: SA times out In-Reply-To: <47F3A36A.10008@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> Message-ID: <47F3AA9B.1070908@zeiglers.net> Julian Field wrote: > > > Kevin Miller wrote: >> Julian Field wrote: >> >>> What happens if you put one of those Russian spam in your incoming >>> mail queue, run MailScanner --debug --debug-sa and watch what >>> happens? The --debug-sa now outputs time stamps with every debug line >>> output, so you can see exactly how long it is waiting at each stage. >>> >> >> If there's a bunch of messages in the incoming queue, how do you specify >> which message you want to test against? > You can't. >> I don't know if that >> functionality is already there, > It's not. >> but perhaps a feature request could be a >> CLI switch to specify the message ID so MS only scans the particular >> message(s) that you're interested in observing. >> > Good idea. I'll take a look. Would a single ID do? > > Jules > I'm having the same issue. Can't seem to catch on to run through the queue in debug mode. What is happening on my system is this: Load average jumps from 0.23 to > 20.0. Sendmail starts rejecting incoming messages due to load. Everything starts to timeout such as file checks. When I run top, I see that it is running the virus checks when this starts to occur (I'm running clamd, bitdefender, and avg). There are a lot of find processes running as well which is also eating resources. After is chews through the email, all jumps down to an average load around .2 and then processes everything normally. Philip Zeigler -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Wed Apr 2 17:18:02 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 2 17:18:50 2008 Subject: SA times out In-Reply-To: <47F39721.3000603@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 02 Apr 2008 15:24:33 +0100: > What happens if you put one of those Russian spam in your incoming mail > queue I already thought about that, but I'm not saving in queue file format as I'm using Mailwatch. Can I use these parameters in the init script? I could then try to run it like this for one day or so and then dig up by sendmail queue id. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From steve.freegard at fsl.com Wed Apr 2 17:32:41 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Apr 2 17:34:39 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> Message-ID: <47F3B529.5020500@fsl.com> Kai Schaetzl wrote: > Julian Field wrote on Wed, 02 Apr 2008 15:24:33 +0100: > >> What happens if you put one of those Russian spam in your incoming mail >> queue > > I already thought about that, but I'm not saving in queue file format as > I'm using Mailwatch. If you have the files quarantined in RFC822 format, then you can simply re-inject them back into the queue with 'sendmail -t -i < /path/to/message'. Otherwise, you could use the 'Archive Mail' directive, then you'll get a copy of everything in qf/df format. Cheers, Steve. From MailScanner at ecs.soton.ac.uk Wed Apr 2 17:44:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 17:45:14 2008 Subject: SA times out In-Reply-To: <47F3AA9B.1070908@zeiglers.net> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA9B.1070908@zeiglers.net> Message-ID: <47F3B7EE.5000104@ecs.soton.ac.uk> Philip Zeigler wrote: > Julian Field wrote: >> >> >> Kevin Miller wrote: >>> Julian Field wrote: >>> >>>> What happens if you put one of those Russian spam in your incoming >>>> mail queue, run MailScanner --debug --debug-sa and watch what >>>> happens? The --debug-sa now outputs time stamps with every debug line >>>> output, so you can see exactly how long it is waiting at each stage. >>>> >>> >>> If there's a bunch of messages in the incoming queue, how do you >>> specify >>> which message you want to test against? >> You can't. >>> I don't know if that >>> functionality is already there, >> It's not. >>> but perhaps a feature request could be a >>> CLI switch to specify the message ID so MS only scans the particular >>> message(s) that you're interested in observing. >>> >> Good idea. I'll take a look. Would a single ID do? >> >> Jules >> > I'm having the same issue. Can't seem to catch on to run through the > queue in debug mode. > > What is happening on my system is this: > > Load average jumps from 0.23 to > 20.0. Sendmail starts rejecting > incoming messages due to load. Everything starts to timeout such as > file checks. When I run top, I see that it is running the virus > checks when this starts to occur (I'm running clamd, bitdefender, and > avg). There are a lot of find processes running as well which is also > eating resources. Check out the -wrapper scripts for bitdefender and avg to make sure they aren't doing anything silly. I don't use either scanner myself, so have limited knowledge of them. > > After is chews through the email, all jumps down to an average load > around .2 and then processes everything normally. > > Philip Zeigler > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at tecnowaydigital.com.br Wed Apr 2 17:41:57 2008 From: mailscanner at tecnowaydigital.com.br (mailscanner@tecnowaydigital.com.br) Date: Wed Apr 2 17:51:22 2008 Subject: MailScanner ignoring some rules Message-ID: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> Hi all. At MailScanner recent versions, when I set some rules like: Scan Messages = /etc/MailScanner/rules/scan.messages.rules or Filename Rules = /etc/MailScanner/filename.rules The MailScanner simply ignore the rules and don't print any error message. Someone can help me. Thanks Rogerio From dave.list at pixelhammer.com Wed Apr 2 18:05:18 2008 From: dave.list at pixelhammer.com (DAve) Date: Wed Apr 2 18:06:03 2008 Subject: New MS install is slow to an extreme Message-ID: <47F3BCCE.7020301@pixelhammer.com> Not certain what is wrong here. I did a fresh clean install of FreeBSD 6.2, Julian's MS tarball and Julian's SA and Clam tarball. Everything went well, everything runs. But, now I am seeing batches like this. MailScanner[58796]: New Batch: Found 2907 messages waiting MailScanner[58796]: New Batch: Scanning 30 messages, 306454 bytes MailScanner[56909]: Batch completed at 790 bytes per second (398241 / 503) MailScanner[56909]: Batch (30 messages) processed in 503.55 seconds Previously we had maybe 4 messages per batch and processed them in 2 to 6 seconds. The current time to scan is killing me. mailscanner-install-4.67.6-1.tar.gz install-clam-0.92.1-sa-3.2.4.tar.gz SA plugins enabled, all others disabled = AutoLearnThreshold, Check, Shortcircuit, Bayes, BodyEval, HTMLEval, HeaderEval, MIMEEval, RelayEval, URIEval, WLBLEval, Rule2XSBody, ImageInfo, URIDNSBL. All SA rules have been compiled. Bayes is enabled. I have "skip_rbl_checks 1" shortcircuit ALL_TRUSTED on shortcircuit BAYES_99 spam shortcircuit BAYES_00 ham In MS I have the following, I can send a complete conf if needed. Max Children = 10 Queue Scan Interval = 5 Virus Scanners = clamavmodule Delivery Method = batch I don't zip attachments, I don't use MCP, I don't use Watermarks. I think I have done everything I can for speed, but I am losing ground. I am running a local caching name server on each MS server. Not sure where to go from here. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From ecasarero at gmail.com Wed Apr 2 18:34:27 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Wed Apr 2 18:35:02 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3BCCE.7020301@pixelhammer.com> References: <47F3BCCE.7020301@pixelhammer.com> Message-ID: <7d9b3cf20804021034p58087804kc4e3982fad042374@mail.gmail.com> Check this option in mailscanner.conf ClamAV Full Message Scan = no how do you do the bayes expire? if it's set to yes really slows down de process. Do you have /var/spool/MailScanner/incoming on tmpfs? hope this helps! 2008/4/2, DAve : > Not certain what is wrong here. I did a fresh clean install of FreeBSD 6.2, > Julian's MS tarball and Julian's SA and Clam tarball. Everything went well, > everything runs. But, now I am seeing batches like this. > > MailScanner[58796]: New Batch: Found 2907 messages waiting > MailScanner[58796]: New Batch: Scanning 30 messages, 306454 bytes > MailScanner[56909]: Batch completed at 790 bytes per second (398241 / 503) > MailScanner[56909]: Batch (30 messages) processed in 503.55 seconds > > Previously we had maybe 4 messages per batch and processed them in 2 to 6 > seconds. The current time to scan is killing me. > > mailscanner-install-4.67.6-1.tar.gz > > install-clam-0.92.1-sa-3.2.4.tar.gz > > SA plugins enabled, all others disabled = AutoLearnThreshold, Check, > Shortcircuit, Bayes, BodyEval, HTMLEval, HeaderEval, MIMEEval, RelayEval, > URIEval, WLBLEval, Rule2XSBody, ImageInfo, URIDNSBL. > All SA rules have been compiled. > Bayes is enabled. > I have "skip_rbl_checks 1" > shortcircuit ALL_TRUSTED on > shortcircuit BAYES_99 spam > shortcircuit BAYES_00 ham > > In MS I have the following, I can send a complete conf if needed. > Max Children = 10 > Queue Scan Interval = 5 > Virus Scanners = clamavmodule > Delivery Method = batch > > I don't zip attachments, I don't use MCP, I don't use Watermarks. I think I > have done everything I can for speed, but I am losing ground. > > I am running a local caching name server on each MS server. > > Not sure where to go from here. > > DAve > > > -- > In 50 years, our descendants will look back on the early years > of the internet, and much like we now look back on men with > rockets on their back and feathers glued to their arms, marvel > that we had the intelligence to wipe the drool from our chins. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Wed Apr 2 18:48:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 18:48:47 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3BCCE.7020301@pixelhammer.com> References: <47F3BCCE.7020301@pixelhammer.com> Message-ID: <47F3C6D3.10107@ecs.soton.ac.uk> Start by MailScanner --debug --debug-sa to see where the holdups are. Check you haven't got a screwed SpamAssassin cache as well. DAve wrote: > Not certain what is wrong here. I did a fresh clean install of FreeBSD > 6.2, Julian's MS tarball and Julian's SA and Clam tarball. Everything > went well, everything runs. But, now I am seeing batches like this. > > MailScanner[58796]: New Batch: Found 2907 messages waiting > MailScanner[58796]: New Batch: Scanning 30 messages, 306454 bytes > MailScanner[56909]: Batch completed at 790 bytes per second (398241 / > 503) > MailScanner[56909]: Batch (30 messages) processed in 503.55 seconds > > Previously we had maybe 4 messages per batch and processed them in 2 > to 6 seconds. The current time to scan is killing me. > > mailscanner-install-4.67.6-1.tar.gz > > install-clam-0.92.1-sa-3.2.4.tar.gz > > SA plugins enabled, all others disabled = AutoLearnThreshold, Check, > Shortcircuit, Bayes, BodyEval, HTMLEval, HeaderEval, MIMEEval, > RelayEval, URIEval, WLBLEval, Rule2XSBody, ImageInfo, URIDNSBL. > All SA rules have been compiled. > Bayes is enabled. > I have "skip_rbl_checks 1" > shortcircuit ALL_TRUSTED on > shortcircuit BAYES_99 spam > shortcircuit BAYES_00 ham > > In MS I have the following, I can send a complete conf if needed. > Max Children = 10 > Queue Scan Interval = 5 > Virus Scanners = clamavmodule > Delivery Method = batch > > I don't zip attachments, I don't use MCP, I don't use Watermarks. I > think I have done everything I can for speed, but I am losing ground. > > I am running a local caching name server on each MS server. > > Not sure where to go from here. > > DAve > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Ron.Ghetti at town.barnstable.ma.us Wed Apr 2 18:59:52 2008 From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron) Date: Wed Apr 2 18:59:52 2008 Subject: MailScanner upgrade Message-ID: <3411CC12BB577F4FAEAC8A694780866B12C5CF@ITMAIL.town.barnstable.ma.us> Hello everyone, attempting upgrade from 4.60 to 4.68 on a unbuntu box. any particular things I should watch for or deal with before running the install ? I don't see much in the way of detail on this particular operation. Thanks -Ron From bpirie at rma.edu Wed Apr 2 19:01:49 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Wed Apr 2 19:01:06 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3BCCE.7020301@pixelhammer.com> References: <47F3BCCE.7020301@pixelhammer.com> Message-ID: <47F3CA0D.6040701@rma.edu> DAve wrote: > Not certain what is wrong here. I did a fresh clean install of FreeBSD > 6.2, Julian's MS tarball and Julian's SA and Clam tarball. Everything > went well, everything runs. But, now I am seeing batches like this. > > MailScanner[58796]: New Batch: Found 2907 messages waiting > MailScanner[58796]: New Batch: Scanning 30 messages, 306454 bytes > MailScanner[56909]: Batch completed at 790 bytes per second (398241 / 503) > MailScanner[56909]: Batch (30 messages) processed in 503.55 seconds > > Previously we had maybe 4 messages per batch and processed them in 2 to > 6 seconds. The current time to scan is killing me. > > mailscanner-install-4.67.6-1.tar.gz > > install-clam-0.92.1-sa-3.2.4.tar.gz > > SA plugins enabled, all others disabled = AutoLearnThreshold, Check, > Shortcircuit, Bayes, BodyEval, HTMLEval, HeaderEval, MIMEEval, > RelayEval, URIEval, WLBLEval, Rule2XSBody, ImageInfo, URIDNSBL. > All SA rules have been compiled. > Bayes is enabled. > I have "skip_rbl_checks 1" > shortcircuit ALL_TRUSTED on > shortcircuit BAYES_99 spam > shortcircuit BAYES_00 ham > > In MS I have the following, I can send a complete conf if needed. > Max Children = 10 > Queue Scan Interval = 5 > Virus Scanners = clamavmodule > Delivery Method = batch > > I don't zip attachments, I don't use MCP, I don't use Watermarks. I > think I have done everything I can for speed, but I am losing ground. > > I am running a local caching name server on each MS server. > > Not sure where to go from here. > > DAve > > Which MTA are you using? Brendan From dave.list at pixelhammer.com Wed Apr 2 19:17:03 2008 From: dave.list at pixelhammer.com (DAve) Date: Wed Apr 2 19:17:50 2008 Subject: New MS install is slow to an extreme Message-ID: <47F3CD9F.7070406@pixelhammer.com> Likely I am going to break threading, but I am reading via the archive, I am far to slow to get the messages. > Check this option in mailscanner.conf > ClamAV Full Message Scan = no Set to no > > how do you do the bayes expire? MailScanner, same as all previous installs. > > if it's set to yes really slows down de process. > > Do you have /var/spool/MailScanner/incoming on tmpfs? Not at this time, I didn't previously. > Start by > MailScanner --debug --debug-sa bash-2.05b# ./MailScanner --debug --debug-sa In Debugging mode, not forking... Trying to setlogsock(unix) ***** If 'awk' (with support for the function strftime) was available on your $PATH then all the SpamAssassin debug output would have the current time added to the start of every line, making debugging far easier. ***** SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp [72851] dbg: logger: adding facilities: all [72851] dbg: logger: logging level is DBG [72851] dbg: generic: SpamAssassin version 3.2.4 [72851] dbg: config: score set 0 chosen. [72851] dbg: dns: no ipv6 [72851] dbg: dns: is Net::DNS::Resolver available? yes [72851] dbg: dns: Net::DNS version: 0.62 Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. [72851] dbg: config: read_scoreonly_config: cannot open "": No such file or directory Building a message batch to scan... Have a batch of 30 messages. Stopping now as you are debugging me. > to see where the holdups are. > Check you haven't got a screwed SpamAssassin cache as well. I removed it an restarted MS, no change. > Which MTA are you using? Sendmail It is worth noting that spamassassin -D --lint runs fine. I checked after I moved all our config over to the new version. Thanks everyone. I'm still looking at what might be wrong. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From lists at openenterprise.ca Wed Apr 2 19:47:40 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Wed Apr 2 19:48:20 2008 Subject: Error Messages on MailScanner startup Message-ID: <47F3D4CC.1040209@openenterprise.ca> When I s new start MailScanner now (just upgraded to latest today), I get the message below, which I guess comes from the new syntax checking. Can I fix this somewhere? commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 81. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 81. From dave.list at pixelhammer.com Wed Apr 2 19:59:49 2008 From: dave.list at pixelhammer.com (DAve) Date: Wed Apr 2 20:00:35 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3CD9F.7070406@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> Message-ID: <47F3D7A5.5040509@pixelhammer.com> DAve wrote: > Likely I am going to break threading, but I am reading via the archive, > I am far to slow to get the messages. > >> Check this option in mailscanner.conf >> ClamAV Full Message Scan = no > > Set to no > >> >> how do you do the bayes expire? > > MailScanner, same as all previous installs. > >> >> if it's set to yes really slows down de process. >> >> Do you have /var/spool/MailScanner/incoming on tmpfs? > > Not at this time, I didn't previously. I moved the incoming dir to a tmpfs mount (mdmfs on freebsd) no change in processing time. I am getting really stumped now. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From MailScanner at ecs.soton.ac.uk Wed Apr 2 20:10:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 20:10:57 2008 Subject: Error Messages on MailScanner startup In-Reply-To: <47F3D4CC.1040209@openenterprise.ca> References: <47F3D4CC.1040209@openenterprise.ca> Message-ID: <47F3DA0B.9020803@ecs.soton.ac.uk> You can always turn it off by settings "Automatic Syntax Check = no" in MailScanner.conf. Johnny Stork wrote: > When I s new start MailScanner now (just upgraded to latest today), I > get the message below, which I guess comes from the new syntax > checking. Can I fix this somewhere? > > > > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 81. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 81. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Wed Apr 2 20:31:24 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 2 20:32:20 2008 Subject: SA times out In-Reply-To: <47F3B529.5020500@fsl.com> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3B529.5020500@fsl.com> Message-ID: Steve Freegard wrote on Wed, 02 Apr 2008 17:32:41 +0100: > If you have the files quarantined in RFC822 format, then you can simply > re-inject them back into the queue with 'sendmail -t -i < /path/to/message'. Might work if I stop whitelisting localhost for that. Thanks, Steve. > Otherwise, you could use the 'Archive Mail' directive, then you'll get a > copy of everything in qf/df format. The option if first one doesn't work, thanks again! Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Apr 2 20:33:36 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Apr 2 20:33:58 2008 Subject: SA times out In-Reply-To: <47F39721.3000603@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 02 Apr 2008 15:24:33 +0100: > MailScanner --debug --debug-sa Ok. 2 Findings. The output from spamassassin -D and the one from MailScanner is not exactly identical. There are portions where they almost completely match and there are other portions that appear in different order or are completely different. Is this to be expected? I'm sure I'm using the same local config in /etc/mail/spamassassin for SA with and without MS. [15949] dbg: config: using "/etc/mail/spamassassin" for site rules pre files For instance one big difference is that MS does: [15949] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [15949] dbg: config: using "/usr/share/spamassassin" for default rules dir [15949] dbg: config: read file /usr/share/spamassassin/10_default_prefs.cf while SA uses the new locations: [16547] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre files [16547] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir [16547] dbg: config: read file /var/lib/spamassassin/3.002004/70_sare_adult_cf_sare_sa- update_dostech_net.cf There are other things where it differs, this is the most troubling one, for me. Then, later MS stops at this stage: [15949] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /home/spamd/awl/auto-whitelist [15949] dbg: auto-whitelist: db-based ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 [15949] dbg: auto-whitelist: AWL active, pre-score: 3.053, autolearn score: 3.053, mean: undef, IP: undef [15949] dbg: auto-whitelist: DB addr list: untie-ing and unlocking [15949] dbg: auto-whitelist: DB addr list: file locked, breaking lock [15949] dbg: locker: safe_unlock: unlocked /home/spamd/awl/auto- whitelist.mutex [15949] dbg: auto-whitelist: post auto-whitelist score: 3.053 [15949] dbg: rules: running body tests; score so far=3.053 [15949] dbg: rules: compiled body tests [15949] dbg: rules: running uri tests; score so far=3.053 [15949] dbg: rules: compiled uri tests [15949] dbg: rules: running rawbody tests; score so far=3.053 [15949] dbg: rules: compiled rawbody tests [15949] dbg: rules: running full tests; score so far=3.053 [15949] dbg: rules: compiled full tests [15949] dbg: rules: running meta tests; score so far=3.053 [15949] dbg: rules: compiled meta tests [15949] dbg: check: is spam? score=3.053 required=5 [15949] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [15949] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MS GID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_ MSGID [15949] dbg: bayes: untie-ing here all activity drops (checked in top) to zero and eventually it goes on (without printing anything about a timeout, but I assume it hits the timeout at this stage) with this which is usually the last line: commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93. (Steve, can one do something about this? It doesn't seem to hurt, I remember it's always been this way on this machine) On my first debug another message slipped in and I saw MailScanner printing that it stops now and exits because it is in debug mode. I assume this should happen each time? It didn't do this with this message but kept hanging after the above line, maybe it was still waiting for SA. I killed it. Now, the output from SA -D looks like this: [16547] dbg: rules: running uri tests; score so far=0 [16547] dbg: rules: compiled uri tests [16547] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x92183b8) implements 'check_wb_list', priority 0 [16547] dbg: bayes: DB journal sync: last sync: 1207137283 [16547] dbg: bayes: corpus size: nspam = 62507, nham = 42292 [16547] dbg: bayes: score = 1 [16547] dbg: bayes: DB journal sync: last sync: 1207137283 [16547] dbg: bayes: untie-ing [16547] dbg: rules: ran eval rule BAYES_99 ======> got hit (1) There is no noticable pause after "untie-ing". Also notice that there's no auto-whitelist check happening directly before this (that's why I quoted a bit more in the MS portion). In the SA output the auto-whitelist check happens much later. The MS output stops at about line 375. The same line in SA output is at about line 460 and the auto-whitelist check happens at line 650. It's actually the last thing what it does before auto-learning and creating mail output. The message itself is about 800 lines in KOI-8 Russian. I have a machine with a newer MS and a slightly older SA. I'll check later what output I get there. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From Lists at Tatorz.com Wed Apr 2 20:37:04 2008 From: Lists at Tatorz.com (Brian) Date: Wed Apr 2 20:37:32 2008 Subject: MailScanner ANNOUNCE: 4.68.8 stable released In-Reply-To: <47F24745.2090703@ecs.soton.ac.uk> References: <47F24745.2090703@ecs.soton.ac.uk> Message-ID: <47F3E060.7040203@Tatorz.com> Julian Field wrote: > Folks, > > I have just released the latest stable release of MailScanner version > 4.68.8. > This is *not* an April Fool's joke :-) > > Am I seeing double or is this an error? Brian From peter at farrows.org Wed Apr 2 20:39:45 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Apr 2 20:40:33 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3D7A5.5040509@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3D7A5.5040509@pixelhammer.com> Message-ID: <47F3E101.4000006@farrows.org> DAve wrote: > DAve wrote: >> Likely I am going to break threading, but I am reading via the >> archive, I am far to slow to get the messages. >> >>> Check this option in mailscanner.conf >>> ClamAV Full Message Scan = no >> >> Set to no >> >>> >>> how do you do the bayes expire? >> >> MailScanner, same as all previous installs. >> >>> >>> if it's set to yes really slows down de process. >>> >>> Do you have /var/spool/MailScanner/incoming on tmpfs? >> >> Not at this time, I didn't previously. > > I moved the incoming dir to a tmpfs mount (mdmfs on freebsd) no change > in processing time. > > I am getting really stumped now. > > DAve > > > Does your load average creep up? P. From dave.list at pixelhammer.com Wed Apr 2 20:49:08 2008 From: dave.list at pixelhammer.com (DAve) Date: Wed Apr 2 20:49:51 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3C6D3.10107@ecs.soton.ac.uk> References: <47F3BCCE.7020301@pixelhammer.com> <47F3C6D3.10107@ecs.soton.ac.uk> Message-ID: <47F3E334.7020106@pixelhammer.com> Julian Field wrote: > Start by > MailScanner --debug --debug-sa > to see where the holdups are. > Check you haven't got a screwed SpamAssassin cache as well. I changed my virus scanner from clamavmodule to clamav and my batch time went from 400/600 seconds to 60/140 seconds. As the system works through the queue I can watch the times increase up to 200 seconds. Possibly because they are large batches? I am considering removing the clamav phishing and spam checks to see if that helps. DAve > > DAve wrote: >> Not certain what is wrong here. I did a fresh clean install of FreeBSD >> 6.2, Julian's MS tarball and Julian's SA and Clam tarball. Everything >> went well, everything runs. But, now I am seeing batches like this. >> >> MailScanner[58796]: New Batch: Found 2907 messages waiting >> MailScanner[58796]: New Batch: Scanning 30 messages, 306454 bytes >> MailScanner[56909]: Batch completed at 790 bytes per second (398241 / >> 503) >> MailScanner[56909]: Batch (30 messages) processed in 503.55 seconds >> >> Previously we had maybe 4 messages per batch and processed them in 2 >> to 6 seconds. The current time to scan is killing me. >> >> mailscanner-install-4.67.6-1.tar.gz >> >> install-clam-0.92.1-sa-3.2.4.tar.gz >> >> SA plugins enabled, all others disabled = AutoLearnThreshold, Check, >> Shortcircuit, Bayes, BodyEval, HTMLEval, HeaderEval, MIMEEval, >> RelayEval, URIEval, WLBLEval, Rule2XSBody, ImageInfo, URIDNSBL. >> All SA rules have been compiled. >> Bayes is enabled. >> I have "skip_rbl_checks 1" >> shortcircuit ALL_TRUSTED on >> shortcircuit BAYES_99 spam >> shortcircuit BAYES_00 ham >> >> In MS I have the following, I can send a complete conf if needed. >> Max Children = 10 >> Queue Scan Interval = 5 >> Virus Scanners = clamavmodule >> Delivery Method = batch >> >> I don't zip attachments, I don't use MCP, I don't use Watermarks. I >> think I have done everything I can for speed, but I am losing ground. >> >> I am running a local caching name server on each MS server. >> >> Not sure where to go from here. >> >> DAve >> >> > > Jules > -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From peter at farrows.org Wed Apr 2 21:00:15 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Apr 2 21:00:49 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3CD9F.7070406@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> Message-ID: <47F3E5CF.7080505@farrows.org> DAve wrote: > Likely I am going to break threading, but I am reading via the > archive, I am far to slow to get the messages. > >> Check this option in mailscanner.conf >> ClamAV Full Message Scan = no > > Set to no > >> >> how do you do the bayes expire? > > MailScanner, same as all previous installs. > >> >> if it's set to yes really slows down de process. >> >> Do you have /var/spool/MailScanner/incoming on tmpfs? > > Not at this time, I didn't previously. > >> Start by >> MailScanner --debug --debug-sa > > bash-2.05b# ./MailScanner --debug --debug-sa > In Debugging mode, not forking... > Trying to setlogsock(unix) > > > ***** > If 'awk' (with support for the function strftime) was > available on your $PATH then all the SpamAssassin debug > output would have the current time added to the start of > every line, making debugging far easier. > ***** > > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > [72851] dbg: logger: adding facilities: all > [72851] dbg: logger: logging level is DBG > [72851] dbg: generic: SpamAssassin version 3.2.4 > [72851] dbg: config: score set 0 chosen. > [72851] dbg: dns: no ipv6 > [72851] dbg: dns: is Net::DNS::Resolver available? yes > [72851] dbg: dns: Net::DNS version: 0.62 > Use of uninitialized value in concatenation (.) or string at > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. > Use of uninitialized value in concatenation (.) or string at > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. > [72851] dbg: config: read_scoreonly_config: cannot open "": No such > file or directory > Building a message batch to scan... > Have a batch of 30 messages. > Stopping now as you are debugging me. > >> to see where the holdups are. >> Check you haven't got a screwed SpamAssassin cache as well. > > I removed it an restarted MS, no change. > >> Which MTA are you using? > > Sendmail > > It is worth noting that spamassassin -D --lint runs fine. I checked > after I moved all our config over to the new version. > > Thanks everyone. I'm still looking at what might be wrong. > > > DAve > I had this issue with the latest version on Centos 4.6. As I was in a hurry at the time I rolled it back to 4.65.3-1 and the problem went away just to prove it wasn't any of my Milters or modules causing the problem. I wasn't too bothered as I was upgrading from 4.5x so I still got a major upgrade.. I did notice that it wasn't just slow as you describe, it actaully was just queing everything, I didn't leave it long enough to verify that though as I got 600 messages in the queue quite quickly. The problem in debug mode was exactly as you describe with it halting at "Trying to setlogsock(unix)" The error seems to be to do with the perl sys::syslog , the perl -> syslog interface routine. By rolling back to the slightly earlier MailScanner version the problem was instantly fixed... Pete From glenn.steen at gmail.com Wed Apr 2 21:09:06 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 2 21:15:58 2008 Subject: Error Messages on MailScanner startup In-Reply-To: <47F3DA0B.9020803@ecs.soton.ac.uk> References: <47F3D4CC.1040209@openenterprise.ca> <47F3DA0B.9020803@ecs.soton.ac.uk> Message-ID: <223f97700804021309x6a701287m22898763cf702fd2@mail.gmail.com> On 02/04/2008, Julian Field wrote: > You can always turn it off by settings "Automatic Syntax Check = no" in > MailScanner.conf. Or just ignore it... or turn off autocommit in mysql... or ...:-) The "error" is cosmetic in nature. -- Glenn > Johnny Stork wrote: > > > When I s new start MailScanner now (just upgraded to latest today), I get > the message below, which I guess comes from the new syntax checking. Can I > fix this somewhere? > > > > > > > > > > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > line 93, line 81. > > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > line 93, line 81. > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.list at pixelhammer.com Wed Apr 2 21:53:05 2008 From: dave.list at pixelhammer.com (DAve) Date: Wed Apr 2 21:53:48 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3E5CF.7080505@farrows.org> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> Message-ID: <47F3F231.7050008@pixelhammer.com> Peter Farrow wrote: > DAve wrote: >> Likely I am going to break threading, but I am reading via the >> archive, I am far to slow to get the messages. >> >>> Check this option in mailscanner.conf >>> ClamAV Full Message Scan = no >> >> Set to no >> >>> >>> how do you do the bayes expire? >> >> MailScanner, same as all previous installs. >> >>> >>> if it's set to yes really slows down de process. >>> >>> Do you have /var/spool/MailScanner/incoming on tmpfs? >> >> Not at this time, I didn't previously. >> >>> Start by >>> MailScanner --debug --debug-sa >> >> bash-2.05b# ./MailScanner --debug --debug-sa >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> >> >> ***** >> If 'awk' (with support for the function strftime) was >> available on your $PATH then all the SpamAssassin debug >> output would have the current time added to the start of >> every line, making debugging far easier. >> ***** >> >> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp >> [72851] dbg: logger: adding facilities: all >> [72851] dbg: logger: logging level is DBG >> [72851] dbg: generic: SpamAssassin version 3.2.4 >> [72851] dbg: config: score set 0 chosen. >> [72851] dbg: dns: no ipv6 >> [72851] dbg: dns: is Net::DNS::Resolver available? yes >> [72851] dbg: dns: Net::DNS version: 0.62 >> Use of uninitialized value in concatenation (.) or string at >> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. >> Use of uninitialized value in concatenation (.) or string at >> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. >> [72851] dbg: config: read_scoreonly_config: cannot open "": No such >> file or directory >> Building a message batch to scan... >> Have a batch of 30 messages. >> Stopping now as you are debugging me. >> >>> to see where the holdups are. >>> Check you haven't got a screwed SpamAssassin cache as well. >> >> I removed it an restarted MS, no change. >> >>> Which MTA are you using? >> >> Sendmail >> >> It is worth noting that spamassassin -D --lint runs fine. I checked >> after I moved all our config over to the new version. >> >> Thanks everyone. I'm still looking at what might be wrong. >> >> >> DAve >> > I had this issue with the latest version on Centos 4.6. As I was in a > hurry at the time I rolled it back to 4.65.3-1 and the problem went away > just to prove it wasn't any of my Milters or modules causing the > problem. I wasn't too bothered as I was upgrading from 4.5x so I still > got a major upgrade.. > > I did notice that it wasn't just slow as you describe, it actaully was > just queing everything, I didn't leave it long enough to verify that > though as I got 600 messages in the queue quite quickly. > > The problem in debug mode was exactly as you describe with it halting at > "Trying to setlogsock(unix)" > > The error seems to be to do with the perl sys::syslog , the perl -> > syslog interface routine. > > By rolling back to the slightly earlier MailScanner version the problem > was instantly fixed... > > Pete > I upgeaded the sys::syslog from .18 to .24 with no change. But, during debug I am getting this and it slows down consierably even with a single message batch. rules: failed to run DNS_FROM_OPENWHOIS RBL test, skipping: (Can't locate object method "check_rbl_envfrom" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Check.pm line 203. ) This seems to be the killer. I have no rbl checks configured with SA, so I don't understand this. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From MailScanner at ecs.soton.ac.uk Wed Apr 2 22:07:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 2 22:08:18 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3E5CF.7080505@farrows.org> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> Message-ID: <47F3F591.8030300@ecs.soton.ac.uk> Peter Farrow wrote: > DAve wrote: >> Likely I am going to break threading, but I am reading via the >> archive, I am far to slow to get the messages. >> >>> Check this option in mailscanner.conf >>> ClamAV Full Message Scan = no >> >> Set to no >> >>> >>> how do you do the bayes expire? >> >> MailScanner, same as all previous installs. >> >>> >>> if it's set to yes really slows down de process. >>> >>> Do you have /var/spool/MailScanner/incoming on tmpfs? >> >> Not at this time, I didn't previously. >> >>> Start by >>> MailScanner --debug --debug-sa >> >> bash-2.05b# ./MailScanner --debug --debug-sa >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> >> >> ***** >> If 'awk' (with support for the function strftime) was >> available on your $PATH then all the SpamAssassin debug >> output would have the current time added to the start of >> every line, making debugging far easier. >> ***** >> >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> [72851] dbg: logger: adding facilities: all >> [72851] dbg: logger: logging level is DBG >> [72851] dbg: generic: SpamAssassin version 3.2.4 >> [72851] dbg: config: score set 0 chosen. >> [72851] dbg: dns: no ipv6 >> [72851] dbg: dns: is Net::DNS::Resolver available? yes >> [72851] dbg: dns: Net::DNS version: 0.62 >> Use of uninitialized value in concatenation (.) or string at >> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. >> Use of uninitialized value in concatenation (.) or string at >> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. >> [72851] dbg: config: read_scoreonly_config: cannot open "": No such >> file or directory >> Building a message batch to scan... >> Have a batch of 30 messages. >> Stopping now as you are debugging me. >> >>> to see where the holdups are. >>> Check you haven't got a screwed SpamAssassin cache as well. >> >> I removed it an restarted MS, no change. >> >>> Which MTA are you using? >> >> Sendmail >> >> It is worth noting that spamassassin -D --lint runs fine. I checked >> after I moved all our config over to the new version. >> >> Thanks everyone. I'm still looking at what might be wrong. >> >> >> DAve >> > I had this issue with the latest version on Centos 4.6. As I was in a > hurry at the time I rolled it back to 4.65.3-1 and the problem went > away just to prove it wasn't any of my Milters or modules causing the > problem. I wasn't too bothered as I was upgrading from 4.5x so I > still got a major upgrade.. > > I did notice that it wasn't just slow as you describe, it actaully was > just queing everything, I didn't leave it long enough to verify that > though as I got 600 messages in the queue quite quickly. > > The problem in debug mode was exactly as you describe with it halting > at "Trying to setlogsock(unix)" > > The error seems to be to do with the perl sys::syslog , the perl -> > syslog interface routine. > > By rolling back to the slightly earlier MailScanner version the > problem was instantly fixed... Do you get output like this from 'MailScanner --debug' ? Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Building a message batch to scan... How long is the delay between the "Trying to setlogsock(unix)" and the next line of output? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Wed Apr 2 22:31:55 2008 From: dave.list at pixelhammer.com (DAve) Date: Wed Apr 2 22:32:39 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3F591.8030300@ecs.soton.ac.uk> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F591.8030300@ecs.soton.ac.uk> Message-ID: <47F3FB4B.4020306@pixelhammer.com> Julian Field wrote: > > > Peter Farrow wrote: >> DAve wrote: >>> Likely I am going to break threading, but I am reading via the >>> archive, I am far to slow to get the messages. >>> >>>> Check this option in mailscanner.conf >>>> ClamAV Full Message Scan = no >>> >>> Set to no >>> >>>> >>>> how do you do the bayes expire? >>> >>> MailScanner, same as all previous installs. >>> >>>> >>>> if it's set to yes really slows down de process. >>>> >>>> Do you have /var/spool/MailScanner/incoming on tmpfs? >>> >>> Not at this time, I didn't previously. >>> >>>> Start by >>>> MailScanner --debug --debug-sa >>> >>> bash-2.05b# ./MailScanner --debug --debug-sa >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> >>> >>> ***** >>> If 'awk' (with support for the function strftime) was >>> available on your $PATH then all the SpamAssassin debug >>> output would have the current time added to the start of >>> every line, making debugging far easier. >>> ***** >>> >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> [72851] dbg: logger: adding facilities: all >>> [72851] dbg: logger: logging level is DBG >>> [72851] dbg: generic: SpamAssassin version 3.2.4 >>> [72851] dbg: config: score set 0 chosen. >>> [72851] dbg: dns: no ipv6 >>> [72851] dbg: dns: is Net::DNS::Resolver available? yes >>> [72851] dbg: dns: Net::DNS version: 0.62 >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. >>> [72851] dbg: config: read_scoreonly_config: cannot open "": No such >>> file or directory >>> Building a message batch to scan... >>> Have a batch of 30 messages. >>> Stopping now as you are debugging me. >>> >>>> to see where the holdups are. >>>> Check you haven't got a screwed SpamAssassin cache as well. >>> >>> I removed it an restarted MS, no change. >>> >>>> Which MTA are you using? >>> >>> Sendmail >>> >>> It is worth noting that spamassassin -D --lint runs fine. I checked >>> after I moved all our config over to the new version. >>> >>> Thanks everyone. I'm still looking at what might be wrong. >>> >>> >>> DAve >>> >> I had this issue with the latest version on Centos 4.6. As I was in a >> hurry at the time I rolled it back to 4.65.3-1 and the problem went >> away just to prove it wasn't any of my Milters or modules causing the >> problem. I wasn't too bothered as I was upgrading from 4.5x so I >> still got a major upgrade.. >> >> I did notice that it wasn't just slow as you describe, it actaully was >> just queing everything, I didn't leave it long enough to verify that >> though as I got 600 messages in the queue quite quickly. >> >> The problem in debug mode was exactly as you describe with it halting >> at "Trying to setlogsock(unix)" >> >> The error seems to be to do with the perl sys::syslog , the perl -> >> syslog interface routine. >> >> By rolling back to the slightly earlier MailScanner version the >> problem was instantly fixed... > Do you get output like this from 'MailScanner --debug' ? > > Trying to setlogsock(unix) > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > Building a message batch to scan... > > How long is the delay between the "Trying to setlogsock(unix)" and the > next line of output? 7 seconds on one machine 2 seconds on the other. They are identical, I built one last night by rdumping the first. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From peter at farrows.org Wed Apr 2 23:13:52 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Apr 2 23:14:39 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3F231.7050008@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> Message-ID: <47F40520.5000201@farrows.org> DAve wrote: > Peter Farrow wrote: >> DAve wrote: >>> Likely I am going to break threading, but I am reading via the >>> archive, I am far to slow to get the messages. >>> >>>> Check this option in mailscanner.conf >>>> ClamAV Full Message Scan = no >>> >>> Set to no >>> >>>> >>>> how do you do the bayes expire? >>> >>> MailScanner, same as all previous installs. >>> >>>> >>>> if it's set to yes really slows down de process. >>>> >>>> Do you have /var/spool/MailScanner/incoming on tmpfs? >>> >>> Not at this time, I didn't previously. >>> >>>> Start by >>>> MailScanner --debug --debug-sa >>> >>> bash-2.05b# ./MailScanner --debug --debug-sa >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> >>> >>> ***** >>> If 'awk' (with support for the function strftime) was >>> available on your $PATH then all the SpamAssassin debug >>> output would have the current time added to the start of >>> every line, making debugging far easier. >>> ***** >>> >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> [72851] dbg: logger: adding facilities: all >>> [72851] dbg: logger: logging level is DBG >>> [72851] dbg: generic: SpamAssassin version 3.2.4 >>> [72851] dbg: config: score set 0 chosen. >>> [72851] dbg: dns: no ipv6 >>> [72851] dbg: dns: is Net::DNS::Resolver available? yes >>> [72851] dbg: dns: Net::DNS version: 0.62 >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. >>> [72851] dbg: config: read_scoreonly_config: cannot open "": No such >>> file or directory >>> Building a message batch to scan... >>> Have a batch of 30 messages. >>> Stopping now as you are debugging me. >>> >>>> to see where the holdups are. >>>> Check you haven't got a screwed SpamAssassin cache as well. >>> >>> I removed it an restarted MS, no change. >>> >>>> Which MTA are you using? >>> >>> Sendmail >>> >>> It is worth noting that spamassassin -D --lint runs fine. I checked >>> after I moved all our config over to the new version. >>> >>> Thanks everyone. I'm still looking at what might be wrong. >>> >>> >>> DAve >>> >> I had this issue with the latest version on Centos 4.6. As I was in >> a hurry at the time I rolled it back to 4.65.3-1 and the problem went >> away just to prove it wasn't any of my Milters or modules causing the >> problem. I wasn't too bothered as I was upgrading from 4.5x so I >> still got a major upgrade.. >> >> I did notice that it wasn't just slow as you describe, it actaully >> was just queing everything, I didn't leave it long enough to verify >> that though as I got 600 messages in the queue quite quickly. >> >> The problem in debug mode was exactly as you describe with it halting >> at "Trying to setlogsock(unix)" >> >> The error seems to be to do with the perl sys::syslog , the perl -> >> syslog interface routine. >> >> By rolling back to the slightly earlier MailScanner version the >> problem was instantly fixed... >> >> Pete >> > > I upgeaded the sys::syslog from .18 to .24 with no change. But, during > debug I am getting this and it slows down consierably even with a > single message batch. > > rules: failed to run DNS_FROM_OPENWHOIS RBL test, skipping: > (Can't locate object method "check_rbl_envfrom" via package > "Mail::SpamAssassin::PerMsgStatus" at > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Check.pm > line 203. > ) > > This seems to be the killer. I have no rbl checks configured with SA, > so I don't understand this. > > DAve > Is this useful... http://markmail.org/message/xzqi5fmrbj3tfgg2 P. From peter at farrows.org Wed Apr 2 23:21:09 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Apr 2 23:21:18 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3F231.7050008@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> Message-ID: <47F406D5.2020004@farrows.org> DAve wrote: > Peter Farrow wrote: >> DAve wrote: >>> Likely I am going to break threading, but I am reading via the >>> archive, I am far to slow to get the messages. >>> >>>> Check this option in mailscanner.conf >>>> ClamAV Full Message Scan = no >>> >>> Set to no >>> >>>> >>>> how do you do the bayes expire? >>> >>> MailScanner, same as all previous installs. >>> >>>> >>>> if it's set to yes really slows down de process. >>>> >>>> Do you have /var/spool/MailScanner/incoming on tmpfs? >>> >>> Not at this time, I didn't previously. >>> >>>> Start by >>>> MailScanner --debug --debug-sa >>> >>> bash-2.05b# ./MailScanner --debug --debug-sa >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> >>> >>> ***** >>> If 'awk' (with support for the function strftime) was >>> available on your $PATH then all the SpamAssassin debug >>> output would have the current time added to the start of >>> every line, making debugging far easier. >>> ***** >>> >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> [72851] dbg: logger: adding facilities: all >>> [72851] dbg: logger: logging level is DBG >>> [72851] dbg: generic: SpamAssassin version 3.2.4 >>> [72851] dbg: config: score set 0 chosen. >>> [72851] dbg: dns: no ipv6 >>> [72851] dbg: dns: is Net::DNS::Resolver available? yes >>> [72851] dbg: dns: Net::DNS version: 0.62 >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. >>> [72851] dbg: config: read_scoreonly_config: cannot open "": No such >>> file or directory >>> Building a message batch to scan... >>> Have a batch of 30 messages. >>> Stopping now as you are debugging me. >>> >>>> to see where the holdups are. >>>> Check you haven't got a screwed SpamAssassin cache as well. >>> >>> I removed it an restarted MS, no change. >>> >>>> Which MTA are you using? >>> >>> Sendmail >>> >>> It is worth noting that spamassassin -D --lint runs fine. I checked >>> after I moved all our config over to the new version. >>> >>> Thanks everyone. I'm still looking at what might be wrong. >>> >>> >>> DAve >>> >> I had this issue with the latest version on Centos 4.6. As I was in >> a hurry at the time I rolled it back to 4.65.3-1 and the problem went >> away just to prove it wasn't any of my Milters or modules causing the >> problem. I wasn't too bothered as I was upgrading from 4.5x so I >> still got a major upgrade.. >> >> I did notice that it wasn't just slow as you describe, it actaully >> was just queing everything, I didn't leave it long enough to verify >> that though as I got 600 messages in the queue quite quickly. >> >> The problem in debug mode was exactly as you describe with it halting >> at "Trying to setlogsock(unix)" >> >> The error seems to be to do with the perl sys::syslog , the perl -> >> syslog interface routine. >> >> By rolling back to the slightly earlier MailScanner version the >> problem was instantly fixed... >> >> Pete >> > > I upgeaded the sys::syslog from .18 to .24 with no change. But, during > debug I am getting this and it slows down consierably even with a > single message batch. > > rules: failed to run DNS_FROM_OPENWHOIS RBL test, skipping: > (Can't locate object method "check_rbl_envfrom" via package > "Mail::SpamAssassin::PerMsgStatus" at > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Check.pm > line 203. > ) > > This seems to be the killer. I have no rbl checks configured with SA, > so I don't understand this. > > DAve > What version of Spamassassin are you running? I followed a few related links and got to this entry in CPAN... http://search.cpan.org/dist/Mail-SpamAssassin/lib/Mail/SpamAssassin/DnsResolver.pm It mentions about a bug: "This is a DNS resolution engine for SpamAssassin, implemented in order to reduce file descriptor usage by Net::DNS and avoid a response collision bug in that module." This may or may not be significant...might be worth a look.. P. From dave.list at pixelhammer.com Thu Apr 3 02:08:08 2008 From: dave.list at pixelhammer.com (DAve) Date: Thu Apr 3 02:08:58 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F406D5.2020004@farrows.org> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> Message-ID: <47F42DF8.9080801@pixelhammer.com> After much plugging away, double checking, triple checking and herding of cats I *think* we may out of the woods. I won't know until tomorrow AM when traffic picks up again. Here are my findings so far. MailScanner 4.67.6 ClamAV 0.92.1 SpamAssassin 3.2.4 Virus Scanners = [clamav | clamavmodule] - There appears to be no real gain in running clamavmodule, some speed increase but not enough to be noticed. I have clamavmodule configured just to save some memory. ClamAV Full Message Scan = yes - That is a killer, it seems to really increase processing time. I have it now set to no, and I have removed my MSRBL sigs. Incoming Work Dir = tmpfs (mdmfs in FreeBSD) - Surprisingly little difference. I left it on a memory file system for now. mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it claims. SA is still doing rbl checks. I commented out the DNSEval plugin in v320.pre file and was rewarded with errors for my effort. Not certain what the correct method of disabling rbl checks in SA is now. Peter Farrow found a message where this has been seen already. http://markmail.org/message/xzqi5fmrbj3tfgg2 MailScanner batch size - With version 4.54.6 MS processed 10 messages per batch and kept up just fine. With version 4.67.6 it will grab 30+ messages which takes longer to process. Increasing MS children has no effect. More children working slower doesn't process more mail for me. I don't see where I can configure this. I am currently seeing processing times of .8 to 20 seconds per message, generally around the 2 to 4 seconds mark. This is for batches of 1 to 10 messages. I was seeing as much as 800 seconds for a batch size of 30 messages this morning. So there has been improvement. I am compiling my SA rules and I run my RBLs in the MTA (hence why I do not want rbl checking in SA). Overall, my previous install of MS 4.54.6, Clam .92, and SA 3.1.9 would run rings around this install. I am seriously contemplating rolling back but I am uncertain if I have the original tarball for Julian's Clam+SA package. I believe my issue is configuration of MS or SA at this point. I am open to suggestions. Thanks for the help. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From rapin at linuxmail.org Thu Apr 3 04:16:57 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Thu Apr 3 04:17:42 2008 Subject: can't not login to website Message-ID: <20080403031657.C9115233C8@ws5-3.us4.outblaze.com> pls, help me, why i can't login with my password Thank -------------------------------------------------- Linuxmail Rapin P. = Buy Omron Blood Pressure Monitors Here Free shipping on orders over $100. 5% cash back on 2nd purchase. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=09e1928acda9b34bdbe17c1529ec0018 -- Powered by Outblaze From rapin at linuxmail.org Thu Apr 3 04:29:21 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Thu Apr 3 04:29:30 2008 Subject: Syntax Error spamwhitelist Message-ID: <20080403032921.764147B8F1@ws5-10.us4.outblaze.com> Dear all i have this error when i config vim /etc/MailScanner/MailScanner.conf this line : Is Definitely Not Spam = $SQLwhitelist Syntax error in line 1767, value "" for spamwhitelist is not one of allowed values "yes","no" pls, help Thx. -------------------------------------------------- Linuxmail Rapin P. = Buy Omron Blood Pressure Monitors Here Free shipping on orders over $100. 5% cash back on 2nd purchase. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=09e1928acda9b34bdbe17c1529ec0018 -- Powered by Outblaze From rapin at linuxmail.org Thu Apr 3 04:33:12 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Thu Apr 3 04:33:48 2008 Subject: can't not login to website Message-ID: <20080403033312.DA42ECBE77@ws5-11.us4.outblaze.com> Ok Thank. i understand > ----- Original Message ----- > From: "Linuxmail R." > To: mailscanner@lists.mailscanner.info > Subject: can't not login to website > Date: Thu, 3 Apr 2008 10:16:57 +0700 > > > pls, help me, why i can't login with my password > > Thank > > -------------------------------------------------- > Linuxmail Rapin P. > > > = > Buy Omron Blood Pressure Monitors Here > Free shipping on orders over $100. 5% cash back on 2nd purchase. > http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=09e1928acda9b34bdbe17c1529ec0018 > > > -- > Powered by Outblaze > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------------------------------------------- Linuxmail Rapin P. = Compare Mortgage Quotes Up to 5 Free Quotes with 1 Form. Refi or Home Equity. Intro Terms. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=d33f0b87f6e6297dad30c521e5a0d7a6 -- Powered by Outblaze From mailscanner at pdscc.com Thu Apr 3 05:29:58 2008 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Thu Apr 3 05:30:46 2008 Subject: adding extra headers in MS scanned mails, with links to mailwatch item Message-ID: <20080403042958.6C39A82B87@sinclaire.sibble.net> Googling hasn't turned up anything so far, hope someone can suggest something, will also post this to the mailwatch list. Okay before I was using mailscanner/mailwatch, I was using popfile on the desktop, it would insert an additional header which could be made to show up in the client (pegasus) so you could open the popfile UI to that message for bayes reclassification. Now, I'd like to do the same thing with the X-MailScanner-ID header and point the link to my box so it would look say something like this X-MailScanner-ID: 05A32108520.36CCF X-MailWatch-Link: http://ipadd/mailscanner/detail.php?id=05A32108520.36CCF In hindsight, I'm vaguely sure I've seen discussion on this somewhere, but haven't found it yet. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From hvdkooij at vanderkooij.org Thu Apr 3 06:20:10 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 3 06:21:27 2008 Subject: MailScanner ANNOUNCE: 4.68.8 stable released In-Reply-To: <47F3E060.7040203@Tatorz.com> References: <47F24745.2090703@ecs.soton.ac.uk> <47F3E060.7040203@Tatorz.com> Message-ID: <47F4690A.4050004@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian wrote: | Julian Field wrote: |> Folks, |> |> I have just released the latest stable release of MailScanner version |> 4.68.8. |> This is *not* an April Fool's joke :-) |> |> | | Am I seeing double or is this an error? It is an error. But not by Jules as far as I can tell. Someone at whi.wts.edu sure did not finish school and is resending the message. I am sure Jules will take care of them. Return-Path: X-Original-To: hvdkooij@vanderkooij.org Delivered-To: hvdkooij@vanderkooij.org Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7]) by balin.waakhond.net (Postfix) with ESMTP id CCED817E806C for ; Wed, 2 Apr 2008 16:25:01 +0200 (CEST) Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m32EMqV8024842; Wed, 2 Apr 2008 15:23:12 +0100 X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from whi.wts.edu (whi.wts.edu [68.166.48.243]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m32E65Ee023617; Wed, 2 Apr 2008 15:06:38 +0100 Received: from root by whi.wts.edu with local (Exim 4.69) (envelope-from ) id 1Jh3X5-0000QO-18; Wed, 02 Apr 2008 10:01:43 -0400 Received: from safir.blacknight.ie ([83.98.192.7]) by whi.wts.edu with esmtp (Exim 4.68) (envelope-from ) id 1JghpF-0003Mh-14 for klowery@whi.wts.edu; Tue, 01 Apr 2008 10:51:01 -0400 Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m31Elj04015650; Tue, 1 Apr 2008 15:49:39 +0100 X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from owl.ecs.soton.ac.uk (owl.ecs.soton.ac.uk [152.78.68.129]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m31EVjkl014479; Tue, 1 Apr 2008 15:32:17 +0100 X-ECS-MailScanner-Watermark: 1207665102.39997@y1R0Rm1iFbQE2n4lgk2mxw Received: from goose.ecs.soton.ac.uk (goose.ecs.soton.ac.uk [IPv6:2001:630:d0:f102:230:48ff:fe78:67b5]) by owl.ecs.soton.ac.uk (8.13.1/8.13.1) with ESMTP id m31EVdjI031637; Tue, 1 Apr 2008 15:31:39 +0100 X-ECS-MailScanner-Watermark: 1207665094.58777@eXwqjdynfwPiouKMG6IgfA Received: from apothecary.ecs.soton.ac.uk (apothecary.ecs.soton.ac.uk [152.78.64.25]) (authenticated bits=0) by goose.ecs.soton.ac.uk (8.13.1/8.13.1) with ESMTP id m31EVXqI027345; Tue, 1 Apr 2008 15:31:33 +0100 Message-ID: <47F24745.2090703@ecs.soton.ac.uk> Date: Tue, 01 Apr 2008 15:31:33 +0100 From: Julian Field Organization: MailScanner User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) MIME-Version: 1.0 .... Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH9Gj+BvzDRVjxmYERAiLqAJ0WYnJWdHF1+Fvi2+KbapcLoeDcigCfYitq n4TwWVncyVZ1lPeVDDHw5Q4= =100Y -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Apr 3 06:29:12 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 3 06:30:20 2008 Subject: MailScanner ignoring some rules In-Reply-To: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> Message-ID: <47F46B28.2050507@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 mailscanner@tecnowaydigital.com.br wrote: | At MailScanner recent versions, when I set some rules like: | Scan Messages = /etc/MailScanner/rules/scan.messages.rules | or | Filename Rules = /etc/MailScanner/filename.rules | | The MailScanner simply ignore the rules and don't print any error message. Since you didn not include anything about the rules you have there we must assume MS is right and your rules are wrong. In what way we can not tell you by lack of any information. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH9GslBvzDRVjxmYERAiOiAKCcKHWSpoYBUC+M2k0uPSEhertCnACfQEa+ KnYl0Qt9kzlzy4m99EgvKhU= =LsQL -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Apr 3 06:31:15 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 3 06:32:22 2008 Subject: Syntax Error spamwhitelist In-Reply-To: <20080403032921.764147B8F1@ws5-10.us4.outblaze.com> References: <20080403032921.764147B8F1@ws5-10.us4.outblaze.com> Message-ID: <47F46BA3.2070701@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linuxmail R. wrote: | i have this error when i config vim /etc/MailScanner/MailScanner.conf this line : Is Definitely Not Spam = $SQLwhitelist | | Syntax error in line 1767, value "" for spamwhitelist is not one of allowed values "yes","no" What version is this? MS 0.99? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH9GugBvzDRVjxmYERAhPDAJ9qfR7QrznkWrtJR5OBVrzJVg3FvwCfW6PM D3ooCmA+9NYBCLk4Ip+2uSg= =MOR4 -----END PGP SIGNATURE----- From J.Ede at birchenallhowden.co.uk Thu Apr 3 08:45:03 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Apr 3 08:47:03 2008 Subject: Syntax Error spamwhitelist In-Reply-To: <20080403032921.764147B8F1@ws5-10.us4.outblaze.com> References: <20080403032921.764147B8F1@ws5-10.us4.outblaze.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C406758E2F7@server02.bhl.local> It should be &SQLwhitelist not $SQLwhitelist Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Linuxmail R. > Sent: 03 April 2008 04:29 > To: mailscanner@lists.mailscanner.info > Subject: Syntax Error spamwhitelist > > Dear all > > i have this error when i config vim /etc/MailScanner/MailScanner.conf > this line : Is Definitely Not Spam = $SQLwhitelist > > Syntax error in line 1767, value "" for spamwhitelist is not one of > allowed values "yes","no" > > pls, help > Thx. > -------------------------------------------------- > Linuxmail Rapin P. > > > = > Buy Omron Blood Pressure Monitors Here > Free shipping on orders over $100. 5% cash back on 2nd purchase. > http://a8-asy.a8ww.net/a8- > ads/adftrclick?redirectid=09e1928acda9b34bdbe17c1529ec0018 > > > -- > Powered by Outblaze > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Apr 3 09:11:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 3 09:12:34 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F42DF8.9080801@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> Message-ID: <47F4913F.7040100@ecs.soton.ac.uk> DAve wrote: > After much plugging away, double checking, triple checking and herding > of cats I *think* we may out of the woods. I won't know until tomorrow > AM when traffic picks up again. Here are my findings so far. > > MailScanner 4.67.6 > ClamAV 0.92.1 > SpamAssassin 3.2.4 > > Virus Scanners = [clamav | clamavmodule] - There appears to be no real > gain in running clamavmodule, some speed increase but not enough to be > noticed. I have clamavmodule configured just to save some memory. > > ClamAV Full Message Scan = yes - That is a killer, it seems to really > increase processing time. I have it now set to no, and I have removed > my MSRBL sigs. > > Incoming Work Dir = tmpfs (mdmfs in FreeBSD) - Surprisingly little > difference. I left it on a memory file system for now. > > mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it > claims. SA is still doing rbl checks. I commented out the DNSEval > plugin in v320.pre file and was rewarded with errors for my effort. > Not certain what the correct method of disabling rbl checks in SA is > now. Peter Farrow found a message where this has been seen already. > http://markmail.org/message/xzqi5fmrbj3tfgg2 > > MailScanner batch size - With version 4.54.6 MS processed 10 messages > per batch and kept up just fine. With version 4.67.6 it will grab 30+ > messages which takes longer to process. Increasing MS children has no > effect. More children working slower doesn't process more mail for me. > I don't see where I can configure this. "Max Children =" in MailScanner.conf. If you were using upgrade_MailScanner_conf to upgrade your MailScanner.conf file then this setting would not have been changed between versions. Do you really copy over all your settings by hand into the new MailScanner.conf file? Wow! That must take *hours*. > > I am currently seeing processing times of .8 to 20 seconds per > message, generally around the 2 to 4 seconds mark. This is for batches > of 1 to 10 messages. I was seeing as much as 800 seconds for a batch > size of 30 messages this morning. So there has been improvement. > > I am compiling my SA rules and I run my RBLs in the MTA (hence why I > do not want rbl checking in SA). > > Overall, my previous install of MS 4.54.6, Clam .92, and SA 3.1.9 > would run rings around this install. I am seriously contemplating > rolling back but I am uncertain if I have the original tarball for > Julian's Clam+SA package. > > I believe my issue is configuration of MS or SA at this point. I am > open to suggestions. > > Thanks for the help. > > DAve > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 3 09:16:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 3 09:16:31 2008 Subject: MailScanner ANNOUNCE: 4.68.8 stable released In-Reply-To: <47F4690A.4050004@vanderkooij.org> References: <47F24745.2090703@ecs.soton.ac.uk> <47F3E060.7040203@Tatorz.com> <47F4690A.4050004@vanderkooij.org> Message-ID: <47F49242.7040901@ecs.soton.ac.uk> Dealt with :-) Hugo van der Kooij wrote: > * PGP Signed by an unverified key: 04/03/08 at 06:19:58 > > Brian wrote: > | Julian Field wrote: > |> Folks, > |> > |> I have just released the latest stable release of MailScanner version > |> 4.68.8. > |> This is *not* an April Fool's joke :-) > |> > |> > | > | Am I seeing double or is this an error? > > It is an error. But not by Jules as far as I can tell. Someone at > whi.wts.edu sure did not finish school and is resending the message. > > I am sure Jules will take care of them. > > Return-Path: > X-Original-To: hvdkooij@vanderkooij.org > Delivered-To: hvdkooij@vanderkooij.org > Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7]) > by balin.waakhond.net (Postfix) with ESMTP id CCED817E806C > for ; Wed, 2 Apr 2008 16:25:01 +0200 > (CEST) > Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) > by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m32EMqV8024842; > Wed, 2 Apr 2008 15:23:12 +0100 > X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw > Exp $ > Received: from whi.wts.edu (whi.wts.edu [68.166.48.243]) > by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m32E65Ee023617; > Wed, 2 Apr 2008 15:06:38 +0100 > Received: from root by whi.wts.edu with local (Exim 4.69) > (envelope-from ) > id 1Jh3X5-0000QO-18; Wed, 02 Apr 2008 10:01:43 -0400 > Received: from safir.blacknight.ie ([83.98.192.7]) > by whi.wts.edu with esmtp (Exim 4.68) > (envelope-from ) > id 1JghpF-0003Mh-14 > for klowery@whi.wts.edu; Tue, 01 Apr 2008 10:51:01 -0400 > Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) > by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m31Elj04015650; > Tue, 1 Apr 2008 15:49:39 +0100 > X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw > Exp $ > Received: from owl.ecs.soton.ac.uk (owl.ecs.soton.ac.uk [152.78.68.129]) > by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m31EVjkl014479; > Tue, 1 Apr 2008 15:32:17 +0100 > X-ECS-MailScanner-Watermark: 1207665102.39997@y1R0Rm1iFbQE2n4lgk2mxw > Received: from goose.ecs.soton.ac.uk (goose.ecs.soton.ac.uk > [IPv6:2001:630:d0:f102:230:48ff:fe78:67b5]) > by owl.ecs.soton.ac.uk (8.13.1/8.13.1) with ESMTP id m31EVdjI031637; > Tue, 1 Apr 2008 15:31:39 +0100 > X-ECS-MailScanner-Watermark: 1207665094.58777@eXwqjdynfwPiouKMG6IgfA > Received: from apothecary.ecs.soton.ac.uk (apothecary.ecs.soton.ac.uk > [152.78.64.25]) (authenticated bits=0) > by goose.ecs.soton.ac.uk (8.13.1/8.13.1) with ESMTP id > m31EVXqI027345; > Tue, 1 Apr 2008 15:31:33 +0100 > Message-ID: <47F24745.2090703@ecs.soton.ac.uk> > Date: Tue, 01 Apr 2008 15:31:33 +0100 > From: Julian Field > Organization: MailScanner > User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) > MIME-Version: 1.0 > .... > > Hugo. > > -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > * Hugo van der Kooij > * 0x58F19981 - Unverified(L) > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Apr 3 09:44:29 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Apr 3 09:45:24 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F42DF8.9080801@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com><47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com><47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0360A9AE@HC-MBX02.herefordshire.gov.uk> Did do an sa-update to get the current SA ruleset? If you run sa-update -D You can visually verify that it's working. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve Sent: 03 April 2008 02:08 To: MailScanner discussion Subject: Re: New MS install is slow to an extreme After much plugging away, double checking, triple checking and herding of cats I *think* we may out of the woods. I won't know until tomorrow AM when traffic picks up again. Here are my findings so far. MailScanner 4.67.6 ClamAV 0.92.1 SpamAssassin 3.2.4 Virus Scanners = [clamav | clamavmodule] - There appears to be no real gain in running clamavmodule, some speed increase but not enough to be noticed. I have clamavmodule configured just to save some memory. ClamAV Full Message Scan = yes - That is a killer, it seems to really increase processing time. I have it now set to no, and I have removed my MSRBL sigs. Incoming Work Dir = tmpfs (mdmfs in FreeBSD) - Surprisingly little difference. I left it on a memory file system for now. mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it claims. SA is still doing rbl checks. I commented out the DNSEval plugin in v320.pre file and was rewarded with errors for my effort. Not certain what the correct method of disabling rbl checks in SA is now. Peter Farrow found a message where this has been seen already. http://markmail.org/message/xzqi5fmrbj3tfgg2 MailScanner batch size - With version 4.54.6 MS processed 10 messages per batch and kept up just fine. With version 4.67.6 it will grab 30+ messages which takes longer to process. Increasing MS children has no effect. More children working slower doesn't process more mail for me. I don't see where I can configure this. I am currently seeing processing times of .8 to 20 seconds per message, generally around the 2 to 4 seconds mark. This is for batches of 1 to 10 messages. I was seeing as much as 800 seconds for a batch size of 30 messages this morning. So there has been improvement. I am compiling my SA rules and I run my RBLs in the MTA (hence why I do not want rbl checking in SA). Overall, my previous install of MS 4.54.6, Clam .92, and SA 3.1.9 would run rings around this install. I am seriously contemplating rolling back but I am uncertain if I have the original tarball for Julian's Clam+SA package. I believe my issue is configuration of MS or SA at this point. I am open to suggestions. Thanks for the help. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rapin at linuxmail.org Thu Apr 3 10:05:15 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Thu Apr 3 10:05:51 2008 Subject: Syntax Error spamwhitelist Message-ID: <20080403090515.02698CBE77@ws5-11.us4.outblaze.com> Thank you. I can't see this problem. > ----- Original Message ----- > From: "Jason Ede" > To: "MailScanner discussion" > Subject: RE: Syntax Error spamwhitelist > Date: Thu, 3 Apr 2008 08:45:03 +0100 > > > > It should be &SQLwhitelist not $SQLwhitelist > > Jason > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Linuxmail R. > > Sent: 03 April 2008 04:29 > > To: mailscanner@lists.mailscanner.info > > Subject: Syntax Error spamwhitelist > > > > Dear all > > > > i have this error when i config vim /etc/MailScanner/MailScanner.conf > > this line : Is Definitely Not Spam = $SQLwhitelist > > > > Syntax error in line 1767, value "" for spamwhitelist is not one of > > allowed values "yes","no" > > > > pls, help > > Thx. > > -------------------------------------------------- > > Linuxmail Rapin P. > > > > > > = > > Buy Omron Blood Pressure Monitors Here > > Free shipping on orders over $100. 5% cash back on 2nd purchase. > > http://a8-asy.a8ww.net/a8- > > ads/adftrclick?redirectid=09e1928acda9b34bdbe17c1529ec0018 > > > > > > -- > > Powered by Outblaze > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------------------------------------------- Linuxmail Rapin P. = -- Powered by Outblaze From rapin at linuxmail.org Thu Apr 3 10:18:00 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Thu Apr 3 10:18:10 2008 Subject: Error when update Geoip Message-ID: <20080403091800.C35B0233C8@ws5-3.us4.outblaze.com> Dear All I got this error when i update GeoIp,pls help me. thx.. ------------------------------------------------------------------- Downloading file, please wait.... Error executing query: Access denied for user 'mailwatch'@'localhost' (using password: YES) SQL: LOAD DATA INFILE '/home/crisgo/mailscanner/temp/GeoIPCountryWhois.csv' INTO TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '"' -------------------------------------------------- Linuxmail Rapin P. = -- Powered by Outblaze From MailScanner at ecs.soton.ac.uk Thu Apr 3 11:05:10 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 3 11:06:02 2008 Subject: Error when update Geoip In-Reply-To: <20080403091800.C35B0233C8@ws5-3.us4.outblaze.com> References: <20080403091800.C35B0233C8@ws5-3.us4.outblaze.com> Message-ID: <47F4ABD6.8040505@ecs.soton.ac.uk> Please ask on the MailWatch mailing list, not this one. Linuxmail R. wrote: > Dear All > > I got this error when i update GeoIp,pls help me. thx.. > ------------------------------------------------------------------- > Downloading file, please wait.... > Error executing query: > > Access denied for user 'mailwatch'@'localhost' (using password: YES) > > SQL: > > LOAD DATA INFILE '/home/crisgo/mailscanner/temp/GeoIPCountryWhois.csv' INTO TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '"' > > -------------------------------------------------- > Linuxmail Rapin P. > > > = > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martyn at invictawiz.com Thu Apr 3 12:17:12 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Thu Apr 3 12:18:33 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3D7A5.5040509@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3D7A5.5040509@pixelhammer.com> Message-ID: <47F4BCB8.7030000@invictawiz.com> DAve wrote: > DAve wrote: > > I moved the incoming dir to a tmpfs mount (mdmfs on freebsd) no change > in processing time. > > I am getting really stumped now. > > DAve > > > What is your hardware? We had random processing times when running 6.2 on one of our servers. (Single P4 dual core) I upgraded in place to 7.0 (using FreeBsd Update (http://www.freebsd.org/releases/7.0R/announce.html) and now the emails don't touch the sides. Getting Sophos to work was a bind though. -- Martyn Routley -------------------------------------------------------- Invictawiz - The Internet in Plain English, Guaranteed web: http://www.invictawiz.com voip: 6000@sip.invictawiz.com phone: 0845 003 9020 Reg Addr: 9 Eastmead Ave, Ashford, Kent, TN23 7SB Co. No: 04253262 -------------------------------------------------------- ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- From dave.list at pixelhammer.com Thu Apr 3 12:44:44 2008 From: dave.list at pixelhammer.com (DAve) Date: Thu Apr 3 12:45:27 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F4913F.7040100@ecs.soton.ac.uk> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> <47F4913F.7040100@ecs.soton.ac.uk> Message-ID: <47F4C32C.5050200@pixelhammer.com> Julian Field wrote: > > > DAve wrote: >> After much plugging away, double checking, triple checking and herding >> of cats I *think* we may out of the woods. I won't know until tomorrow >> AM when traffic picks up again. Here are my findings so far. >> >> MailScanner 4.67.6 >> ClamAV 0.92.1 >> SpamAssassin 3.2.4 >> >> Virus Scanners = [clamav | clamavmodule] - There appears to be no real >> gain in running clamavmodule, some speed increase but not enough to be >> noticed. I have clamavmodule configured just to save some memory. >> >> ClamAV Full Message Scan = yes - That is a killer, it seems to really >> increase processing time. I have it now set to no, and I have removed >> my MSRBL sigs. >> >> Incoming Work Dir = tmpfs (mdmfs in FreeBSD) - Surprisingly little >> difference. I left it on a memory file system for now. >> >> mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it >> claims. SA is still doing rbl checks. I commented out the DNSEval >> plugin in v320.pre file and was rewarded with errors for my effort. >> Not certain what the correct method of disabling rbl checks in SA is >> now. Peter Farrow found a message where this has been seen already. >> http://markmail.org/message/xzqi5fmrbj3tfgg2 >> >> MailScanner batch size - With version 4.54.6 MS processed 10 messages >> per batch and kept up just fine. With version 4.67.6 it will grab 30+ >> messages which takes longer to process. Increasing MS children has no >> effect. More children working slower doesn't process more mail for me. >> I don't see where I can configure this. > "Max Children =" in MailScanner.conf. If you were using > upgrade_MailScanner_conf to upgrade your MailScanner.conf file then this > setting would not have been changed between versions. Do you really copy > over all your settings by hand into the new MailScanner.conf file? Wow! > That must take *hours*. > Nope, I can modify Max Children, my question is can I control how large a batch size each child will process? Previously if I had 500 messages waiting each child would pick up 10 messages, now they will each pick up 30 messages. This is clearly evident in my MRTG graphs where I show over the last four months I never had a batch over 10, yesterday I had batch sizes of 30 for several hours. I do use upgrade_MailScanner_conf, and works a treat ;^) DAve >> >> I am currently seeing processing times of .8 to 20 seconds per >> message, generally around the 2 to 4 seconds mark. This is for batches >> of 1 to 10 messages. I was seeing as much as 800 seconds for a batch >> size of 30 messages this morning. So there has been improvement. >> >> I am compiling my SA rules and I run my RBLs in the MTA (hence why I >> do not want rbl checking in SA). >> >> Overall, my previous install of MS 4.54.6, Clam .92, and SA 3.1.9 >> would run rings around this install. I am seriously contemplating >> rolling back but I am uncertain if I have the original tarball for >> Julian's Clam+SA package. >> >> I believe my issue is configuration of MS or SA at this point. I am >> open to suggestions. >> >> Thanks for the help. >> >> DAve >> > > Jules > -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From dave.list at pixelhammer.com Thu Apr 3 12:46:29 2008 From: dave.list at pixelhammer.com (DAve) Date: Thu Apr 3 12:47:14 2008 Subject: New MS install is slow to an extreme In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0360A9AE@HC-MBX02.herefordshire.gov.uk> References: <47F3CD9F.7070406@pixelhammer.com><47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com><47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> <7EF0EE5CB3B263488C8C18823239BEBA0360A9AE@HC-MBX02.herefordshire.gov.uk> Message-ID: <47F4C395.7010005@pixelhammer.com> Randal, Phil wrote: > Did do an sa-update to get the current SA ruleset? > > If you run > > sa-update -D > > You can visually verify that it's working. Yes I did. I ran sa-compile as well before starting MS. DAve > > Cheers, > > Phil > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve > Sent: 03 April 2008 02:08 > To: MailScanner discussion > Subject: Re: New MS install is slow to an extreme > > After much plugging away, double checking, triple checking and herding > of cats I *think* we may out of the woods. I won't know until tomorrow > AM when traffic picks up again. Here are my findings so far. > > MailScanner 4.67.6 > ClamAV 0.92.1 > SpamAssassin 3.2.4 > > Virus Scanners = [clamav | clamavmodule] - There appears to be no real > gain in running clamavmodule, some speed increase but not enough to be > noticed. I have clamavmodule configured just to save some memory. > > ClamAV Full Message Scan = yes - That is a killer, it seems to really > increase processing time. I have it now set to no, and I have removed my > MSRBL sigs. > > Incoming Work Dir = tmpfs (mdmfs in FreeBSD) - Surprisingly little > difference. I left it on a memory file system for now. > > mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it claims. > SA is still doing rbl checks. I commented out the DNSEval plugin in > v320.pre file and was rewarded with errors for my effort. Not certain > what the correct method of disabling rbl checks in SA is now. Peter > Farrow found a message where this has been seen already. > http://markmail.org/message/xzqi5fmrbj3tfgg2 > > MailScanner batch size - With version 4.54.6 MS processed 10 messages > per batch and kept up just fine. With version 4.67.6 it will grab 30+ > messages which takes longer to process. Increasing MS children has no > effect. More children working slower doesn't process more mail for me. I > don't see where I can configure this. > > I am currently seeing processing times of .8 to 20 seconds per message, > generally around the 2 to 4 seconds mark. This is for batches of 1 to 10 > messages. I was seeing as much as 800 seconds for a batch size of 30 > messages this morning. So there has been improvement. > > I am compiling my SA rules and I run my RBLs in the MTA (hence why I do > not want rbl checking in SA). > > Overall, my previous install of MS 4.54.6, Clam .92, and SA 3.1.9 would > run rings around this install. I am seriously contemplating rolling back > but I am uncertain if I have the original tarball for Julian's Clam+SA > package. > > I believe my issue is configuration of MS or SA at this point. I am open > to suggestions. > > Thanks for the help. > > DAve > > -- > In 50 years, our descendants will look back on the early years of the > internet, and much like we now look back on men with rockets on their > back and feathers glued to their arms, marvel that we had the > intelligence to wipe the drool from our chins. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From lists at openenterprise.ca Thu Apr 3 12:53:13 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Thu Apr 3 12:53:51 2008 Subject: Problem with Sendmail smf-sav Milter Message-ID: <47F4C529.8090603@openenterprise.ca> I recently installed the sendmail smf-sav mitler to do sender and recipient address verification on my MailScanner gateway running the latest release on Centos5. However, the recipient checks dont appear to be working since I still get all the spam coming in to non-existent addresses. I beleive I know where the problem might be. The MailScanner gateway accepts mail for the mydomain.ca domain, but after processing simply forwards to an internal Scalix server through a sendmail mailertable entry. For instance, the email address below, or username, does not exist on the MailScanner gateway running smf-sav. Nor does that email address or account exist on the internal Scalix server, but the message passed recpient verification. recipient check succeeded: Would I need to setup checks through ldap or something to have the smf-sav milter. I know I should be checking the smf-sav forums and so will also check there. Thanks From edward.prendergast at netring.co.uk Thu Apr 3 13:05:34 2008 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Thu Apr 3 13:06:02 2008 Subject: Using watermark to fight spam backscatter Message-ID: <47F4C80E.6020608@netring.co.uk> Hi, More and more of our users are receiving large quantities of spam backscatter. One received 200 messages this week. I've been investigating various options (Postfix rules: http://tinyurl.com/2vdes7, BATV: http://mipassoc.org/batv/) but the easiest to implement seems to be MailScanner's watermarking, especially as my system already uses watermarking (we have a postfix + mailscanner gateway in front of a cPanel exim + mailscanner box). Watermarking is already successfully implemented and working properly between the two machines. I've altered this setting for testing: Treat Invalid Watermarks With No Sender as Spam = 0.1 But after changing this and checking the incoming mail I've noticed a lot of backscatter doesn't come with From: <> but rather real e-mail addresses (e.g. MAILER-DAEMON@mx-8.masterhost.ru). Is this the right area to be looking in? Could this be modified, or should I be using some other feature to help cut down on this? Thanks, Edward ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ From brose at med.wayne.edu Thu Apr 3 13:17:27 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Thu Apr 3 13:18:18 2008 Subject: Using watermark to fight spam backscatter In-Reply-To: <47F4C80E.6020608@netring.co.uk> References: <47F4C80E.6020608@netring.co.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A7618022B@MED-CORE03-MS1.med.wayne.edu> Are you using the vbounce plugin in SpamAssassin? It has rules for that kind of stuff. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Edward Prendergast Sent: Thursday, April 03, 2008 8:06 AM To: MailScanner discussion Subject: Using watermark to fight spam backscatter Hi, More and more of our users are receiving large quantities of spam backscatter. One received 200 messages this week. I've been investigating various options (Postfix rules: http://tinyurl.com/2vdes7, BATV: http://mipassoc.org/batv/) but the easiest to implement seems to be MailScanner's watermarking, especially as my system already uses watermarking (we have a postfix + mailscanner gateway in front of a cPanel exim + mailscanner box). Watermarking is already successfully implemented and working properly between the two machines. I've altered this setting for testing: Treat Invalid Watermarks With No Sender as Spam = 0.1 But after changing this and checking the incoming mail I've noticed a lot of backscatter doesn't come with From: <> but rather real e-mail addresses (e.g. MAILER-DAEMON@mx-8.masterhost.ru). Is this the right area to be looking in? Could this be modified, or should I be using some other feature to help cut down on this? Thanks, Edward ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dave.list at pixelhammer.com Thu Apr 3 13:22:09 2008 From: dave.list at pixelhammer.com (DAve) Date: Thu Apr 3 13:22:52 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F4BCB8.7030000@invictawiz.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3D7A5.5040509@pixelhammer.com> <47F4BCB8.7030000@invictawiz.com> Message-ID: <47F4CBF1.70708@pixelhammer.com> Martyn Routley wrote: > DAve wrote: >> DAve wrote: >> >> I moved the incoming dir to a tmpfs mount (mdmfs on freebsd) no change >> in processing time. >> >> I am getting really stumped now. >> >> DAve >> >> >> > What is your hardware? > We had random processing times when running 6.2 on one of our servers. > (Single P4 dual core) > I upgraded in place to 7.0 (using FreeBsd Update > (http://www.freebsd.org/releases/7.0R/announce.html) and now the emails > don't touch the sides. > Getting Sophos to work was a bind though. > Interesting, do you know the upgrade helped? I am always leery of "upgrade" as a solution unless I know why the upgrade is the solution. Server 1 Intel(R) Xeon(TM) CPU 2.40GHz Quad Core 2GB ram Quatum Atlas SCSI drives, one for the system and one for the spool dir Server 2 Intel(R) Xeon(TM) CPU 2.40GHz Quad Core 2GB ram Maxtor SATA drives, one for the system and one for the spool dir DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From bpirie at rma.edu Thu Apr 3 13:25:19 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Thu Apr 3 13:24:17 2008 Subject: Problem with Sendmail smf-sav Milter In-Reply-To: <47F4C529.8090603@openenterprise.ca> References: <47F4C529.8090603@openenterprise.ca> Message-ID: <47F4CCAF.2010500@rma.edu> Johnny Stork wrote: > I recently installed the sendmail smf-sav mitler to do sender and > recipient address verification on my MailScanner gateway running the > latest release on Centos5. However, the recipient checks dont appear to > be working since I still get all the spam coming in to non-existent > addresses. I beleive I know where the problem might be. The MailScanner > gateway accepts mail for the mydomain.ca domain, but after processing > simply forwards to an internal Scalix server through a sendmail > mailertable entry. For instance, the email address below, or username, > does not exist on the MailScanner gateway running smf-sav. Nor does that > email address or account exist on the internal Scalix server, but the > message passed recpient verification. > > recipient check succeeded: > > Would I need to setup checks through ldap or something to have the > smf-sav milter. I know I should be checking the smf-sav forums and so > will also check there. > > Thanks Johnny, I'm using smf-sav milter with sendmail 8.13.8 and it works wonderfully, without the use of ldap anywhere. My MailStore is running sendmail 8.12.11 (soon to be upgraded). smf-sav uses call-ahead to verify addresses, so ldap isn't necessary, and it should work with any RFC compliant MTA. If you can post your configs for sendmail and smf-sav I/we can take a look. I do recall running into an issue where the documentation on adding smf-sav milter to sendmail.mc was outdated for recent sendmail versions. Brendan From gmatt at nerc.ac.uk Thu Apr 3 13:49:35 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Apr 3 13:50:35 2008 Subject: SA times out In-Reply-To: <47F3AA32.50303@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> Message-ID: <47F4D25F.5040806@nerc.ac.uk> Julian Field wrote: >>> but perhaps a feature request could be a >>> CLI switch to specify the message ID so MS only scans the particular >>> message(s) that you're interested in observing. >>> >> Good idea. I'll take a look. Would a single ID do? excellent idea, I was going to suggest that you could implement it as a queue directory so that you could copy one or more messages into the queue and point MS at it. > All done. It will be in the next release. oops, too late! GREG > > Jules > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From MailScanner at ecs.soton.ac.uk Thu Apr 3 14:17:26 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 3 14:18:12 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F4C32C.5050200@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> <47F4913F.7040100@ecs.soton.ac.uk> <47F4C32C.5050200@pixelhammer.com> Message-ID: <47F4D8E6.3050303@ecs.soton.ac.uk> DAve wrote: > Julian Field wrote: >> >> >> DAve wrote: >>> After much plugging away, double checking, triple checking and >>> herding of cats I *think* we may out of the woods. I won't know >>> until tomorrow AM when traffic picks up again. Here are my findings >>> so far. >>> >>> MailScanner 4.67.6 >>> ClamAV 0.92.1 >>> SpamAssassin 3.2.4 >>> >>> Virus Scanners = [clamav | clamavmodule] - There appears to be no >>> real gain in running clamavmodule, some speed increase but not >>> enough to be noticed. I have clamavmodule configured just to save >>> some memory. >>> >>> ClamAV Full Message Scan = yes - That is a killer, it seems to >>> really increase processing time. I have it now set to no, and I have >>> removed my MSRBL sigs. >>> >>> Incoming Work Dir = tmpfs (mdmfs in FreeBSD) - Surprisingly little >>> difference. I left it on a memory file system for now. >>> >>> mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it >>> claims. SA is still doing rbl checks. I commented out the DNSEval >>> plugin in v320.pre file and was rewarded with errors for my effort. >>> Not certain what the correct method of disabling rbl checks in SA is >>> now. Peter Farrow found a message where this has been seen already. >>> http://markmail.org/message/xzqi5fmrbj3tfgg2 >>> >>> MailScanner batch size - With version 4.54.6 MS processed 10 >>> messages per batch and kept up just fine. With version 4.67.6 it >>> will grab 30+ messages which takes longer to process. Increasing MS >>> children has no effect. More children working slower doesn't process >>> more mail for me. I don't see where I can configure this. >> "Max Children =" in MailScanner.conf. If you were using >> upgrade_MailScanner_conf to upgrade your MailScanner.conf file then >> this setting would not have been changed between versions. Do you >> really copy over all your settings by hand into the new >> MailScanner.conf file? Wow! That must take *hours*. >> > > Nope, I can modify Max Children, my question is can I control how > large a batch size each child will process? Previously if I had 500 > messages waiting each child would pick up 10 messages, now they will > each pick up 30 messages. This is clearly evident in my MRTG graphs > where I show over the last four months I never had a batch over 10, > yesterday I had batch sizes of 30 for several hours. Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 > > I do use upgrade_MailScanner_conf, and works a treat ;^) Phew! You had me worried for a moment there :-) > > DAve > >>> >>> I am currently seeing processing times of .8 to 20 seconds per >>> message, generally around the 2 to 4 seconds mark. This is for >>> batches of 1 to 10 messages. I was seeing as much as 800 seconds for >>> a batch size of 30 messages this morning. So there has been >>> improvement. >>> >>> I am compiling my SA rules and I run my RBLs in the MTA (hence why I >>> do not want rbl checking in SA). >>> >>> Overall, my previous install of MS 4.54.6, Clam .92, and SA 3.1.9 >>> would run rings around this install. I am seriously contemplating >>> rolling back but I am uncertain if I have the original tarball for >>> Julian's Clam+SA package. >>> >>> I believe my issue is configuration of MS or SA at this point. I am >>> open to suggestions. >>> >>> Thanks for the help. >>> >>> DAve >>> >> >> Jules >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Apr 3 14:24:22 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 3 14:24:57 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F42DF8.9080801@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> Message-ID: <223f97700804030624w7011f33cr6f7b354e3607904d@mail.gmail.com> On 03/04/2008, DAve wrote: (snip) > mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it claims. SA > is still doing rbl checks. I commented out the DNSEval plugin in v320.pre > file and was rewarded with errors for my effort. Not certain what the > correct method of disabling rbl checks in SA is now. Peter Farrow found a > message where this has been seen already. > http://markmail.org/message/xzqi5fmrbj3tfgg2 (snip) So the previous version(s) ran without RBL checking in MS or SA? And now you get RBLs in SA regardless...? That would indeed be a killer:-). Tried setting "dns_available no", with same result? Perhaps not what you want... And BTW... You don't load teh ASN plugin, right? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 3 14:30:59 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 3 14:31:34 2008 Subject: Problem with Sendmail smf-sav Milter In-Reply-To: <47F4CCAF.2010500@rma.edu> References: <47F4C529.8090603@openenterprise.ca> <47F4CCAF.2010500@rma.edu> Message-ID: <223f97700804030630y62778f42r34ac546cc1648434@mail.gmail.com> On 03/04/2008, Brendan Pirie wrote: > Johnny Stork wrote: > > > I recently installed the sendmail smf-sav mitler to do sender and > recipient address verification on my MailScanner gateway running the latest > release on Centos5. However, the recipient checks dont appear to be working > since I still get all the spam coming in to non-existent addresses. I > beleive I know where the problem might be. The MailScanner gateway accepts > mail for the mydomain.ca domain, but after processing simply forwards to an > internal Scalix server through a sendmail mailertable entry. For instance, > the email address below, or username, does not exist on the MailScanner > gateway running smf-sav. Nor does that email address or account exist on the > internal Scalix server, but the message passed recpient verification. > > > > recipient check succeeded: > > > > Would I need to setup checks through ldap or something to have the smf-sav > milter. I know I should be checking the smf-sav forums and so will also > check there. > > > > Thanks > > > > Johnny, > > I'm using smf-sav milter with sendmail 8.13.8 and it works wonderfully, > without the use of ldap anywhere. My MailStore is running sendmail 8.12.11 > (soon to be upgraded). smf-sav uses call-ahead to verify addresses, so ldap > isn't necessary, and it should work with any RFC compliant MTA. If you can > post your configs for sendmail and smf-sav I/we can take a look. I do > recall running into an issue where the documentation on adding smf-sav > milter to sendmail.mc was outdated for recent sendmail versions. > > Brendan > Might be it... Or the Scalix box might be misconfigured, accepting anything... You know ... "It's important we get all mails, even the typo'd ones, so we setup a catchall mailbox"... Or similar stupidity:-). Johnny, use telnet (from your MailScanner box) to verify that the Scalix box does the right thing (look in the MS wiki for how to do this... Somewhere like http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Thu Apr 3 14:31:17 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 3 14:32:14 2008 Subject: Using watermark to fight spam backscatter In-Reply-To: <47F4C80E.6020608@netring.co.uk> References: <47F4C80E.6020608@netring.co.uk> Message-ID: Edward Prendergast wrote on Thu, 03 Apr 2008 13:05:34 +0100: > But after changing this and checking the incoming mail I've noticed > a lot of backscatter doesn't come with From: <> but rather real > e-mail addresses (e.g. MAILER-DAEMON@mx-8.masterhost.ru). Are you sure that this is the *envelope-from* ? The *mail header* may indeed contain an address like the above! Be aware that using watermarking to reject may also reject legitimate mail and receipts. Search this list for old discussions about this. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From edward.prendergast at netring.co.uk Thu Apr 3 14:47:28 2008 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Thu Apr 3 14:47:57 2008 Subject: Using watermark to fight spam backscatter In-Reply-To: <610C64469748E84DB6BDD5BD23F01A7618022B@MED-CORE03-MS1.med.wayne.edu> References: <47F4C80E.6020608@netring.co.uk> <610C64469748E84DB6BDD5BD23F01A7618022B@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47F4DFF0.4010701@netring.co.uk> Rose, Bobby wrote: > Are you using the vbounce plugin in SpamAssassin? It has rules for that > kind of stuff. > No - I'm not using this plugin, I will check it out. Are you using it with success? ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ From dave.list at pixelhammer.com Thu Apr 3 15:03:15 2008 From: dave.list at pixelhammer.com (DAve) Date: Thu Apr 3 15:04:02 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F4D8E6.3050303@ecs.soton.ac.uk> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> <47F4913F.7040100@ecs.soton.ac.uk> <47F4C32C.5050200@pixelhammer.com> <47F4D8E6.3050303@ecs.soton.ac.uk> Message-ID: <47F4E3A3.5040607@pixelhammer.com> Julian Field wrote: > > > DAve wrote: >> Julian Field wrote: >>> >>> >>> DAve wrote: >>>> After much plugging away, double checking, triple checking and >>>> herding of cats I *think* we may out of the woods. I won't know >>>> until tomorrow AM when traffic picks up again. Here are my findings >>>> so far. >>>> >>>> MailScanner 4.67.6 >>>> ClamAV 0.92.1 >>>> SpamAssassin 3.2.4 >>>> >>>> Virus Scanners = [clamav | clamavmodule] - There appears to be no >>>> real gain in running clamavmodule, some speed increase but not >>>> enough to be noticed. I have clamavmodule configured just to save >>>> some memory. >>>> >>>> ClamAV Full Message Scan = yes - That is a killer, it seems to >>>> really increase processing time. I have it now set to no, and I have >>>> removed my MSRBL sigs. >>>> >>>> Incoming Work Dir = tmpfs (mdmfs in FreeBSD) - Surprisingly little >>>> difference. I left it on a memory file system for now. >>>> >>>> mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it >>>> claims. SA is still doing rbl checks. I commented out the DNSEval >>>> plugin in v320.pre file and was rewarded with errors for my effort. >>>> Not certain what the correct method of disabling rbl checks in SA is >>>> now. Peter Farrow found a message where this has been seen already. >>>> http://markmail.org/message/xzqi5fmrbj3tfgg2 >>>> >>>> MailScanner batch size - With version 4.54.6 MS processed 10 >>>> messages per batch and kept up just fine. With version 4.67.6 it >>>> will grab 30+ messages which takes longer to process. Increasing MS >>>> children has no effect. More children working slower doesn't process >>>> more mail for me. I don't see where I can configure this. >>> "Max Children =" in MailScanner.conf. If you were using >>> upgrade_MailScanner_conf to upgrade your MailScanner.conf file then >>> this setting would not have been changed between versions. Do you >>> really copy over all your settings by hand into the new >>> MailScanner.conf file? Wow! That must take *hours*. >>> >> >> Nope, I can modify Max Children, my question is can I control how >> large a batch size each child will process? Previously if I had 500 >> messages waiting each child would pick up 10 messages, now they will >> each pick up 30 messages. This is clearly evident in my MRTG graphs >> where I show over the last four months I never had a batch over 10, >> yesterday I had batch sizes of 30 for several hours. > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 I thought so, but my setting is unchanged from the default on the old and the new installs. Which is why I doubted my understanding of the option. At this point, 10:00am, we have survived the morning rush of email with no obvious issues and mail is flowing nicely. My largest number of waiting messages has been 120 (yesterday it was 2k at this time, 4k by noon). DAve > >> >> I do use upgrade_MailScanner_conf, and works a treat ;^) > Phew! You had me worried for a moment there :-) > >> >> DAve >> >>>> >>>> I am currently seeing processing times of .8 to 20 seconds per >>>> message, generally around the 2 to 4 seconds mark. This is for >>>> batches of 1 to 10 messages. I was seeing as much as 800 seconds for >>>> a batch size of 30 messages this morning. So there has been >>>> improvement. >>>> >>>> I am compiling my SA rules and I run my RBLs in the MTA (hence why I >>>> do not want rbl checking in SA). >>>> >>>> Overall, my previous install of MS 4.54.6, Clam .92, and SA 3.1.9 >>>> would run rings around this install. I am seriously contemplating >>>> rolling back but I am uncertain if I have the original tarball for >>>> Julian's Clam+SA package. >>>> >>>> I believe my issue is configuration of MS or SA at this point. I am >>>> open to suggestions. >>>> >>>> Thanks for the help. >>>> >>>> DAve >>>> >>> >>> Jules >>> >> >> > > Jules > -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From dave.list at pixelhammer.com Thu Apr 3 15:05:30 2008 From: dave.list at pixelhammer.com (DAve) Date: Thu Apr 3 15:05:50 2008 Subject: New MS install is slow to an extreme In-Reply-To: <223f97700804030624w7011f33cr6f7b354e3607904d@mail.gmail.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> <223f97700804030624w7011f33cr6f7b354e3607904d@mail.gmail.com> Message-ID: <47F4E42A.4030307@pixelhammer.com> Glenn Steen wrote: > On 03/04/2008, DAve wrote: > (snip) >> mailscanner.cf -> skip_rbl_checks 1 - Oddly does not do what it claims. SA >> is still doing rbl checks. I commented out the DNSEval plugin in v320.pre >> file and was rewarded with errors for my effort. Not certain what the >> correct method of disabling rbl checks in SA is now. Peter Farrow found a >> message where this has been seen already. >> http://markmail.org/message/xzqi5fmrbj3tfgg2 > (snip) > So the previous version(s) ran without RBL checking in MS or SA? And > now you get RBLs in SA regardless...? That would indeed be a > killer:-). > > Tried setting "dns_available no", with same result? Perhaps not what > you want... And BTW... You don't load teh ASN plugin, right? > dns_available_no? I should read about that rule again. No to the ASN plugin. DAve > Cheers -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From dominian at slackadelic.com Thu Apr 3 15:16:56 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Thu Apr 3 15:17:44 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F4E3A3.5040607@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> <47F4913F.7040100@ecs.soton.ac.uk> <47F4C32C.5050200@pixelhammer.com> <47F4D8E6.3050303@ecs.soton.ac.uk> <47F4E3A3.5040607@pixelhammer.com> Message-ID: <47F4E6D8.7090406@slackadelic.com> DAve wrote: > > At this point, 10:00am, we have survived the morning rush of email with > no obvious issues and mail is flowing nicely. My largest number of > waiting messages has been 120 (yesterday it was 2k at this time, 4k by > noon). > > DAve Stop the madness!! :) -Matt From steve.freegard at fsl.com Thu Apr 3 15:20:31 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Apr 3 15:22:26 2008 Subject: Problem with Sendmail smf-sav Milter In-Reply-To: <223f97700804030630y62778f42r34ac546cc1648434@mail.gmail.com> References: <47F4C529.8090603@openenterprise.ca> <47F4CCAF.2010500@rma.edu> <223f97700804030630y62778f42r34ac546cc1648434@mail.gmail.com> Message-ID: <47F4E7AF.2050807@fsl.com> Glenn Steen wrote: > Might be it... Or the Scalix box might be misconfigured, accepting > anything... You know ... "It's important we get all mails, even the > typo'd ones, so we setup a catchall mailbox"... Or similar > stupidity:-). If this is the case then it goes to show how much better milter-ahead is as it actually verifies that the remote-end is capable of rejecting invalid recipients to prevent continual call-aheads to a host that isn't capable. You can then check the cache database (easy if you use the SQLite3 DB) and get a list of the servers that can't do this. Regards, Steve. From mailscanner at tecnowaydigital.com.br Thu Apr 3 15:39:53 2008 From: mailscanner at tecnowaydigital.com.br (TecnoWay Digital) Date: Thu Apr 3 15:41:28 2008 Subject: MailScanner ignoring some rules In-Reply-To: <47F46B28.2050507@vanderkooij.org> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> Message-ID: For example: %rules-dir%/scan.messages.rules then content of scan.messages.rules file is: FromOrTo: marketing@silmaq.com.br no FromOrTo: default yes On a server with mailscanner-4.46.2-2 (the rule works) but another server with mailscanner-4.68.8-1 the rule doesn't work the mailbox marketing@silmaq.com.br continue has still being processed by mailscanner. To certify that using the correct MailScanner.conf after upgrade, I'd put a wrong set example "Sca Messages" and MailScanner report syntax error. Best Regards ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner discussion" Sent: Thursday, April 03, 2008 2:29 AM Subject: Re: MailScanner ignoring some rules > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > mailscanner@tecnowaydigital.com.br wrote: > > | At MailScanner recent versions, when I set some rules like: > | Scan Messages = /etc/MailScanner/rules/scan.messages.rules > | or > | Filename Rules = /etc/MailScanner/filename.rules > | > | The MailScanner simply ignore the rules and don't print any error > message. > > Since you didn not include anything about the rules you have there we > must assume MS is right and your rules are wrong. In what way we can not > tell you by lack of any information. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFH9GslBvzDRVjxmYERAiOiAKCcKHWSpoYBUC+M2k0uPSEhertCnACfQEa+ > KnYl0Qt9kzlzy4m99EgvKhU= > =LsQL > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mkercher at nfsmith.com Thu Apr 3 15:50:13 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Apr 3 15:51:15 2008 Subject: File Type Check Problem Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> I've been searching and haven't found a resolution for this yet. Periodically, we get emails with attachments coming through that are not being detected properly. MailScanner reports: MailScanner: No programs allowed (msg-10410-101.txt) If I go look at the quarantined email in MailWatch and download the attachment, it is a PDF. There was talk of the file -i command switch. Is this something that needs to be set in MailScanner.conf? TIA Mike From peter at farrows.org Thu Apr 3 16:02:14 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Apr 3 16:03:02 2008 Subject: Error when update Geoip In-Reply-To: <20080403091800.C35B0233C8@ws5-3.us4.outblaze.com> References: <20080403091800.C35B0233C8@ws5-3.us4.outblaze.com> Message-ID: <47F4F176.1070305@farrows.org> Linuxmail R. wrote: > Dear All > > I got this error when i update GeoIp,pls help me. thx.. > ------------------------------------------------------------------- > Downloading file, please wait.... > Error executing query: > > Access denied for user 'mailwatch'@'localhost' (using password: YES) > > SQL: > > LOAD DATA INFILE '/home/crisgo/mailscanner/temp/GeoIPCountryWhois.csv' INTO TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '"' > > -------------------------------------------------- > Linuxmail Rapin P. > > > = > > > The mysql database password for the user "mailwatch" is incorrect, or is not set for access from Localhost. You'll need to execute a command like this from the mysql CLI: GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY 'mailwatch'; If your database is called "mailscanner" Regards Pete From lists at openenterprise.ca Thu Apr 3 16:45:19 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Thu Apr 3 16:45:57 2008 Subject: Problem with Sendmail smf-sav Milter In-Reply-To: <47F4CCAF.2010500@rma.edu> References: <47F4C529.8090603@openenterprise.ca> <47F4CCAF.2010500@rma.edu> Message-ID: <47F4FB8F.7020607@openenterprise.ca> Here are those files and thanks for offering to take a look. My MailScanner machine has only an internal non-routable ip in a DMZ (192.168.10.2) which accepts external SMTP connection routed from the firewall. The Scalix server is also internal with the ip 192.168.1.3. I also changed the "MailStore johnnystork.ca " settings to "MailStore 192.168.1.3" but this did not make any difference. sendmail.mc (last line is smf rule) divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl dnl # dnl # Do not advertize sendmail version. dnl # dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST', `smtp.your.provider')dnl dnl # define(`confDEF_USER_ID', ``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST', `True')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # Please remember that saslauthd needs to be running for AUTH. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # cd /usr/share/ssl/certs; make sendmail.pem dnl # Complete usage: dnl # make -C /usr/share/ssl/certs usage dnl # dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa', `dnl')dnl FEATURE(`smrsh', `/usr/sbin/smrsh')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The following limits the number of processes sendmail can fork to accept dnl # incoming messages or process its message queues to 20.) sendmail refuses dnl # to accept connections once it has reached its quota of child processes. dnl # dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl dnl # dnl # Limits the number of new connections per second. This caps the overhead dnl # incurred due to forking new sendmail processes. May be useful against dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address dnl # limit would be useful but is not available as an option at this writing.) dnl # dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment dnl # the following 2 definitions and activate below in the MAILER section the dnl # cyrusv2 mailer. dnl # dnl define(`confLOCAL_MAILER', `cyrusv2')dnl dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # enable both ipv6 and ipv4 in sendmail: dnl # dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`openenterprise.ca')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl dnl # START ADDED BY JPS FROM http://www.leap-cf.org/presentations/MailScanner/MailScanner.html define(`confDOUBLE_BOUNCE_ADDRESS', `')dnl dnl # define(`confBAD_RCPT_THROTTLE', `1')dnl dnl # define(`confCONNECTION_RATE_THROTTLE', `100')dnl dnl # define(`confMAX_DAEMON_CHILDREN', `500')dnl dnl # define(`confQUEUE_LA', `5')dnl define(`confREFUSE_LA', `10')dnl dnl # define(`confTO_ICONNECT', `15s')dnl define(`confTO_CONNECT', `3m')dnl define(`confTO_HELO', `2m')dnl define(`confTO_MAIL', `1m')dnl define(`confTO_RCPT', `1m')dnl define(`confTO_DATAINIT', `1m')dnl define(`confTO_DATABLOCK', `1m')dnl define(`confTO_DATAFINAL', `1m')dnl define(`confTO_RSET', `1m')dnl define(`confTO_QUIT', `1m')dnl define(`confTO_MISC', `1m')dnl define(`confTO_COMMAND', `1m')dnl define(`confTO_STARTTLS', `2m')dnl dnl # FEATURE(access_db)dnl FEATURE(`greet_pause',10000) dnl # dnl # dnl# FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net"')dnl dnl# FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " $&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl dnl# FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " $&{client_addr} " found in bl.spamcop.net"')dnl dnl# FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " $&{client_addr} " found in chinanet.blackholes.us"')dnl dnl# FEATURE(`dnsbl',`zen.spamhaus.org', `"554 Rejected " $&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl DAEMON_OPTIONS(`Addr=192.168.10.2')dnl dnl # END ADDED BY JPS FROM http://www.leap-cf.org/presentations/MailScanner/MailScanner.html MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/run/smfs/smf-sav.sock, T=S:30s;R:4m')dnl smf-sav.conf: # /etc/mail/smfs/smf-sav.conf # # smf-sav configuration file v1.4.0 (it's read at start) # # Whitelist by a sender IP address # # The syntax is an IP address followed by a slash # and a CIDR netmask (if the netmask is omitted, /32 is assumed) # WhitelistIP 127.0.0.0/8 WhitelistIP 10.0.0.0/8 WhitelistIP 172.16.0.0/12 WhitelistIP 192.168.0.0/16 # Whitelist by a sender PTR (reverse DNS) record # # Performs a case insensitive substring match # #WhitelistPTR .friendlydomain.tld #WhitelistPTR friendlyhost.friendlydomain.tld # Whitelist by an envelope sender e-Mail address # # Performs a case insensitive substring match # #WhitelistFrom friend@ #WhitelistFrom @friendlydomain.tld #WhitelistFrom friend@friendlydomain.tld # Whitelist by an envelope recipient e-Mail address # # Performs a case insensitive substring match # #WhitelistTo postmaster@ #WhitelistTo abuse@ #WhitelistTo spamlover@yourdomain.tld #WhitelistTo @yourspamloverdomain.tld # FQDN of the publicly visible IP address of the interface # of an outgoing connection of your Sendmail daemon # It will be used with the SMTP HELO command for SAV and RAV # PublicName johnnystork.ca # it *MUST* be corrected properly # Any valid e-Mail address of your local domain for the safe call-out purposes # SafeCallBack stork@johnnystork.ca # it *MUST* be corrected properly # Sender e-Mail Address Verification # # Default: on # #SAV on # (on|off) # Ignore tempfailed results of SAV # # Default: off # #IgnoreTempFail off # (on|off) # Refuse e-Mail messages from systems that don't accept the null reverse-path <> # # Default: off # #BlockIgnorants off # (on|off) # Recipient e-Mail Address Verification # # Primary authoritative e-Mail store hostname (IP address) or # the hostname (IP address) associated with the interface # of an incoming connection of your Sendmail daemon # In most cases it will be equal to the PublicName value # Do not set to 'localhost' or 127.0.0.1 # MailStore johnnystork.ca # uncomment and set it properly # In-memory cache engine TTL settings # # The time is given in seconds, except if a unit is given: # m for minutes, h for hours, and d for days # Specify zero to disable caching of particular items # # Defaults: # #FromPassTTL 1d # senders that successfully pass the MX callback test # #FromTFailTTL 5m # senders that pass the MX callback test with tempfail results # #FromFailTTL 1h # senders that did not successfully pass the MX callback test # #ToPassTTL 1h # recipients that successfully pass the call ahead test # #ToTFailTTL 5m # recipients that pass the call ahead test with tempfail results # #ToFailTTL 1h # recipients that did not successfully pass the call ahead test # Run as a selected user (smf-sav must be started by root) # # Default: smfs # #User smfs # Socket used to communicate with a Sendmail daemon # # Default: unix:/var/run/smfs/smf-sav.sock # #Socket unix:/var/run/smfs/smf-sav.sock # Facility for logging via a Syslog daemon # # Default: mail # #Syslog mail # (daemon|mail|local0...local7) Brendan Pirie wrote: > Johnny Stork wrote: >> I recently installed the sendmail smf-sav mitler to do sender and >> recipient address verification on my MailScanner gateway running the >> latest release on Centos5. However, the recipient checks dont appear >> to be working since I still get all the spam coming in to >> non-existent addresses. I beleive I know where the problem might be. >> The MailScanner gateway accepts mail for the mydomain.ca domain, but >> after processing simply forwards to an internal Scalix server through >> a sendmail mailertable entry. For instance, the email address below, >> or username, does not exist on the MailScanner gateway running >> smf-sav. Nor does that email address or account exist on the internal >> Scalix server, but the message passed recpient verification. >> >> recipient check succeeded: >> >> Would I need to setup checks through ldap or something to have the >> smf-sav milter. I know I should be checking the smf-sav forums and so >> will also check there. >> >> Thanks > > Johnny, > > I'm using smf-sav milter with sendmail 8.13.8 and it works > wonderfully, without the use of ldap anywhere. My MailStore is > running sendmail 8.12.11 (soon to be upgraded). smf-sav uses > call-ahead to verify addresses, so ldap isn't necessary, and it should > work with any RFC compliant MTA. If you can post your configs for > sendmail and smf-sav I/we can take a look. I do recall running into > an issue where the documentation on adding smf-sav milter to > sendmail.mc was outdated for recent sendmail versions. > > Brendan > From ryanb at aacrao.org Thu Apr 3 16:53:55 2008 From: ryanb at aacrao.org (Ryan Bingham) Date: Thu Apr 3 16:55:24 2008 Subject: perl with threading enabled: bad? Message-ID: <47F4FD93.5010001@aacrao.org> Hi All, I checked the archives but couldn't find the answer to this question, so I apologize if it has be previously addressed. We recently upgraded from MailScanner 4.56.8 to 4.68.8. Everything went well and we're not experiencing any problems, but I did have a question about a comment Julian makes during the install script. At one point it says: *** You are using a perl configured with threading enabled. *** You should be aware that using multiple threads is *** not recommended for production environments. We are running perl v5.8.8 on CentOS 5.1 and threading is enabled (we see "usethreads=define" when we run perl -V). Is this bad? Is there a way to turn it off? Thanks again and sorry if this has already been discussed. Cheers! Ryan -- Ryan Bingham Chief Information Officer AACRAO 202-263-0295 ryanb@aacrao.org From bpirie at rma.edu Thu Apr 3 17:32:50 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Thu Apr 3 17:31:52 2008 Subject: Problem with Sendmail smf-sav Milter In-Reply-To: <47F4FB8F.7020607@openenterprise.ca> References: <47F4C529.8090603@openenterprise.ca> <47F4CCAF.2010500@rma.edu> <47F4FB8F.7020607@openenterprise.ca> Message-ID: <47F506B2.600@rma.edu> Johnny Stork wrote: > Here are those files and thanks for offering to take a look. My > MailScanner machine has only an internal non-routable ip in a DMZ > (192.168.10.2) which accepts external SMTP connection routed from the > firewall. The Scalix server is also internal with the ip 192.168.1.3. I > also changed the "MailStore johnnystork.ca " settings to > "MailStore 192.168.1.3" but this did not make any difference. > > > sendmail.mc (last line is smf rule) > > divert(-1)dnl > dnl # > dnl # This is the sendmail macro config file for m4. If you make changes to > dnl # /etc/mail/sendmail.mc, you will need to regenerate the > dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf > package is > dnl # installed and then performing a > dnl # > dnl # make -C /etc/mail > dnl # > include(`/usr/share/sendmail-cf/m4/cf.m4')dnl > VERSIONID(`setup for linux')dnl > OSTYPE(`linux')dnl > dnl # > dnl # Do not advertize sendmail version. > dnl # > dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl > dnl # > dnl # default logging level is 9, you might want to set it higher to > dnl # debug the configuration > dnl # > dnl define(`confLOG_LEVEL', `9')dnl > dnl # > dnl # Uncomment and edit the following line if your outgoing mail needs to > dnl # be sent out through an external mail server: > dnl # > dnl define(`SMART_HOST', `smtp.your.provider')dnl > dnl # > define(`confDEF_USER_ID', ``8:12'')dnl > dnl define(`confAUTO_REBUILD')dnl > define(`confTO_CONNECT', `1m')dnl > define(`confTRY_NULL_MX_LIST', `True')dnl > define(`confDONT_PROBE_INTERFACES', `True')dnl > define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl > define(`ALIAS_FILE', `/etc/aliases')dnl > define(`STATUS_FILE', `/var/log/mail/statistics')dnl > define(`UUCP_MAILER_MAX', `2000000')dnl > define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl > define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl > define(`confAUTH_OPTIONS', `A')dnl > dnl # > dnl # The following allows relaying if the user authenticates, and > disallows > dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links > dnl # > dnl define(`confAUTH_OPTIONS', `A p')dnl > dnl # > dnl # PLAIN is the preferred plaintext authentication method and used by > dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do > dnl # use LOGIN. Other mechanisms should be used if the connection is not > dnl # guaranteed secure. > dnl # Please remember that saslauthd needs to be running for AUTH. > dnl # > dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 > LOGIN PLAIN')dnl > dnl # > dnl # Rudimentary information on creating certificates for sendmail TLS: > dnl # cd /usr/share/ssl/certs; make sendmail.pem > dnl # Complete usage: > dnl # make -C /usr/share/ssl/certs usage > dnl # > dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl > dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl > dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl > dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl > dnl # > dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's > dnl # slapd, which requires the file to be readble by group ldap > dnl # > dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl > dnl # > dnl define(`confTO_QUEUEWARN', `4h')dnl > dnl define(`confTO_QUEUERETURN', `5d')dnl > dnl define(`confQUEUE_LA', `12')dnl > dnl define(`confREFUSE_LA', `18')dnl > define(`confTO_IDENT', `0')dnl > dnl FEATURE(delay_checks)dnl > FEATURE(`no_default_msa', `dnl')dnl > FEATURE(`smrsh', `/usr/sbin/smrsh')dnl > FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl > FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl > FEATURE(redirect)dnl > FEATURE(always_add_domain)dnl > FEATURE(use_cw_file)dnl > FEATURE(use_ct_file)dnl > dnl # > dnl # The following limits the number of processes sendmail can fork to > accept > dnl # incoming messages or process its message queues to 20.) sendmail > refuses > dnl # to accept connections once it has reached its quota of child > processes. > dnl # > dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl > dnl # > dnl # Limits the number of new connections per second. This caps the > overhead > dnl # incurred due to forking new sendmail processes. May be useful against > dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP > address > dnl # limit would be useful but is not available as an option at this > writing.) > dnl # > dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl > dnl # > dnl # The -t option will retry delivery if e.g. the user runs over his > quota. > dnl # > FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl > FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl > FEATURE(`blacklist_recipients')dnl > EXPOSED_USER(`root')dnl > dnl # > dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery > uncomment > dnl # the following 2 definitions and activate below in the MAILER > section the > dnl # cyrusv2 mailer. > dnl # > dnl define(`confLOCAL_MAILER', `cyrusv2')dnl > dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl > dnl # > dnl # The following causes sendmail to only listen on the IPv4 loopback > address > dnl # 127.0.0.1 and not on any other network devices. Remove the loopback > dnl # address restriction to accept email from the internet or intranet. > dnl # > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > dnl # > dnl # The following causes sendmail to additionally listen to port 587 for > dnl # mail from MUAs that authenticate. Roaming users who can't reach their > dnl # preferred sendmail daemon due to port 25 being blocked or > redirected find > dnl # this useful. > dnl # > dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl > dnl # > dnl # The following causes sendmail to additionally listen to port 465, but > dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 > followed > dnl # by STARTTLS is preferred, but roaming clients using Outlook > Express can't > dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use > STARTTLS > dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps > dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. > dnl # > dnl # For this to work your OpenSSL certificates must be configured. > dnl # > dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > dnl # > dnl # The following causes sendmail to additionally listen on the IPv6 > loopback > dnl # device. Remove the loopback address restriction listen to the > network. > dnl # > dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl > dnl # > dnl # enable both ipv6 and ipv4 in sendmail: > dnl # > dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') > dnl # > dnl # We strongly recommend not accepting unresolvable domains if you > want to > dnl # protect yourself from spam. However, the laptop and users on > computers > dnl # that do not have 24x7 DNS do need this. > dnl # > FEATURE(`accept_unresolvable_domains')dnl > dnl # > dnl FEATURE(`relay_based_on_MX')dnl > dnl # > dnl # Also accept email sent to "localhost.localdomain" as local email. > dnl # > LOCAL_DOMAIN(`localhost.localdomain')dnl > dnl # > dnl # The following example makes mail from this host and any additional > dnl # specified domains appear to be sent from mydomain.com > dnl # > dnl MASQUERADE_AS(`openenterprise.ca')dnl > dnl # > dnl # masquerade not just the headers, but the envelope as well > dnl # > dnl FEATURE(masquerade_envelope)dnl > dnl # > dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com > as well > dnl # > dnl FEATURE(masquerade_entire_domain)dnl > dnl # > dnl MASQUERADE_DOMAIN(localhost)dnl > dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl > dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl > dnl MASQUERADE_DOMAIN(mydomain.lan)dnl > dnl # START ADDED BY JPS FROM > http://www.leap-cf.org/presentations/MailScanner/MailScanner.html > define(`confDOUBLE_BOUNCE_ADDRESS', `')dnl > dnl # > define(`confBAD_RCPT_THROTTLE', `1')dnl > dnl # > define(`confCONNECTION_RATE_THROTTLE', `100')dnl > dnl # > define(`confMAX_DAEMON_CHILDREN', `500')dnl > dnl # > define(`confQUEUE_LA', `5')dnl > define(`confREFUSE_LA', `10')dnl > dnl # > define(`confTO_ICONNECT', `15s')dnl > define(`confTO_CONNECT', `3m')dnl > define(`confTO_HELO', `2m')dnl > define(`confTO_MAIL', `1m')dnl > define(`confTO_RCPT', `1m')dnl > define(`confTO_DATAINIT', `1m')dnl > define(`confTO_DATABLOCK', `1m')dnl > define(`confTO_DATAFINAL', `1m')dnl > define(`confTO_RSET', `1m')dnl > define(`confTO_QUIT', `1m')dnl > define(`confTO_MISC', `1m')dnl > define(`confTO_COMMAND', `1m')dnl > define(`confTO_STARTTLS', `2m')dnl > dnl # > FEATURE(access_db)dnl > FEATURE(`greet_pause',10000) > dnl # > dnl # > dnl# FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} > " found in dnsbl.sorbs.net"')dnl > dnl# FEATURE(`dnsbl', `dnsbl.njabl.org', `"554 Rejected " > $&{client_addr} " - see http://dnsbl.njabl.org/method.html"')dnl > dnl# FEATURE(`dnsbl', `bl.spamcop.net', `"554 Rejected " > $&{client_addr} " found in bl.spamcop.net"')dnl > dnl# FEATURE(`dnsbl', `chinanet.blackholes.us', `"554 Rejected " > $&{client_addr} " found in chinanet.blackholes.us"')dnl > dnl# FEATURE(`dnsbl',`zen.spamhaus.org', `"554 Rejected " > $&{client_addr} " - see http://www.spamhaus.org/SBL/"')dnl > DAEMON_OPTIONS(`Addr=192.168.10.2')dnl > dnl # END ADDED BY JPS FROM > http://www.leap-cf.org/presentations/MailScanner/MailScanner.html > MAILER(smtp)dnl > MAILER(procmail)dnl > dnl MAILER(cyrusv2)dnl > define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl The above line needs to be commented out (or removed), unless you're using a fairly outdated version of sendmail. This is where the documentation is outdated. dnl define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl > INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/run/smfs/smf-sav.sock, > T=S:30s;R:4m')dnl > > > smf-sav.conf: > > # /etc/mail/smfs/smf-sav.conf > # > # smf-sav configuration file v1.4.0 (it's read at start) > # > > # Whitelist by a sender IP address > # > # The syntax is an IP address followed by a slash > # and a CIDR netmask (if the netmask is omitted, /32 is assumed) > # > WhitelistIP 127.0.0.0/8 > WhitelistIP 10.0.0.0/8 > WhitelistIP 172.16.0.0/12 > WhitelistIP 192.168.0.0/16 > > # Whitelist by a sender PTR (reverse DNS) record > # > # Performs a case insensitive substring match > # > #WhitelistPTR .friendlydomain.tld > #WhitelistPTR friendlyhost.friendlydomain.tld > > # Whitelist by an envelope sender e-Mail address > # > # Performs a case insensitive substring match > # > #WhitelistFrom friend@ > #WhitelistFrom @friendlydomain.tld > #WhitelistFrom friend@friendlydomain.tld > > # Whitelist by an envelope recipient e-Mail address > # > # Performs a case insensitive substring match > # > #WhitelistTo postmaster@ > #WhitelistTo abuse@ > #WhitelistTo spamlover@yourdomain.tld > #WhitelistTo @yourspamloverdomain.tld > > # FQDN of the publicly visible IP address of the interface > # of an outgoing connection of your Sendmail daemon > # It will be used with the SMTP HELO command for SAV and RAV > # > PublicName johnnystork.ca # it *MUST* be corrected properly PublicName should be the FQDN of the box smf-sav is running on, e.g. smpthost.johnnystork.ca > > # Any valid e-Mail address of your local domain for the safe call-out > purposes > # > SafeCallBack stork@johnnystork.ca # it *MUST* be corrected properly > > # Sender e-Mail Address Verification > # > # Default: on > # > #SAV on # (on|off) > > # Ignore tempfailed results of SAV > # > # Default: off > # > #IgnoreTempFail off # (on|off) > > # Refuse e-Mail messages from systems that don't accept the null > reverse-path <> > # > # Default: off > # > #BlockIgnorants off # (on|off) > > # Recipient e-Mail Address Verification > # > # Primary authoritative e-Mail store hostname (IP address) or > # the hostname (IP address) associated with the interface > # of an incoming connection of your Sendmail daemon > # In most cases it will be equal to the PublicName value > # Do not set to 'localhost' or 127.0.0.1 > # > > MailStore johnnystork.ca # uncomment and set it properly This also should be a FQDN, e.g. scalixhost.johnnystork.ca > > # In-memory cache engine TTL settings > # > # The time is given in seconds, except if a unit is given: > # m for minutes, h for hours, and d for days > # Specify zero to disable caching of particular items > # > # Defaults: > # > #FromPassTTL 1d # senders that successfully pass the MX callback test > # > #FromTFailTTL 5m # senders that pass the MX callback test with > tempfail results > # > #FromFailTTL 1h # senders that did not successfully pass the MX > callback test > # > #ToPassTTL 1h # recipients that successfully pass the call ahead test > # > #ToTFailTTL 5m # recipients that pass the call ahead test with > tempfail results > # > #ToFailTTL 1h # recipients that did not successfully pass the call > ahead test > > # Run as a selected user (smf-sav must be started by root) > # > # Default: smfs > # > #User smfs > > # Socket used to communicate with a Sendmail daemon > # > # Default: unix:/var/run/smfs/smf-sav.sock > # > #Socket unix:/var/run/smfs/smf-sav.sock > > # Facility for logging via a Syslog daemon > # > # Default: mail > # > #Syslog mail # (daemon|mail|local0...local7) > Make the suggested changes and let us know how it behaves. Brendan From steve.freegard at fsl.com Thu Apr 3 17:30:53 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Apr 3 17:32:49 2008 Subject: perl with threading enabled: bad? In-Reply-To: <47F4FD93.5010001@aacrao.org> References: <47F4FD93.5010001@aacrao.org> Message-ID: <47F5063D.3010702@fsl.com> Ryan Bingham wrote: > Hi All, > > I checked the archives but couldn't find the answer to this question, so > I apologize if it has be previously addressed. > > We recently upgraded from MailScanner 4.56.8 to 4.68.8. Everything went > well and we're not experiencing any problems, but I did have a question > about a comment Julian makes during the install script. At one point it > says: > > *** You are using a perl configured with threading enabled. > *** You should be aware that using multiple threads is > *** not recommended for production environments. > > > We are running perl v5.8.8 on CentOS 5.1 and threading is enabled (we > see "usethreads=define" when we run perl -V). Is this bad? Is there a > way to turn it off? That message comes from the DBI module when it is being built. You can safely ignore it. Neither MailScanner or SA use threads. Cheers, Steve. From dave.list at pixelhammer.com Thu Apr 3 17:35:20 2008 From: dave.list at pixelhammer.com (DAve) Date: Thu Apr 3 17:36:06 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F4E3A3.5040607@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3E5CF.7080505@farrows.org> <47F3F231.7050008@pixelhammer.com> <47F406D5.2020004@farrows.org> <47F42DF8.9080801@pixelhammer.com> <47F4913F.7040100@ecs.soton.ac.uk> <47F4C32C.5050200@pixelhammer.com> <47F4D8E6.3050303@ecs.soton.ac.uk> <47F4E3A3.5040607@pixelhammer.com> Message-ID: <47F50748.1080100@pixelhammer.com> DAve wrote: > Julian Field wrote: >> Max Unscanned Bytes Per Scan = 100m >> Max Unsafe Bytes Per Scan = 50m >> Max Unscanned Messages Per Scan = 30 >> Max Unsafe Messages Per Scan = 30 > > I thought so, but my setting is unchanged from the default on the old > and the new installs. Which is why I doubted my understanding of the > option. I've changed that setting to Max Unscanned Messages Per Scan = 10 Max Unsafe Messages Per Scan = 10 this has reduced scan time a bit more. It seems more children scanning small batches is faster than fewer children scanning large batches. I've no idea if that is relevant to anyone else's mail but mine. > > At this point, 10:00am, we have survived the morning rush of email with > no obvious issues and mail is flowing nicely. My largest number of > waiting messages has been 120 (yesterday it was 2k at this time, 4k by > noon). > Julian, in the spam.assassin.prefs.conf file you include the rules for URIBL_BLACK and URIBL_GREY. The rules for SpamAssassin 3.2.X includes those rules now. http://spamassassin.apache.org/tests_3_2_x.html Might want to remove them or add a note that they do not need uncommented unless you are running SpamAssassin 3.1.X or earlier. I had them uncommented, shame on me for not checking the SA change log better than I did. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From maillists at conactive.com Thu Apr 3 18:51:09 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Apr 3 18:52:03 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> Message-ID: Kai Schaetzl wrote on Wed, 02 Apr 2008 21:33:36 +0200: I found out later that the message actually scanned was not the one I wanted to scan but the SA default message that is used on start up. The long wait at dbg: bayes: untie-ing simply is MS waiting for the real message. However, this doesn't change anything in this respect: > [15949] dbg: config: using "/usr/share/spamassassin" for sys rules pre > files > [15949] dbg: config: using "/usr/share/spamassassin" for default rules dir > [15949] dbg: config: read file /usr/share/spamassassin/10_default_prefs.cf SA run under MS uses the wrong config directories. This seems to result in a much longer time for processing the rules. Maybe there is more. There are different hits than for the command-line SA and it takes *much* longer in the body scan phase. So, it eventually times out under MS. I can't see a reason why this might happen. SA is identified as dbg: generic: SpamAssassin version 3.2.4 I compared the Mail/Spamassassin in /usr/lib/perl5/site_perl/5.8.8/Mail with the one built by the source and they are identical except for dates (it seems the Perl upgrade process replaces an existing file only when it got changed, otherwise it keeps the existing file with the old date). I have some more, very old perl directories with different names in /usr/lib. However, if any of these would get used for a very obscure reason then it couldn't report 3.2.4 as the SA version. Anyway, I set all permissions to access these directories to 0, no change. What's wrong here, Jules? Could this be a problem with this somewhat old version of MS? (4.54.6) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From william at raidbr.com.br Thu Apr 3 20:40:22 2008 From: william at raidbr.com.br (William A. Knob) Date: Thu Apr 3 20:38:10 2008 Subject: MailScanner with postfix-gld Message-ID: <47F532A6.9040501@raidbr.com.br> Hi, Anyone has using MailScanner with postfix-gld (greylist daemon) ? Regards, -- *William A. Knob - Divis?o Desenvolvimento* Raidbr Solu??es em Inform?tica Ltda. Rua Jos? Albino Reuse, 1125. Cinquenten?rio. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br From TGFurnish at herffjones.com Thu Apr 3 21:04:49 2008 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Thu Apr 3 21:05:30 2008 Subject: detect executables embedded inside MS Office documents? Message-ID: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> Anyone know a way to get MailScanner/SA to detect executables embedded within Microsoft Office documents? We've had a word file come in with a .scr file embedded inside, wasn't detected by antivirus, but was definitely malware. Would love to be able to block files embedded into office docs based on file extension / file type. Didn't even know it was possible to do that (embed an executable inside a word file) until today. -- Trever Furnish, tgfurnish@herffjones.com Herff Jones, Inc. Unix / Network Administrator Phone: 317.612.3519 Any sufficiently advanced technology is indistinguishable from Unix. From MailScanner at ecs.soton.ac.uk Thu Apr 3 21:17:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 3 21:18:16 2008 Subject: MailScanner ignoring some rules In-Reply-To: References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> Message-ID: <47F53B57.1070307@ecs.soton.ac.uk> I have just done a thorough test of a %rules-dir%/scan.messages.rules with 4 combinations: FromOrTo: ntl.com no FromOrTo: default yes FromOrTo: soton.ac.uk no FromOrTo: default yes FromOrTo: ecs.soton.ac.uk no FromOrTo: default yes FromOrTo: jkf@soton.ac.uk no FromOrTo: default yes with 2 messages. 1st from ntl@ntl.com to jkf@soton.ac.uk, 2nd from jkf@ecs.soton.ac.uk to root@ecs.soton.ac.uk. In all combinations, it worked exactly as expected. What I would like you to do is show me the output of the following 5 commands: ls -lu /etc/MailScanner/rules/scan.messages.rules sleep 60 MailScanner --value=scanmessages --from=marketing@silmaq.com.br --to=root@localhost MailScanner --value=scanmessages --from=root@localhost --to=marketing@silmaq.com.br ls -lu /etc/MailScanner/rules/scan.messages.rules Just cut and paste the whole block into your terminal window. It will take just over a minute to run. Cut and paste *all* the output into a reply to this message. The 'sleep 60' is to force the MailScanner commands into the next minute on the clock. The "ls" commands will show the "last accessed" date stamp on rules file. If the rules file is being read at all, the 2nd ls will print a different date and/or time than the 1st ls. If it is not being read for some reason, the 2 ls commands will print the same date and time. Then we'll be able to see what is going wrong with your setup. Best regards, Jules. TecnoWay Digital wrote: > For example: %rules-dir%/scan.messages.rules then content of > scan.messages.rules file is: > > FromOrTo: marketing@silmaq.com.br no > FromOrTo: default yes > > > On a server with mailscanner-4.46.2-2 (the rule works) > > but another server with mailscanner-4.68.8-1 the rule doesn't work > the mailbox marketing@silmaq.com.br continue has still being processed by > mailscanner. > > To certify that using the correct MailScanner.conf after upgrade, I'd > put a wrong set > example "Sca Messages" and MailScanner report syntax error. > > > Best Regards > > ----- Original Message ----- From: "Hugo van der Kooij" > > To: "MailScanner discussion" > Sent: Thursday, April 03, 2008 2:29 AM > Subject: Re: MailScanner ignoring some rules > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> mailscanner@tecnowaydigital.com.br wrote: >> >> | At MailScanner recent versions, when I set some rules like: >> | Scan Messages = /etc/MailScanner/rules/scan.messages.rules >> | or >> | Filename Rules = /etc/MailScanner/filename.rules >> | >> | The MailScanner simply ignore the rules and don't print any error >> message. >> >> Since you didn not include anything about the rules you have there we >> must assume MS is right and your rules are wrong. In what way we can not >> tell you by lack of any information. >> >> Hugo. >> >> - -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> A: Yes. >> >Q: Are you sure? >> >>A: Because it reverses the logical flow of conversation. >> >>>Q: Why is top posting frowned upon? >> >> Bored? Click on http://spamornot.org/ and rate those images. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (GNU/Linux) >> >> iD8DBQFH9GslBvzDRVjxmYERAiOiAKCcKHWSpoYBUC+M2k0uPSEhertCnACfQEa+ >> KnYl0Qt9kzlzy4m99EgvKhU= >> =LsQL >> -----END PGP SIGNATURE----- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 3 21:21:01 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 3 21:21:30 2008 Subject: File Type Check Problem In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> Message-ID: <47F53C2D.5090207@ecs.soton.ac.uk> Mike Kercher wrote: > I've been searching and haven't found a resolution for this yet. > > Periodically, we get emails with attachments coming through that are not > being detected properly. MailScanner reports: > > MailScanner: No programs allowed (msg-10410-101.txt) > This is being caught by the filetype trap. > If I go look at the quarantined email in MailWatch and download the > attachment, it is a PDF. That may be what the filename says, but what does the "file" command report? > There was talk of the file -i command switch. > Is this something that needs to be set in MailScanner.conf? > No, just read the latest filetype.rules.conf and filename.rules.conf files, the comments at the top of each file tell you how to use it. There is also an example line in filetype.rules.conf for you to copy. > TIA > > Mike > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at lubik.ca Thu Apr 3 21:22:33 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Apr 3 21:23:52 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F3CD9F.7070406@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> Message-ID: DAve wrote: > > bash-2.05b# ./MailScanner --debug --debug-sa > In Debugging mode, not forking... > Trying to setlogsock(unix) > > > ***** > If 'awk' (with support for the function strftime) was > available on your $PATH then all the SpamAssassin debug > output would have the current time added to the start of > every line, making debugging far easier. > ***** You should install awk and this way you'll see timestamps in the debug output, revealing what is taking so much time. Ugo From mkercher at nfsmith.com Thu Apr 3 21:46:30 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Apr 3 21:47:29 2008 Subject: File Type Check Problem In-Reply-To: <47F53C2D.5090207@ecs.soton.ac.uk> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, April 03, 2008 3:21 PM To: MailScanner discussion Subject: Re: File Type Check Problem Mike Kercher wrote: > I've been searching and haven't found a resolution for this yet. > > Periodically, we get emails with attachments coming through that are > not being detected properly. MailScanner reports: > > MailScanner: No programs allowed (msg-10410-101.txt) > This is being caught by the filetype trap. > If I go look at the quarantined email in MailWatch and download the > attachment, it is a PDF. That may be what the filename says, but what does the "file" command report? > There was talk of the file -i command switch. > Is this something that needs to be set in MailScanner.conf? > No, just read the latest filetype.rules.conf and filename.rules.conf files, the comments at the top of each file tell you how to use it. There is also an example line in filetype.rules.conf for you to copy. > TIA > > Mike > Jules -- Jules, Running file against the message yields the following: [root@HOUPMS02 m334jSTE009852]# file message message: smtp mail text [root@HOUPMS02 m334jSTE009852]# file -i message message: message/rfc822\011 Not quite sure what changing the filetype.rules.conf would do for me here. Thanks! Mike From dave.list at pixelhammer.com Thu Apr 3 22:09:10 2008 From: dave.list at pixelhammer.com (DAve) Date: Thu Apr 3 22:09:55 2008 Subject: New MS install is slow to an extreme In-Reply-To: References: <47F3CD9F.7070406@pixelhammer.com> Message-ID: <47F54776.6080002@pixelhammer.com> Ugo Bellavance wrote: > DAve wrote: > >> >> bash-2.05b# ./MailScanner --debug --debug-sa >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> >> >> ***** >> If 'awk' (with support for the function strftime) was >> available on your $PATH then all the SpamAssassin debug >> output would have the current time added to the start of >> every line, making debugging far easier. >> ***** > > You should install awk and this way you'll see timestamps in the debug > output, revealing what is taking so much time. awk is installed in /usr/bin, but this version doesn't support strftime, I'll need to install gawk for that. No idea why they don't check awk capabilities during install, most anything else I install tells me I need GNU awk if the app requires it. Since this machine is MS only, I've installed nothing else on it, so nothing required GNU awk. Sendmail compiled fine with awk vs gawk. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From gerard at seibercom.net Thu Apr 3 22:12:04 2008 From: gerard at seibercom.net (Gerard) Date: Thu Apr 3 22:13:03 2008 Subject: MailScanner with postfix-gld In-Reply-To: <47F532A6.9040501@raidbr.com.br> References: <47F532A6.9040501@raidbr.com.br> Message-ID: <20080403171204.115d8111@scorpio> On Thu, 03 Apr 2008 16:40:22 -0300 "William A. Knob" wrote: > Anyone has using MailScanner with postfix-gld (greylist daemon) ? Is there a specific reason that you are inquiring, or are you compiling a statistical record of some sort? It it is the former, I would suggest that you clearly state what your problem is, show detailed log and configuration file data and what if any steps you have already taken to alleviate the situation. If you simply desire information on how to configure for such a setup, simply ask, stating the versions of Postfix, etc. as well as possibly your OS. -- Gerard gerard@seibercom.net If you think before you speak the other guy gets his joke in first. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080403/361afdbf/signature.bin From MailScanner at ecs.soton.ac.uk Thu Apr 3 22:14:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 3 22:15:45 2008 Subject: File Type Check Problem In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> Message-ID: <47F548BE.8030804@ecs.soton.ac.uk> Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, April 03, 2008 3:21 PM > To: MailScanner discussion > Subject: Re: File Type Check Problem > > > > Mike Kercher wrote: > >> I've been searching and haven't found a resolution for this yet. >> >> Periodically, we get emails with attachments coming through that are >> not being detected properly. MailScanner reports: >> >> MailScanner: No programs allowed (msg-10410-101.txt) >> >> > This is being caught by the filetype trap. > >> If I go look at the quarantined email in MailWatch and download the >> attachment, it is a PDF. >> > That may be what the filename says, but what does the "file" command > report? > >> There was talk of the file -i command switch. >> Is this something that needs to be set in MailScanner.conf? >> >> > No, just read the latest filetype.rules.conf and filename.rules.conf > files, the comments at the top of each file tell you how to use it. > There is also an example line in filetype.rules.conf for you to copy. > > >> TIA >> >> Mike >> >> > > Jules > > -- > > Jules, > > Running file against the message yields the following: > > [root@HOUPMS02 m334jSTE009852]# file message > message: smtp mail text > [root@HOUPMS02 m334jSTE009852]# file -i message > message: message/rfc822\011 > > Not quite sure what changing the filetype.rules.conf would do for me > here. > No! I meat you to run the "file" command on the attachment, not the message! :-( Funnily enough, when you run it on the message it says it's a message :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at tecnowaydigital.com.br Fri Apr 4 01:49:16 2008 From: mailscanner at tecnowaydigital.com.br (TecnoWay Digital) Date: Fri Apr 4 01:50:55 2008 Subject: MailScanner ignoring some rules In-Reply-To: <47F53B57.1070307@ecs.soton.ac.uk> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> Message-ID: <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> [root@firewall.silmaq.com.br ~]# ls -lu /etc/MailScanner/rules/scan.messages.rules -rwxrwxrwx 1 root root 76 2008-04-03 21:38 /etc/MailScanner/rules/scan.messages.rules [root@firewall.silmaq.com.br ~]# sleep 60 MailScanner --value=scanmessages --from=marketing@silmaq.com.br --to=root@localhost MailScanner --value=scanmessages --from=root@localhost --to=marketing@silmaq.com.br ls -lu /etc/MailScanner/rules/scan.messages.rules [root@firewall.silmaq.com.br ~]# MailScanner --value=scanmessages --from=marketing@silmaq.com.br --to=root@localhost Looked up internal option name "scanmail" With sender = marketing@silmaq.com.br recipient = root@localhost Client IP = Virus = Result is "0" 0=No 1=Yes [root@firewall.silmaq.com.br ~]# MailScanner --value=scanmessages --from=root@localhost --to=marketing@silmaq.com.br Looked up internal option name "scanmail" With sender = root@localhost recipient = marketing@silmaq.com.br Client IP = Virus = Result is "0" 0=No 1=Yes [root@firewall.silmaq.com.br ~]# ls -lu /etc/MailScanner/rules/scan.messages.rules -rwxrwxrwx 1 root root 76 2008-04-03 21:38 /etc/MailScanner/rules/scan.messages.rules [root@firewall.silmaq.com.br ~]# ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, April 03, 2008 5:17 PM Subject: Re: MailScanner ignoring some rules >I have just done a thorough test of a %rules-dir%/scan.messages.rules with >4 combinations: > > FromOrTo: ntl.com no > FromOrTo: default yes > > FromOrTo: soton.ac.uk no > FromOrTo: default yes > > FromOrTo: ecs.soton.ac.uk no > FromOrTo: default yes > > FromOrTo: jkf@soton.ac.uk no > FromOrTo: default yes > > with 2 messages. 1st from ntl@ntl.com to jkf@soton.ac.uk, 2nd from > jkf@ecs.soton.ac.uk to root@ecs.soton.ac.uk. > > In all combinations, it worked exactly as expected. > > What I would like you to do is show me the output of the following 5 > commands: > > ls -lu /etc/MailScanner/rules/scan.messages.rules > sleep 60 > MailScanner --value=scanmessages --from=marketing@silmaq.com.br --to=root@localhost > MailScanner --value=scanmessages --from=root@localhost --to=marketing@silmaq.com.br > ls -lu /etc/MailScanner/rules/scan.messages.rules > > Just cut and paste the whole block into your terminal window. It will take > just over a minute to run. Cut and paste *all* the output into a reply to > this message. > > The 'sleep 60' is to force the MailScanner commands into the next minute > on the clock. The "ls" commands will show the "last accessed" date stamp > on rules file. If the rules file is being read at all, the 2nd ls will > print a different date and/or time than the 1st ls. If it is not being > read for some reason, the 2 ls commands will print the same date and time. > > Then we'll be able to see what is going wrong with your setup. > > Best regards, > Jules. > > TecnoWay Digital wrote: >> For example: %rules-dir%/scan.messages.rules then content of >> scan.messages.rules file is: >> >> FromOrTo: marketing@silmaq.com.br no >> FromOrTo: default yes >> >> >> On a server with mailscanner-4.46.2-2 (the rule works) >> >> but another server with mailscanner-4.68.8-1 the rule doesn't work >> the mailbox marketing@silmaq.com.br continue has still being processed by >> mailscanner. >> >> To certify that using the correct MailScanner.conf after upgrade, I'd put >> a wrong set >> example "Sca Messages" and MailScanner report syntax error. >> >> >> Best Regards >> >> ----- Original Message ----- From: "Hugo van der Kooij" >> >> To: "MailScanner discussion" >> Sent: Thursday, April 03, 2008 2:29 AM >> Subject: Re: MailScanner ignoring some rules >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> mailscanner@tecnowaydigital.com.br wrote: >>> >>> | At MailScanner recent versions, when I set some rules like: >>> | Scan Messages = /etc/MailScanner/rules/scan.messages.rules >>> | or >>> | Filename Rules = /etc/MailScanner/filename.rules >>> | >>> | The MailScanner simply ignore the rules and don't print any error >>> message. >>> >>> Since you didn not include anything about the rules you have there we >>> must assume MS is right and your rules are wrong. In what way we can not >>> tell you by lack of any information. >>> >>> Hugo. >>> >>> - -- >>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>> >>> A: Yes. >>> >Q: Are you sure? >>> >>A: Because it reverses the logical flow of conversation. >>> >>>Q: Why is top posting frowned upon? >>> >>> Bored? Click on http://spamornot.org/ and rate those images. >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.7 (GNU/Linux) >>> >>> iD8DBQFH9GslBvzDRVjxmYERAiOiAKCcKHWSpoYBUC+M2k0uPSEhertCnACfQEa+ >>> KnYl0Qt9kzlzy4m99EgvKhU= >>> =LsQL >>> -----END PGP SIGNATURE----- >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mailscanner at tecnowaydigital.com.br Fri Apr 4 01:59:41 2008 From: mailscanner at tecnowaydigital.com.br (TecnoWay Digital) Date: Fri Apr 4 02:00:49 2008 Subject: MailScanner ignoring some rules In-Reply-To: <47F53B57.1070307@ecs.soton.ac.uk> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> Message-ID: <6FDE866AAB924CC68FC64A2B0E04BBBB@TWDNB03> Julian, another information about my server. I'm using mailwatch too. If the mailbox marketing@silmaq.com.br is not set to be scanned, why it continue been logged to mailWatch SQL ? I imagine the "MailWatch.pm" is called from MailScanner to log only scanned messages. Thanks Rog?rio ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Thursday, April 03, 2008 5:17 PM Subject: Re: MailScanner ignoring some rules >I have just done a thorough test of a %rules-dir%/scan.messages.rules with >4 combinations: > > FromOrTo: ntl.com no > FromOrTo: default yes > > FromOrTo: soton.ac.uk no > FromOrTo: default yes > > FromOrTo: ecs.soton.ac.uk no > FromOrTo: default yes > > FromOrTo: jkf@soton.ac.uk no > FromOrTo: default yes > > with 2 messages. 1st from ntl@ntl.com to jkf@soton.ac.uk, 2nd from > jkf@ecs.soton.ac.uk to root@ecs.soton.ac.uk. > > In all combinations, it worked exactly as expected. > > What I would like you to do is show me the output of the following 5 > commands: > > ls -lu /etc/MailScanner/rules/scan.messages.rules > sleep 60 > MailScanner --value=scanmessages --from=marketing@silmaq.com.br --to=root@localhost > MailScanner --value=scanmessages --from=root@localhost --to=marketing@silmaq.com.br > ls -lu /etc/MailScanner/rules/scan.messages.rules > > Just cut and paste the whole block into your terminal window. It will take > just over a minute to run. Cut and paste *all* the output into a reply to > this message. > > The 'sleep 60' is to force the MailScanner commands into the next minute > on the clock. The "ls" commands will show the "last accessed" date stamp > on rules file. If the rules file is being read at all, the 2nd ls will > print a different date and/or time than the 1st ls. If it is not being > read for some reason, the 2 ls commands will print the same date and time. > > Then we'll be able to see what is going wrong with your setup. > > Best regards, > Jules. > > TecnoWay Digital wrote: >> For example: %rules-dir%/scan.messages.rules then content of >> scan.messages.rules file is: >> >> FromOrTo: marketing@silmaq.com.br no >> FromOrTo: default yes >> >> >> On a server with mailscanner-4.46.2-2 (the rule works) >> >> but another server with mailscanner-4.68.8-1 the rule doesn't work >> the mailbox marketing@silmaq.com.br continue has still being processed by >> mailscanner. >> >> To certify that using the correct MailScanner.conf after upgrade, I'd put >> a wrong set >> example "Sca Messages" and MailScanner report syntax error. >> >> >> Best Regards >> >> ----- Original Message ----- From: "Hugo van der Kooij" >> >> To: "MailScanner discussion" >> Sent: Thursday, April 03, 2008 2:29 AM >> Subject: Re: MailScanner ignoring some rules >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> mailscanner@tecnowaydigital.com.br wrote: >>> >>> | At MailScanner recent versions, when I set some rules like: >>> | Scan Messages = /etc/MailScanner/rules/scan.messages.rules >>> | or >>> | Filename Rules = /etc/MailScanner/filename.rules >>> | >>> | The MailScanner simply ignore the rules and don't print any error >>> message. >>> >>> Since you didn not include anything about the rules you have there we >>> must assume MS is right and your rules are wrong. In what way we can not >>> tell you by lack of any information. >>> >>> Hugo. >>> >>> - -- >>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>> >>> A: Yes. >>> >Q: Are you sure? >>> >>A: Because it reverses the logical flow of conversation. >>> >>>Q: Why is top posting frowned upon? >>> >>> Bored? Click on http://spamornot.org/ and rate those images. >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.7 (GNU/Linux) >>> >>> iD8DBQFH9GslBvzDRVjxmYERAiOiAKCcKHWSpoYBUC+M2k0uPSEhertCnACfQEa+ >>> KnYl0Qt9kzlzy4m99EgvKhU= >>> =LsQL >>> -----END PGP SIGNATURE----- >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Fri Apr 4 08:57:21 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 4 08:57:56 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> Message-ID: <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> On 03/04/2008, Kai Schaetzl wrote: > Kai Schaetzl wrote on Wed, 02 Apr 2008 21:33:36 +0200: > > I found out later that the message actually scanned was not the one I wanted > to scan but the SA default message that is used on start up. The long wait at > dbg: bayes: untie-ing simply is MS waiting for the real message. > > However, this doesn't change anything in this respect: > > > > [15949] dbg: config: using "/usr/share/spamassassin" for sys rules pre > > files > > [15949] dbg: config: using "/usr/share/spamassassin" for default rules dir > > [15949] dbg: config: read file /usr/share/spamassassin/10_default_prefs.cf > > > SA run under MS uses the wrong config directories. This seems to result in a > much longer time for processing the rules. Maybe there is more. There are > different hits than for the command-line SA and it takes *much* longer in the > body scan phase. So, it eventually times out under MS. > > I can't see a reason why this might happen. SA is identified as > dbg: generic: SpamAssassin version 3.2.4 > I compared the Mail/Spamassassin in /usr/lib/perl5/site_perl/5.8.8/Mail with > the one built by the source and they are identical except for dates (it seems > the Perl upgrade process replaces an existing file only when it got changed, > otherwise it keeps the existing file with the old date). I have some more, > very old perl directories with different names in /usr/lib. However, if any > of these would get used for a very obscure reason then it couldn't report > 3.2.4 as the SA version. Anyway, I set all permissions to access these > directories to 0, no change. Sorry if you already supplied this, but what do you have for the different SA paths in MailScanner.conf? > What's wrong here, Jules? Could this be a problem with this somewhat old > version of MS? (4.54.6) > Might be, there's been a lot of water under the bridge... and all that:-). ISTR there being a rather heated discussion back somewhere there on how to make MS notice the sa-update stuff, leading to some rather bad setups with wrongly specified paths in MailScanner.conf (a modern SA should be able to find these things by itself, no need to "help" it... mostly:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Apr 4 09:09:11 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 4 09:09:46 2008 Subject: MailScanner ignoring some rules In-Reply-To: <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> Message-ID: <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> On 04/04/2008, TecnoWay Digital wrote: > [root@firewall.silmaq.com.br ~]# ls -lu > /etc/MailScanner/rules/scan.messages.rules > -rwxrwxrwx 1 root root 76 2008-04-03 21:38 > /etc/MailScanner/rules/scan.messages.rules (snip) > [root@firewall.silmaq.com.br ~]# ls -lu > /etc/MailScanner/rules/scan.messages.rules > -rwxrwxrwx 1 root root 76 2008-04-03 21:38 > /etc/MailScanner/rules/scan.messages.rules So your rule file doesn't egt read at all... Have you shown us the snippet of your MailScanner.conf where you use it? Could you do so? Also, have you run a "MailScanner --lint" and shown us that output? Please do... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Fri Apr 4 09:20:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 09:21:20 2008 Subject: MailScanner ignoring some rules In-Reply-To: <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> Message-ID: <47F5E4D1.30800@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TecnoWay Digital wrote: > [root@firewall.silmaq.com.br ~]# ls -lu > /etc/MailScanner/rules/scan.messages.rules > -rwxrwxrwx 1 root root 76 2008-04-03 21:38 > /etc/MailScanner/rules/scan.messages.rules > [root@firewall.silmaq.com.br ~]# sleep 60 > MailScanner --value=scanmessages --from=marketing@silmaq.com.br > --to=root@localhost > MailScanner --value=scanmessages --from=root@localhost > --to=marketing@silmaq.com.br > ls -lu /etc/MailScanner/rules/scan.messages.rules > [root@firewall.silmaq.com.br ~]# MailScanner --value=scanmessages > --from=marketing@silmaq.com.br --to=root@localhost > Looked up internal option name "scanmail" > With sender = marketing@silmaq.com.br > recipient = root@localhost > Client IP = > Virus = > Result is "0" > > 0=No 1=Yes > [root@firewall.silmaq.com.br ~]# MailScanner --value=scanmessages > --from=root@localhost --to=marketing@silmaq.com.br > Looked up internal option name "scanmail" > With sender = root@localhost > recipient = marketing@silmaq.com.br > Client IP = > Virus = > Result is "0" > > 0=No 1=Yes > [root@firewall.silmaq.com.br ~]# ls -lu > /etc/MailScanner/rules/scan.messages.rules > -rwxrwxrwx 1 root root 76 2008-04-03 21:38 > /etc/MailScanner/rules/scan.messages.rules You have a typo in your MailScanner.conf somewhere. This rules file isn't being read. Notice the "last read" date stamp is the same as it was a minute ago. > [root@firewall.silmaq.com.br ~]# > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Thursday, April 03, 2008 5:17 PM > Subject: Re: MailScanner ignoring some rules > > >> I have just done a thorough test of a %rules-dir%/scan.messages.rules >> with 4 combinations: >> >> FromOrTo: ntl.com no >> FromOrTo: default yes >> >> FromOrTo: soton.ac.uk no >> FromOrTo: default yes >> >> FromOrTo: ecs.soton.ac.uk no >> FromOrTo: default yes >> >> FromOrTo: jkf@soton.ac.uk no >> FromOrTo: default yes >> >> with 2 messages. 1st from ntl@ntl.com to jkf@soton.ac.uk, 2nd from >> jkf@ecs.soton.ac.uk to root@ecs.soton.ac.uk. >> >> In all combinations, it worked exactly as expected. >> >> What I would like you to do is show me the output of the following 5 >> commands: >> >> ls -lu /etc/MailScanner/rules/scan.messages.rules >> sleep 60 >> MailScanner --value=scanmessages --from=marketing@silmaq.com.br >> --to=root@localhost >> MailScanner --value=scanmessages --from=root@localhost >> --to=marketing@silmaq.com.br >> ls -lu /etc/MailScanner/rules/scan.messages.rules >> >> Just cut and paste the whole block into your terminal window. It will >> take just over a minute to run. Cut and paste *all* the output into a >> reply to this message. >> >> The 'sleep 60' is to force the MailScanner commands into the next >> minute on the clock. The "ls" commands will show the "last accessed" >> date stamp on rules file. If the rules file is being read at all, the >> 2nd ls will print a different date and/or time than the 1st ls. If it >> is not being read for some reason, the 2 ls commands will print the >> same date and time. >> >> Then we'll be able to see what is going wrong with your setup. >> >> Best regards, >> Jules. >> >> TecnoWay Digital wrote: >>> For example: %rules-dir%/scan.messages.rules then content of >>> scan.messages.rules file is: >>> >>> FromOrTo: marketing@silmaq.com.br no >>> FromOrTo: default yes >>> >>> >>> On a server with mailscanner-4.46.2-2 (the rule works) >>> >>> but another server with mailscanner-4.68.8-1 the rule doesn't work >>> the mailbox marketing@silmaq.com.br continue has still being >>> processed by >>> mailscanner. >>> >>> To certify that using the correct MailScanner.conf after upgrade, >>> I'd put a wrong set >>> example "Sca Messages" and MailScanner report syntax error. >>> >>> >>> Best Regards >>> >>> ----- Original Message ----- From: "Hugo van der Kooij" >>> >>> To: "MailScanner discussion" >>> Sent: Thursday, April 03, 2008 2:29 AM >>> Subject: Re: MailScanner ignoring some rules >>> >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> mailscanner@tecnowaydigital.com.br wrote: >>>> >>>> | At MailScanner recent versions, when I set some rules like: >>>> | Scan Messages = /etc/MailScanner/rules/scan.messages.rules >>>> | or >>>> | Filename Rules = /etc/MailScanner/filename.rules >>>> | >>>> | The MailScanner simply ignore the rules and don't print any error >>>> message. >>>> >>>> Since you didn not include anything about the rules you have there we >>>> must assume MS is right and your rules are wrong. In what way we >>>> can not >>>> tell you by lack of any information. >>>> >>>> Hugo. >>>> >>>> - -- >>>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>>> >>>> A: Yes. >>>> >Q: Are you sure? >>>> >>A: Because it reverses the logical flow of conversation. >>>> >>>Q: Why is top posting frowned upon? >>>> >>>> Bored? Click on http://spamornot.org/ and rate those images. >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1.4.7 (GNU/Linux) >>>> >>>> iD8DBQFH9GslBvzDRVjxmYERAiOiAKCcKHWSpoYBUC+M2k0uPSEhertCnACfQEa+ >>>> KnYl0Qt9kzlzy4m99EgvKhU= >>>> =LsQL >>>> -----END PGP SIGNATURE----- >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFH9eTSEfZZRxQVtlQRAlRwAJ48Ta/sWGyvnyiybMsFvMOTQ8xzmgCgr+Rk hUU0BGj7P4lquwBY8e1pM9w= =cSQz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Marco.Induni at rtsi.ch Fri Apr 4 10:45:39 2008 From: Marco.Induni at rtsi.ch (Induni Marco) Date: Fri Apr 4 10:46:23 2008 Subject: Remove big attachements, but deliver the email Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Induni Marco.vcf Type: text/x-vcard Size: 306 bytes Desc: Induni Marco.vcf Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/6e93afb7/InduniMarco-0001.vcf From stef at aoc-uk.com Fri Apr 4 13:53:05 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Fri Apr 4 13:53:38 2008 Subject: Sophos not running correctly after most recent update Message-ID: <200804041253.m34Cr4TI032030@safir.blacknight.ie> Hello all, Overnight, MajorSophos script fired via cron as normal and downloaded the latest Sophos (4.28) installing via the install scripts in Mailscanner as usual. At this point, Sophos stopped working completely # /opt/MailScanner/lib/sophos-wrapper /usr/local/Sophos Error initialising detection engine - missing part of virus data I've tried completely removing /usr/local/Sophos and reinstalling, but get the same error. I'm presuming it can see the ide directory, as without it I instead get the error Error initialising detection engine - missing main virus data It's as though the virus data itself is nerfed in this release. Perhaps I can get an older version from somewhere and use more ide files until the next release, though the Sophos website is unhelpful in this regard. Has anyone the same problem, or a brilliant idea? Regards Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From MailScanner at ecs.soton.ac.uk Fri Apr 4 13:59:34 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 14:00:23 2008 Subject: Remove big attachements, but deliver the email In-Reply-To: References: Message-ID: <47F62636.1040206@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You would need to write a Custom Function in order to actually remove large attachments. However, what may be useful is the setting "Zip Attachments" in MailScanner.conf, as this will make it replace large attachments with a zip file containing the attachments. This preserves the attachments while still usually making the message a lot smaller. Is this of any use to you instead? If you were to write a Custom Function to remove large attachments, the "Zip Attachments" code would certainly show you how to do it. If you are prepared to pay me a decent rate, I will write the Custom Function for you... Best regards, Jules. Induni Marco wrote: > > Dear all, > as many people we limit the size of an incoming email message (on our > case to 10 MB) via max.message.size.rules. > So when a message reach this limit, we will keep the message in > quarantine, and we send a Warnig message to the sender and the recevier. > > I was wondering if there is a way to eventually remove the "big" > attachment, but delivery the email text (message) anyway. > > Thank you and best regards > > Marco > > > -- > Radiotelevisione Svizzera di Lingua Italiana > Casella Postale > 6903 LUGANO > > Tel. +41 (0)91 803 63 83 > > <> > > > **************************************************************** > > Visit: www.rtsi.ch > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > postmaster@rtsi.ch. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH9iY3EfZZRxQVtlQRAnurAKCvh9O8bpf3VX7oSeB6Ksijuhc49gCgt05+ 7ODiWSfAd+HfiF8haWL8sqI= =QGC2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Andrew.Chester at ukuvuma.co.za Fri Apr 4 14:03:15 2008 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Fri Apr 4 14:04:10 2008 Subject: Having problems installing on FreeBSD 64 Bit Message-ID: Hi All I'm having a problem installing MS on FreeBSD 6.3 64 Bit, I've updated the ports tree a few times now and it has MailScanner 4.67.6_1 - but when I try install it thru the ports tree, I keep getting this error: "bdc-7.0.1_2 is only for i386, while you are running amd64". This happens when the MS installation runs through it's dependancy list, I have tried to find a 64bit package for bdc but can only find the i386 package. I dont know why this is happening or what's gone wrong as I've installed MS on the same version of FreeBSD on another gateway, also 64 Bit, without a problem. If anyone can advise on what to do, it would be greatly appreciated - thank you. Kind Regards, Andrew CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/3d8db0be/attachment.html From dave.list at pixelhammer.com Fri Apr 4 14:28:00 2008 From: dave.list at pixelhammer.com (DAve) Date: Fri Apr 4 14:28:46 2008 Subject: OT - Need info Message-ID: <47F62CE0.7090805@pixelhammer.com> Excuse the OT post, please respond directly to me so as to not clutter the list. I have a client who needs their mail sent to their server via TLS. We are using Sendmail and I can find oodles of info on setting up TLS, but very little on sending messages destined for one specific host via a TLS connection. I am assuming, possibly incorrectly, that the secret lies in access and or the mailertable. Can anyone point me to better information than I have found? Thanks, DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From MailScanner at ecs.soton.ac.uk Fri Apr 4 14:32:45 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 14:33:29 2008 Subject: Sophos not running correctly after most recent update In-Reply-To: <200804041253.m34Cr4TI032030@safir.blacknight.ie> References: <200804041253.m34Cr4TI032030@safir.blacknight.ie> Message-ID: <47F62DFD.6020100@ecs.soton.ac.uk> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 218 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/c71cfacf/PGP.bin From mkercher at nfsmith.com Fri Apr 4 14:55:33 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Fri Apr 4 14:56:33 2008 Subject: File Type Check Problem In-Reply-To: <47F548BE.8030804@ecs.soton.ac.uk> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk><224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> <47F548BE.8030804@ecs.soton.ac.uk> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F8E0E20@HOUPEX01.nfsmith.info> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Thursday, April 03, 2008 3:21 PM > To: MailScanner discussion > Subject: Re: File Type Check Problem > > > > Mike Kercher wrote: > >> I've been searching and haven't found a resolution for this yet. >> >> Periodically, we get emails with attachments coming through that are >> not being detected properly. MailScanner reports: >> >> MailScanner: No programs allowed (msg-10410-101.txt) >> >> > This is being caught by the filetype trap. > >> If I go look at the quarantined email in MailWatch and download the >> attachment, it is a PDF. >> > That may be what the filename says, but what does the "file" command > report? > >> There was talk of the file -i command switch. >> Is this something that needs to be set in MailScanner.conf? >> >> > No, just read the latest filetype.rules.conf and filename.rules.conf > files, the comments at the top of each file tell you how to use it. > There is also an example line in filetype.rules.conf for you to copy. > > >> TIA >> >> Mike >> >> > > Jules > > -- > > Jules, > > Running file against the message yields the following: > > [root@HOUPMS02 m334jSTE009852]# file message > message: smtp mail text > [root@HOUPMS02 m334jSTE009852]# file -i message > message: message/rfc822\011 > > Not quite sure what changing the filetype.rules.conf would do for me > here. > No! I meat you to run the "file" command on the attachment, not the message! :-( Funnily enough, when you run it on the message it says it's a message :-) Jules -------- Sorry about that :) Here's the output of file run against the attachment itself: [root@HOUPMS01 ~]# file OSC81.pdf OSC81.pdf: PDF document, version 1.3 [root@HOUPMS01 ~]# file -i OSC81.pdf OSC81.pdf: application/pdf Mike From Denis.Beauchemin at USherbrooke.ca Fri Apr 4 14:59:33 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 4 15:00:21 2008 Subject: OT - Need info In-Reply-To: <47F62CE0.7090805@pixelhammer.com> References: <47F62CE0.7090805@pixelhammer.com> Message-ID: <47F63445.7000600@USherbrooke.ca> DAve a ?crit : > Excuse the OT post, please respond directly to me so as to not clutter > the list. I have a client who needs their mail sent to their server > via TLS. We are using Sendmail and I can find oodles of info on > setting up TLS, but very little on sending messages destined for one > specific host via a TLS connection. > > I am assuming, possibly incorrectly, that the secret lies in access > and or the mailertable. Can anyone point me to better information than > I have found? > > Thanks, > > DAve Dave, I use the following in the access file to require a TLS connection to some remote servers: TLS_Srv:ip.ad.dre.ss ENCR:128 Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From mailscanner at tecnowaydigital.com.br Fri Apr 4 15:19:46 2008 From: mailscanner at tecnowaydigital.com.br (TecnoWay Digital) Date: Fri Apr 4 15:22:16 2008 Subject: MailScanner ignoring some rules In-Reply-To: <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br><47F46B28.2050507@vanderkooij.org><47F53B57.1070307@ecs.soton.ac.uk><8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> Message-ID: MailScanner --lint Trying to setlogsock(unix) Read 817 hostnames from the phishing whitelist Read 5549 hostnames from the phishing blacklist Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 326 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 40 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.68.8) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Using locktype = posix MailScanner.conf says "Virus Scanners = mcafee" Found these virus scanners installed: clamav, mcafee =========================================================================== Virus and Content Scanning: Starting /1/eicar.com Found: EICAR test file NOT a virus. Virus Scanning: McAfee found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses =========================================================================== Virus Scanner test reports: McAfee said "/1/eicar.com Found: EICAR test file NOT a virus." If any of your virus scanners (clamav,mcafee) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist -------------------------------------------------------------------- My MailScanner.conf %org-name% = Silmaq %org-long-name% = Silmaq S.A %web-site% = www.silmaq.com.br %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/pt_br %rules-dir% = /etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run As User = postfix Run As Group = postfix Queue Scan Interval = 6 Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 7200 MTA = postfix Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = root Quarantine Group = apache Quarantine Permissions = 0660 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = %rules-dir%/scan.messages.rules Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = no TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 0 Find Archives By Content = yes Zip Attachments = no Attachments Zip Filename = MessageAttachments.zip Attachments Min Total Size To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml Virus Scanning = yes Virus Scanners = mcafee Virus Scanner Timeout = 300 Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = no Check Filenames In Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /opt/sophos-av/lib/sav Sophos Lib Dir = /opt/sophos-av/lib Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Message Scan = yes Fpscand Port = 10200 Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Known Web Bug Servers = msgtag.com Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.regra.rules Allow Filetypes = Allow File MIME Types = Deny Filetypes = Deny File MIME Types = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = no Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = %rules-dir%/regras_assinatura.rules Attach Image To Signature = no Attach Image To HTML Message Only = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Subject Text = {Scanned} Virus Modify Subject = start Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = start High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = ISO-8859-1 Archive Mail = %rules-dir%/copia-email.rules Send Notices = no Notices Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = teste Notices To = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 50 Max Spam Check Size = 200k Use Watermarking = no Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = nothing Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-Secret Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Use SpamAssassin = yes Max SpamAssassin Size = 200k Required SpamAssassin Score = 6 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes SpamAssassin Timeout = 75 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Include Binary Attachments In SpamAssassin = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = store High Scoring Spam Actions = store Non Spam Actions = deliver header "X-Spam-Status: No" SpamAssassin Rule Actions = Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Permitted File MIME Types = no Log Silent Viruses = no Log Dangerous HTML Tags = no Log SpamAssassin Rule Actions = no SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = MCP Checks = yes First Check = mcp MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = forward spam@silmaq.com.br High Scoring MCP Actions = forward spam@silmaq.com.br Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {Lista de Bloqueio} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {Lista de Bloqueio} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.68.8 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = &MailWatchLogging Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions Lock Type = Syslog Socket Type = Automatic Syntax Check = yes Minimum Code Status = supported ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Friday, April 04, 2008 5:09 AM Subject: Re: MailScanner ignoring some rules > On 04/04/2008, TecnoWay Digital > wrote: >> [root@firewall.silmaq.com.br ~]# ls -lu >> /etc/MailScanner/rules/scan.messages.rules >> -rwxrwxrwx 1 root root 76 2008-04-03 21:38 >> /etc/MailScanner/rules/scan.messages.rules > (snip) >> [root@firewall.silmaq.com.br ~]# ls -lu >> /etc/MailScanner/rules/scan.messages.rules >> -rwxrwxrwx 1 root root 76 2008-04-03 21:38 >> /etc/MailScanner/rules/scan.messages.rules > > So your rule file doesn't egt read at all... Have you shown us the > snippet of your MailScanner.conf where you use it? Could you do so? > Also, have you run a "MailScanner --lint" and shown us that output? Please > do... > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Fri Apr 4 15:39:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 15:40:05 2008 Subject: File Type Check Problem In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F8E0E20@HOUPEX01.nfsmith.info> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk><224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> <47F548BE.8030804@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0E20@HOUPEX01.nfsmith.info> Message-ID: <47F63D8D.3070105@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Kercher wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Thursday, April 03, 2008 3:21 PM >> To: MailScanner discussion >> Subject: Re: File Type Check Problem >> >> >> >> Mike Kercher wrote: >> >> >>> I've been searching and haven't found a resolution for this yet. >>> >>> Periodically, we get emails with attachments coming through that are >>> not being detected properly. MailScanner reports: >>> >>> MailScanner: No programs allowed (msg-10410-101.txt) >>> >>> >>> >> This is being caught by the filetype trap. >> >> >>> If I go look at the quarantined email in MailWatch and download the >>> attachment, it is a PDF. >>> >>> >> That may be what the filename says, but what does the "file" command >> report? >> >> >>> There was talk of the file -i command switch. >>> Is this something that needs to be set in MailScanner.conf? >>> >>> >>> >> No, just read the latest filetype.rules.conf and filename.rules.conf >> files, the comments at the top of each file tell you how to use it. >> There is also an example line in filetype.rules.conf for you to copy. >> >> >> >>> TIA >>> >>> Mike >>> >>> >>> >> Jules >> >> -- >> >> Jules, >> >> Running file against the message yields the following: >> >> [root@HOUPMS02 m334jSTE009852]# file message >> message: smtp mail text >> [root@HOUPMS02 m334jSTE009852]# file -i message >> message: message/rfc822\011 >> >> Not quite sure what changing the filetype.rules.conf would do for me >> here. >> >> > No! I meat you to run the "file" command on the attachment, not the > message! :-( Funnily enough, when you run it on the message it says it's > a message :-) > > Jules > > -------- > > Sorry about that :) Here's the output of file run against the > attachment itself: > > [root@HOUPMS01 ~]# file OSC81.pdf > OSC81.pdf: PDF document, version 1.3 > > [root@HOUPMS01 ~]# file -i OSC81.pdf > OSC81.pdf: application/pdf > Have just checked your original report, and it wasn't the attachment it blocked, it was the main message body (hence the "txt" extension with the unusual filename). Harder to stop that unless you switch from using the "executable" trap in filetype.rules.conf to a replacement trap using the MIME type reported by file -i instead (see comments at the start of filetype.rules.conf). > Mike > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH9j2OEfZZRxQVtlQRAmZiAJwPS5jjxhoukvmFSoj5JYyMGP8U+QCgzMdS bHrfC2GyNSDz4ZOdqsl9zSw= =knIJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From butler at globeserver.com Fri Apr 4 15:49:52 2008 From: butler at globeserver.com (Philip Butler) Date: Fri Apr 4 15:52:25 2008 Subject: Ruleset patterns... Message-ID: <6041A315-0699-43C4-8E27-1117DDE92C27@globeserver.com> Hi all, I don't think this is possible, but I thought I'd ask anyway.... In a MailScanner ruleset, is it possible to use a netmask in a pattern ?? For example: From: 10.0.0.0/255.255.252.0 yes I know that this could be expanded to multiple lines and I see things like: /^192\.168\.1[4567]\./ in the documentation, but it would be much easier to read with an ip/ netmask format. Please excuse me if I am off-base. Thanks, Phil From MailScanner at ecs.soton.ac.uk Fri Apr 4 16:04:01 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 16:04:45 2008 Subject: Ruleset patterns... In-Reply-To: <6041A315-0699-43C4-8E27-1117DDE92C27@globeserver.com> References: <6041A315-0699-43C4-8E27-1117DDE92C27@globeserver.com> Message-ID: <47F64361.2040107@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Philip Butler wrote: > Hi all, > > I don't think this is possible, but I thought I'd ask anyway.... > > In a MailScanner ruleset, is it possible to use a netmask in a pattern ?? Of course! It supports several different formats. Cut straight from /etc/MailScanner/rules/README, here they are: 192.168.21. # Any SMTP client IP address in this network 192.168.21 # Any SMTP client IP address in this network 192.168.21.0/255.255.255.0 # Any SMTP client IP address in this network 192.168.21.0/24 # Any SMTP client IP address in this network /pattern-with-no-letters/ # Any SMTP client IP address matching this # Perl regular expression /^192\.168\.1[4567]\./ # Any SMTP client IP address in the networks # 192.168.14 - 192.168.17 > > For example: > > From: 10.0.0.0/255.255.252.0 yes > > I know that this could be expanded to multiple lines and I see things > like: > > /^192\.168\.1[4567]\./ > > in the documentation, but it would be much easier to read with an > ip/netmask format. > > Please excuse me if I am off-base. > > Thanks, > > Phil > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH9kNiEfZZRxQVtlQRApA4AJ9q69qw/aVrvPP+1skSDDr6RglPgwCeI1nS H48KEvdVvS6wfAz6wypop/4= =7e7t -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Marco.Induni at rtsi.ch Fri Apr 4 16:07:36 2008 From: Marco.Induni at rtsi.ch (Induni Marco) Date: Fri Apr 4 16:08:12 2008 Subject: Remove big attachements, but deliver the email In-Reply-To: <47F62636.1040206@ecs.soton.ac.uk> Message-ID: Hi Jules, thank you for the infos. I will try with the zip flag, but think I've to investigate the Custom Function. Thank you and best regards. Marco -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian Field Sent: venerd?, 4. aprile 2008 15:00 To: MailScanner discussion Subject: Re: Remove big attachements, but deliver the email -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You would need to write a Custom Function in order to actually remove large attachments. However, what may be useful is the setting "Zip Attachments" in MailScanner.conf, as this will make it replace large attachments with a zip file containing the attachments. This preserves the attachments while still usually making the message a lot smaller. Is this of any use to you instead? If you were to write a Custom Function to remove large attachments, the "Zip Attachments" code would certainly show you how to do it. If you are prepared to pay me a decent rate, I will write the Custom Function for you... Best regards, Jules. Induni Marco wrote: > > Dear all, > as many people we limit the size of an incoming email message (on our > case to 10 MB) via max.message.size.rules. > So when a message reach this limit, we will keep the message in > quarantine, and we send a Warnig message to the sender and the recevier. > > I was wondering if there is a way to eventually remove the "big" > attachment, but delivery the email text (message) anyway. > > Thank you and best regards > > Marco > > > -- > Radiotelevisione Svizzera di Lingua Italiana > Casella Postale > 6903 LUGANO > > Tel. +41 (0)91 803 63 83 > > <> > > > **************************************************************** > > Visit: www.rtsi.ch > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > postmaster@rtsi.ch. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH9iY3EfZZRxQVtlQRAnurAKCvh9O8bpf3VX7oSeB6Ksijuhc49gCgt05+ 7ODiWSfAd+HfiF8haWL8sqI= =QGC2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ****************************************************** Visit: http://www.rtsi.ch This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster@rtsi.ch From butler at globeserver.com Fri Apr 4 16:18:22 2008 From: butler at globeserver.com (Philip Butler) Date: Fri Apr 4 16:19:46 2008 Subject: Ruleset patterns... In-Reply-To: <47F64361.2040107@ecs.soton.ac.uk> References: <6041A315-0699-43C4-8E27-1117DDE92C27@globeserver.com> <47F64361.2040107@ecs.soton.ac.uk> Message-ID: <057CC7AA-BC4B-4A52-9BFD-ACC559CD5761@globeserver.com> Ahhh - I didn't see the README. I was looking at the docs online (wiki). Thanks Julian !!! Phil On Apr 4, 2008, at 11:04 AM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Philip Butler wrote: >> Hi all, >> >> I don't think this is possible, but I thought I'd ask anyway.... >> >> In a MailScanner ruleset, is it possible to use a netmask in a >> pattern ?? > Of course! > > It supports several different formats. > Cut straight from /etc/MailScanner/rules/README, here they are: > 192.168.21. # Any SMTP client IP address in this network > 192.168.21 # Any SMTP client IP address in this network > 192.168.21.0/255.255.255.0 # Any SMTP client IP address in this > network > 192.168.21.0/24 # Any SMTP client IP address in this network > /pattern-with-no-letters/ # Any SMTP client IP address matching > this > # Perl regular expression > /^192\.168\.1[4567]\./ # Any SMTP client IP address in the > networks > # 192.168.14 - 192.168.17 > >> >> For example: >> >> From: 10.0.0.0/255.255.252.0 yes >> >> I know that this could be expanded to multiple lines and I see things >> like: >> >> /^192\.168\.1[4567]\./ >> >> in the documentation, but it would be much easier to read with an >> ip/netmask format. >> >> Please excuse me if I am off-base. >> >> Thanks, >> >> Phil >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH9kNiEfZZRxQVtlQRApA4AJ9q69qw/aVrvPP+1skSDDr6RglPgwCeI1nS > H48KEvdVvS6wfAz6wypop/4= > =7e7t > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From vernon at comp-wiz.com Fri Apr 4 16:24:46 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Fri Apr 4 16:25:53 2008 Subject: False Positive, How do I resolve this? In-Reply-To: References: <47F62636.1040206@ecs.soton.ac.uk> Message-ID: <07b601c89668$0a7b3130$1f719390$@com> I have a client who sends email attachments in a zip file. The files (as you can see below) are named the way the client needs them to be. How do I get around this? The virus detector said this about the message: Report: Report: MailScanner: Found possible filename hiding (Supervisor.Sales.Rep.htm) Report: MailScanner: Found possible filename hiding (Director.of.Mktg.Corp.Sales.Mgr.Recruiting.Mgr.htm) Report: MailScanner: Found possible filename hiding (Sales.Call.Cen.htm) Report: MailScanner: Found possible filename hiding (Medical.Sales.Rep.htm) Report: MailScanner: Found possible filename hiding (Sales.agent.Customer.service.Adm.htm) Report: MailScanner: Found possible filename hiding (E.5.Sgt.htm) Report: MailScanner: Found possible filename hiding (Successful.and.htm) Report: MailScanner: Found possible filename hiding (Focused.on.Res.htm) Report: MailScanner: Found possible filename hiding (Area.Sales.Mgr.htm) Report: MailScanner: Found possible filename hiding (Operations.Man.htm) Report: MailScanner: Found possible filename hiding (SALES.REP.htm) Report: MailScanner: Found possible filename hiding (sales.man.htm) Report: MailScanner: Found possible filename hiding (insurancec.rep.htm) Report: MailScanner: Found possible filename hiding (Senior.Sales.Rep.htm) -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From martyn at invictawiz.com Fri Apr 4 16:37:21 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Fri Apr 4 16:39:31 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F4CBF1.70708@pixelhammer.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3D7A5.5040509@pixelhammer.com> <47F4BCB8.7030000@invictawiz.com> <47F4CBF1.70708@pixelhammer.com> Message-ID: <47F64B31.6090706@invictawiz.com> DAve wrote: > Martyn Routley wrote: >> DAve wrote: >>> DAve wrote: >>> >>> I moved the incoming dir to a tmpfs mount (mdmfs on freebsd) no >>> change in processing time. >>> >>> I am getting really stumped now. >>> >>> DAve >>> >>> >>> >> What is your hardware? >> We had random processing times when running 6.2 on one of our >> servers. (Single P4 dual core) >> I upgraded in place to 7.0 (using FreeBsd Update >> (http://www.freebsd.org/releases/7.0R/announce.html) and now the >> emails don't touch the sides. >> Getting Sophos to work was a bind though. >> > > Interesting, do you know the upgrade helped? I am always leery of > "upgrade" as a solution unless I know why the upgrade is the solution. > > Server 1 > Intel(R) Xeon(TM) CPU 2.40GHz Quad Core > 2GB ram > Quatum Atlas SCSI drives, one for the system and one for the spool dir > > Server 2 > Intel(R) Xeon(TM) CPU 2.40GHz Quad Core > 2GB ram > Maxtor SATA drives, one for the system and one for the spool dir > > DAve > Good question. All that changed was the os version and the fact that I rebuilt all installed ports. The server went from a 5 minute av of 7+ to 3.5 or less and from having 30 + messages waiting to be processed to having MailScanner waiting for messages most of the time. MS config/version didn't change I don't discount the possibility that rebuilding all of the installed ports helped. -- Martyn Routley -------------------------------------------------------- Invictawiz - The Internet in Plain English, Guaranteed web: http://www.invictawiz.com voip: 6000@sip.invictawiz.com phone: 0845 003 9020 Reg Addr: 9 Eastmead Ave, Ashford, Kent, TN23 7SB Co. No: 04253262 -------------------------------------------------------- ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- From brose at med.wayne.edu Fri Apr 4 16:39:39 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Apr 4 16:40:25 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <07b601c89668$0a7b3130$1f719390$@com> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com> Message-ID: <610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> Zip or rename the files without all those periods. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon Webb Sent: Friday, April 04, 2008 11:25 AM To: 'MailScanner discussion' Subject: False Positive, How do I resolve this? I have a client who sends email attachments in a zip file. The files (as you can see below) are named the way the client needs them to be. How do I get around this? The virus detector said this about the message: Report: Report: MailScanner: Found possible filename hiding (Supervisor.Sales.Rep.htm) Report: MailScanner: Found possible filename hiding (Director.of.Mktg.Corp.Sales.Mgr.Recruiting.Mgr.htm) Report: MailScanner: Found possible filename hiding (Sales.Call.Cen.htm) Report: MailScanner: Found possible filename hiding (Medical.Sales.Rep.htm) Report: MailScanner: Found possible filename hiding (Sales.agent.Customer.service.Adm.htm) Report: MailScanner: Found possible filename hiding (E.5.Sgt.htm) Report: MailScanner: Found possible filename hiding (Successful.and.htm) Report: MailScanner: Found possible filename hiding (Focused.on.Res.htm) Report: MailScanner: Found possible filename hiding (Area.Sales.Mgr.htm) Report: MailScanner: Found possible filename hiding (Operations.Man.htm) Report: MailScanner: Found possible filename hiding (SALES.REP.htm) Report: MailScanner: Found possible filename hiding (sales.man.htm) Report: MailScanner: Found possible filename hiding (insurancec.rep.htm) Report: MailScanner: Found possible filename hiding (Senior.Sales.Rep.htm) -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From thenrique at gmail.com Fri Apr 4 16:45:07 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Fri Apr 4 16:45:47 2008 Subject: File Type Check Problem In-Reply-To: <47F63D8D.3070105@ecs.soton.ac.uk> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> <47F548BE.8030804@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0E20@HOUPEX01.nfsmith.info> <47F63D8D.3070105@ecs.soton.ac.uk> Message-ID: Hy Jules, I have changed the rules in filetype.rules.conf to: deny - x-dosexec No DOS executables No DOS programs allowed But a simple mail with png attachment is considered DOS program: Reporte: MailScanner: No DOS programs allowed (powerphplist.png) When i run file command in the blocked attachment the result is: mail01 1ADE250F95.6ACCF # file -i powerphplist.png powerphplist.png: image/png mail01 1ADE250F95.6ACCF # file powerphplist.png powerphplist.png: PNG image data, 70 x 30, 8-bit colormap, non-interlaced I try to write a new rule: allow - text/plain - permited permited But the mail has blocked again. What is magical to work? On Fri, Apr 4, 2008 at 11:39 AM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Mike Kercher wrote: > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Julian Field > >> Sent: Thursday, April 03, 2008 3:21 PM > >> To: MailScanner discussion > >> Subject: Re: File Type Check Problem > >> > >> > >> > >> Mike Kercher wrote: > >> > >> > >>> I've been searching and haven't found a resolution for this yet. > >>> > >>> Periodically, we get emails with attachments coming through that are > >>> not being detected properly. MailScanner reports: > >>> > >>> MailScanner: No programs allowed (msg-10410-101.txt) > >>> > >>> > >>> > >> This is being caught by the filetype trap. > >> > >> > >>> If I go look at the quarantined email in MailWatch and download the > >>> attachment, it is a PDF. > >>> > >>> > >> That may be what the filename says, but what does the "file" command > >> report? > >> > >> > >>> There was talk of the file -i command switch. > >>> Is this something that needs to be set in MailScanner.conf? > >>> > >>> > >>> > >> No, just read the latest filetype.rules.conf and filename.rules.conf > >> files, the comments at the top of each file tell you how to use it. > >> There is also an example line in filetype.rules.conf for you to copy. > >> > >> > >> > >>> TIA > >>> > >>> Mike > >>> > >>> > >>> > >> Jules > >> > >> -- > >> > >> Jules, > >> > >> Running file against the message yields the following: > >> > >> [root@HOUPMS02 m334jSTE009852]# file message > >> message: smtp mail text > >> [root@HOUPMS02 m334jSTE009852]# file -i message > >> message: message/rfc822\011 > >> > >> Not quite sure what changing the filetype.rules.conf would do for me > >> here. > >> > >> > > No! I meat you to run the "file" command on the attachment, not the > > message! :-( Funnily enough, when you run it on the message it says it's > > a message :-) > > > > Jules > > > > -------- > > > > Sorry about that :) Here's the output of file run against the > > attachment itself: > > > > [root@HOUPMS01 ~]# file OSC81.pdf > > OSC81.pdf: PDF document, version 1.3 > > > > [root@HOUPMS01 ~]# file -i OSC81.pdf > > OSC81.pdf: application/pdf > > > Have just checked your original report, and it wasn't the attachment it > blocked, it was the main message body (hence the "txt" extension with > the unusual filename). Harder to stop that unless you switch from using > the "executable" trap in filetype.rules.conf to a replacement trap using > the MIME type reported by file -i instead (see comments at the start of > filetype.rules.conf). > > Mike > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH9j2OEfZZRxQVtlQRAmZiAJwPS5jjxhoukvmFSoj5JYyMGP8U+QCgzMdS > bHrfC2GyNSDz4ZOdqsl9zSw= > =knIJ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/f9c5462b/attachment-0001.html From maillists at conactive.com Fri Apr 4 16:45:59 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Apr 4 16:47:00 2008 Subject: SA times out In-Reply-To: <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> References: <47F39721.3000603@ecs.soton.ac.uk> <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> Message-ID: Glenn Steen wrote on Fri, 4 Apr 2008 09:57:21 +0200: > Sorry if you already supplied this, but what do you have for the > different SA paths in MailScanner.conf? Good suggestion. There must have been indeed a bug in that MS version. # The rules created by the "sa-update" tool are searched for here. # This directory contains the spamassassin/3.001001/updates_spamassassin_org # directory structure beneath it. # Only un-comment this setting once you have proved that the sa-update # cron job has run successfully and has created a directory structure under # the spamassassin directory within this one and has put some *.cf files in # there. Otherwise it will ignore all your current rules! # The default location may be /var/opt on Solaris systems. SpamAssassin Local State Dir = /var/lib A newer MS version has this: # The rules created by the "sa-update" tool are searched for here. # This directory contains the 3.001001/updates_spamassassin_org # directory structure beneath it. # Only un-comment this setting once you have proved that the sa-update # cron job has run successfully and has created a directory structure under # the spamassassin directory within this one and has put some *.cf files in # there. Otherwise it will ignore all your current rules! # The default location may be /var/opt on Solaris systems. SpamAssassin Local State Dir = # /var/lib/spamassassin It seems the code is the same, but documentation (compare the second line!) and update_mailscanner_conf where not correct. I changed that line to SpamAssassin Local State Dir = /var/lib/spamassassin and it uses now the correct rules. However, MS still times out. The first time I tried it almost came to an end, but eventually timed out, anyway. It definitely takes much longer than via command-line. I then upped the time-out to 240 seconds, but now I hit a new phenomenon. The message is just removed from mqueue.in and Mailwatch shows again that it times out. But MailScanner doesn't print anymore (to the log, it doesn't do this in the debug output) that it hits a timeout. It almost immediately finishes and doesn't process the message. Could this be the sa cache of MS? If so, I don't understand why that didn't hit earlier and also I don't see anything about it in the debug output. > > > What's wrong here, Jules? Could this be a problem with this somewhat old > > version of MS? (4.54.6) > > > Might be, there's been a lot of water under the bridge... and all that:-). > ISTR there being a rather heated discussion back somewhere there on > how to make MS notice the sa-update stuff, leading to some rather bad > setups with wrongly specified paths in MailScanner.conf (a modern SA > should be able to find these things by itself, no need to "help" it... > mostly:-). The command-line SA doesn't have this problem. It's the Mail::Spamassassin perl module. Either it needs these data or it should not get these data as it can determine them by itself (then they shouldn't be set in MailScanner.conf) - I don't know. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From stef at aoc-uk.com Fri Apr 4 16:47:22 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Fri Apr 4 16:48:11 2008 Subject: Sophos not running correctly after most recent update - Fixed! In-Reply-To: References: <200804041253.m34Cr4TI032030@safir.blacknight.ie> Message-ID: <200804041548.m34FlcSa010929@safir.blacknight.ie> Hi, -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 04 April 2008 14:33 To: MailScanner discussion Subject: Re: Sophos not running correctly after most recent update You're running an old MailScanner, and need (at least) a newer sophos-autoupdate. I have attached the latest version of this script to this message. Replace the one in /usr/lib/MailScanner/sophos-autoupdate with the uncompressed copy from this message. --- All working now - Many thanks Julian! I guess I had better schedule an MS upgrade. # ./sophos-wrapper /usr/local/Sophos SWEEP virus detection utility Version 4.28.0 [Linux/Intel] Virus data version 4.28, April 2008 Includes detection for 381187 viruses, trojans and worms Copyright (c) 1989-2008 Sophos Plc, www.sophos.com Regards Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From mkettler at evi-inc.com Fri Apr 4 16:59:48 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 4 17:00:33 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <07b601c89668$0a7b3130$1f719390$@com> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com> Message-ID: <47F65074.6060302@evi-inc.com> Vernon Webb wrote: > I have a client who sends email attachments in a zip file. The files (as you > can see below) are named the way the client needs them to be. How do I get > around this? Maximum Archive Depth = 0 Otherwise, MailScanner will traverse into zipfiles and apply filename.rules to files inside the archive. Note this doesn't affect AV scanning, as the AV engines themselves decompress archives. MailScanner doesn't traverse into archives for AV purposes. From kkobb at skylinecorp.com Fri Apr 4 16:57:15 2008 From: kkobb at skylinecorp.com (Kevin Kobb) Date: Fri Apr 4 17:00:40 2008 Subject: Having problems installing on FreeBSD 64 Bit In-Reply-To: References: Message-ID: Andrew Chester wrote: > > Hi All > > I'm having a problem installing MS on FreeBSD 6.3 64 Bit, I've updated > the ports tree a few times now and it has MailScanner 4.67.6_1 - but > when I try install it thru the ports tree, I keep getting this error: > "bdc-7.0.1_2 is only for i386, while you are running amd64". This > happens when the MS installation runs through it's dependancy list, I > have tried to find a 64bit package for bdc but can only find the i386 > package. > > I dont know why this is happening or what's gone wrong as I've installed > MS on the same version of FreeBSD on another gateway, also 64 Bit, > without a problem. > > If anyone can advise on what to do, it would be greatly appreciated - > thank you. > > Kind Regards, > Andrew > ------------------------------------------------------------------------ > CONFIDENTIALITY CLAUSE > This message is intended only for the use of the individual or entity to > which it is addressed and contains information that is privileged and > confidential. If the reader of this message is not the intended > recipient, or the employee or agent responsible for delivering the > message to the intended recipient, you are hereby notified that any > dissemination, distribution or copying of this communication is strictly > prohibited. If you have received this communication in error, please > notify the sender by telephone. > Perhaps you could try this. cd /usr/ports/mail/mailscanner make clean make rmconfig make config When you run 'make config' to not check the box for BitDefender. Then, try to install as usual. From mkettler at evi-inc.com Fri Apr 4 17:01:25 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 4 17:01:48 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com> <610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47F650D5.6080900@evi-inc.com> Rose, Bobby wrote: > Zip or rename the files without all those periods. They are in a zipfile, as per Vernon's original message. However, MailScanner by default digs into zipfiles and applies filename rules there. So zipping won't help you with a MailScanner config where "Maximum Archive Depth" isn't set to 0. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon > Webb > Sent: Friday, April 04, 2008 11:25 AM > To: 'MailScanner discussion' > Subject: False Positive, How do I resolve this? > > I have a client who sends email attachments in a zip file. The files (as > you can see below) are named the way the client needs them to be. How do > I get around this? From MailScanner at ecs.soton.ac.uk Fri Apr 4 17:08:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 17:09:43 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F64B31.6090706@invictawiz.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3D7A5.5040509@pixelhammer.com> <47F4BCB8.7030000@invictawiz.com> <47F4CBF1.70708@pixelhammer.com> <47F64B31.6090706@invictawiz.com> Message-ID: <47F65299.70006@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martyn Routley wrote: > DAve wrote: >> Martyn Routley wrote: >>> DAve wrote: >>>> DAve wrote: >>>> >>>> I moved the incoming dir to a tmpfs mount (mdmfs on freebsd) no >>>> change in processing time. >>>> >>>> I am getting really stumped now. >>>> >>>> DAve >>>> >>>> >>>> >>> What is your hardware? >>> We had random processing times when running 6.2 on one of our >>> servers. (Single P4 dual core) >>> I upgraded in place to 7.0 (using FreeBsd Update >>> (http://www.freebsd.org/releases/7.0R/announce.html) and now the >>> emails don't touch the sides. >>> Getting Sophos to work was a bind though. >>> >> >> Interesting, do you know the upgrade helped? I am always leery of >> "upgrade" as a solution unless I know why the upgrade is the solution. >> >> Server 1 >> Intel(R) Xeon(TM) CPU 2.40GHz Quad Core >> 2GB ram >> Quatum Atlas SCSI drives, one for the system and one for the spool dir >> >> Server 2 >> Intel(R) Xeon(TM) CPU 2.40GHz Quad Core >> 2GB ram >> Maxtor SATA drives, one for the system and one for the spool dir >> >> DAve >> > Good question. > All that changed was the os version and the fact that I rebuilt all > installed ports. So, in short, you changed "everything" :-) > > The server went from a 5 minute av of 7+ to 3.5 or less and from > having 30 + messages waiting to be processed to having MailScanner > waiting for messages most of the time. > MS config/version didn't change > I don't discount the possibility that rebuilding all of the installed > ports helped. > Sounds like it's sorted out then, and not really MailScanner's fault after all :-) :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH9lKaEfZZRxQVtlQRAhMEAKDOYKgEPBPd99bf1fhh47LMuaGiugCdFVoq GZqc1Ihnm4Cowfb1Xnm01n0= =sOQl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 4 17:09:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 17:10:02 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com> <610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47F652C7.80702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Or add an 'allow' rule to filename.rules.conf that allows everything ending in \.htm$ Rose, Bobby wrote: > Zip or rename the files without all those periods. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon > Webb > Sent: Friday, April 04, 2008 11:25 AM > To: 'MailScanner discussion' > Subject: False Positive, How do I resolve this? > > I have a client who sends email attachments in a zip file. The files (as > you can see below) are named the way the client needs them to be. How do > I get around this? > > The virus detector said this about the message: > Report: Report: MailScanner: Found possible filename hiding > (Supervisor.Sales.Rep.htm) > Report: MailScanner: Found possible filename hiding > (Director.of.Mktg.Corp.Sales.Mgr.Recruiting.Mgr.htm) > Report: MailScanner: Found possible filename hiding (Sales.Call.Cen.htm) > Report: MailScanner: Found possible filename hiding > (Medical.Sales.Rep.htm) > Report: MailScanner: Found possible filename hiding > (Sales.agent.Customer.service.Adm.htm) > Report: MailScanner: Found possible filename hiding (E.5.Sgt.htm) > Report: MailScanner: Found possible filename hiding (Successful.and.htm) > Report: MailScanner: Found possible filename hiding (Focused.on.Res.htm) > Report: MailScanner: Found possible filename hiding (Area.Sales.Mgr.htm) > Report: MailScanner: Found possible filename hiding (Operations.Man.htm) > Report: MailScanner: Found possible filename hiding (SALES.REP.htm) > Report: MailScanner: Found possible filename hiding (sales.man.htm) > Report: MailScanner: Found possible filename hiding (insurancec.rep.htm) > Report: MailScanner: Found possible filename hiding > (Senior.Sales.Rep.htm) > > > -- > This message has been scanned for viruses and dangerous content at > comp-wiz.com, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH9lLIEfZZRxQVtlQRAsvyAKDJWkaH1Qa+kzTGVQ/kmBDTxcNL0gCgyUdu 6TyA4sBIloiSyJKWaagfu2Y= =cdES -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jlcostinha at halla.pt Fri Apr 4 17:15:38 2008 From: jlcostinha at halla.pt (Jorge Costinha) Date: Fri Apr 4 17:16:15 2008 Subject: Zip Attachments Message-ID: <47F6542A.6090204@halla.pt> i got Zip Attachment = %rules-dir%/filename.rules Attachments min total size to zip = 5000k where in filename.rules i got: From: yes FromOrTo: default no what am i missing? PS- i also have the Maximum Message Size = %rules-dir%/anotherfilename.rules. this is working as it should. thanks in advance. Jorge From MailScanner at ecs.soton.ac.uk Fri Apr 4 17:23:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 17:23:35 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> Message-ID: <47F655F3.8000903@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kai Schaetzl wrote: > Glenn Steen wrote on Fri, 4 Apr 2008 09:57:21 +0200: > > >> Sorry if you already supplied this, but what do you have for the >> different SA paths in MailScanner.conf? >> > > Good suggestion. There must have been indeed a bug in that MS version. > > # The rules created by the "sa-update" tool are searched for here. > # This directory contains the spamassassin/3.001001/updates_spamassassin_org > # directory structure beneath it. > # Only un-comment this setting once you have proved that the sa-update > # cron job has run successfully and has created a directory structure under > # the spamassassin directory within this one and has put some *.cf files in > # there. Otherwise it will ignore all your current rules! > # The default location may be /var/opt on Solaris systems. > SpamAssassin Local State Dir = /var/lib > > A newer MS version has this: > > # The rules created by the "sa-update" tool are searched for here. > # This directory contains the 3.001001/updates_spamassassin_org > # directory structure beneath it. > # Only un-comment this setting once you have proved that the sa-update > # cron job has run successfully and has created a directory structure under > # the spamassassin directory within this one and has put some *.cf files in > # there. Otherwise it will ignore all your current rules! > # The default location may be /var/opt on Solaris systems. > SpamAssassin Local State Dir = # /var/lib/spamassassin > > It seems the code is the same, but documentation (compare the second line!) > and update_mailscanner_conf where not correct. I changed that line to > SpamAssassin Local State Dir = /var/lib/spamassassin > and it uses now the correct rules. > > However, MS still times out. The first time I tried it almost came to an end, > but eventually timed out, anyway. It definitely takes much longer than via > command-line. I then upped the time-out to 240 seconds, but now I hit a new > phenomenon. The message is just removed from mqueue.in and Mailwatch shows > again that it times out. But MailScanner doesn't print anymore (to the log, > it doesn't do this in the debug output) that it hits a timeout. It almost > immediately finishes and doesn't process the message. Could this be the sa > cache of MS? If so, I don't understand why that didn't hit earlier and also I > don't see anything about it in the debug output. > There was a bug (fixed fairly recently, it should be in the ChangeLog) where 'timed out' results were incorrectly cached, as they obviously should not be cached at all. > >>> What's wrong here, Jules? Could this be a problem with this somewhat old >>> version of MS? (4.54.6) >>> >>> >> Might be, there's been a lot of water under the bridge... and all that:-). >> ISTR there being a rather heated discussion back somewhere there on >> how to make MS notice the sa-update stuff, leading to some rather bad >> setups with wrongly specified paths in MailScanner.conf (a modern SA >> should be able to find these things by itself, no need to "help" it... >> mostly:-). >> > > The command-line SA doesn't have this problem. It's the Mail::Spamassassin > perl module. The command-line SA calls the Mail::SpamAssassin perl module to do all the hard work. > Either it needs these data or it should not get these data as it > can determine them by itself (then they shouldn't be set in MailScanner.conf) > - I don't know. > You should usually leave SpamAssassin to work out its paths on its own, it's very rare that you need to specify these paths. Which is why they are in the "*Advanced* SpamAssassin Settings" section of MailScanner.conf. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH9lX0EfZZRxQVtlQRAjUCAJ414CrAK0zjcqGunHuNXKc50paBwwCg0z8I fVdQry9QVRv1ekhGGAGdKVI= =aP/7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From butler at globeserver.com Fri Apr 4 17:40:57 2008 From: butler at globeserver.com (Philip Butler) Date: Fri Apr 4 17:42:14 2008 Subject: Another question about rulesets... Message-ID: Hi all, I have another question about rulesets. I am trying to sign outgoing messages with a signature. Here is my ruleset. 'domain123.com' and 'domain456.com' are "my" test domains (not really mine, but using this as a test). ------------- From: *@domain123.com and to: *@domain123.com no From: *@domain123.com and to: *@domain456.com no From: *@domain123.com yes From: *@domain456.com and to: *@domain123.com no From: *@domain456.com and to: *@domain456.com no From: *@domain456.com yes FromOrTo: default no ------------- It works properly if there is one recipient (internal/external) but the problem is that when I send from test1@domain123.com to test2@domain123.com AND test@anotherdomain.com, the message does not get signed. In other words, if ANY recipient is from a local domain, then the message does not get signed. I would prefer it to be the other way around. Any suggestions as to how I can change the ruleset ?? In a way, I want: ------------- # incoming messages not signed From: NOT *@domain123.com and to: *@domain123.com no From: NOT *@domain123.com and to: *@domain456.com no From: NOT *@domain456.com and to: *@domain123.com no From: NOT *@domain456.com and to: *@domain456.com no # internal messages not signed From: *@domain123.com and ONLY to: *@domain123.com no From: *@domain123.com and ONLY to: *@domain456.com no From: *@domain456.com and ONLY to: *@domain123.com no From: *@domain456.com and ONLY to: *@domain456.com no # All others signed - including mixed local/non-local recipients FromOrTo: default yes ------------- Also, I tried adding: ---- From: 10.1.1.0/255.255.255.0 and to: *@domain123.com no From: 10.1.1.0/255.255.255.0 and to: *@domain456.com no From: 10.1.1.0/255.255.255.0 yes From: 10.34.56.0/255.255.255.0 and to: *@domain123.com no From: 10.34.56.0/255.255.255.0 and to: *@domain456.com no From: 10.34.56.0/255.255.255.0 yes ---- to the ruleset (10.1.1.0 and 10.34.56.0 are "internal" networks) and I kept getting defunct mailscanner processes. This is based on a previous email response from Julian. I am running MS 4.66.5 - I haven't upgraded to the latest and greatest yet. Do I have a syntax problem here ?? Phil From brose at med.wayne.edu Fri Apr 4 18:18:27 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Apr 4 18:19:07 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <47F650D5.6080900@evi-inc.com> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com><610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> <47F650D5.6080900@evi-inc.com> Message-ID: <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> Password protect zip unless you are blocking that. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Friday, April 04, 2008 12:01 PM To: MailScanner discussion Subject: Re: False Positive, How do I resolve this? Rose, Bobby wrote: > Zip or rename the files without all those periods. They are in a zipfile, as per Vernon's original message. However, MailScanner by default digs into zipfiles and applies filename rules there. So zipping won't help you with a MailScanner config where "Maximum Archive Depth" isn't set to 0. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Vernon Webb > Sent: Friday, April 04, 2008 11:25 AM > To: 'MailScanner discussion' > Subject: False Positive, How do I resolve this? > > I have a client who sends email attachments in a zip file. The files > (as you can see below) are named the way the client needs them to be. > How do I get around this? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dave.list at pixelhammer.com Fri Apr 4 19:04:13 2008 From: dave.list at pixelhammer.com (DAve) Date: Fri Apr 4 19:04:57 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F65299.70006@ecs.soton.ac.uk> References: <47F3CD9F.7070406@pixelhammer.com> <47F3D7A5.5040509@pixelhammer.com> <47F4BCB8.7030000@invictawiz.com> <47F4CBF1.70708@pixelhammer.com> <47F64B31.6090706@invictawiz.com> <47F65299.70006@ecs.soton.ac.uk> Message-ID: <47F66D9D.5060902@pixelhammer.com> Julian Field wrote: > Sounds like it's sorted out then, and not really MailScanner's fault > after all :-) :-) > > Jules Every problem I have ever encountered with MailScanner has been an issue with a loose nut between the keyboard and chair. Though I heard rumors of swapping once. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From glenn.steen at gmail.com Fri Apr 4 19:12:57 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 4 19:13:33 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> Message-ID: <223f97700804041112l50a424e8o1e009a7ac09143a@mail.gmail.com> On 04/04/2008, Kai Schaetzl wrote: > Glenn Steen wrote on Fri, 4 Apr 2008 09:57:21 +0200: > > > > Sorry if you already supplied this, but what do you have for the > > different SA paths in MailScanner.conf? > > > Good suggestion. There must have been indeed a bug in that MS version. > > # The rules created by the "sa-update" tool are searched for here. > # This directory contains the spamassassin/3.001001/updates_spamassassin_org > # directory structure beneath it. > # Only un-comment this setting once you have proved that the sa-update > # cron job has run successfully and has created a directory structure under > # the spamassassin directory within this one and has put some *.cf files in > # there. Otherwise it will ignore all your current rules! > # The default location may be /var/opt on Solaris systems. > SpamAssassin Local State Dir = /var/lib > > A newer MS version has this: > > # The rules created by the "sa-update" tool are searched for here. > # This directory contains the 3.001001/updates_spamassassin_org > # directory structure beneath it. > # Only un-comment this setting once you have proved that the sa-update > # cron job has run successfully and has created a directory structure under > # the spamassassin directory within this one and has put some *.cf files in > # there. Otherwise it will ignore all your current rules! > # The default location may be /var/opt on Solaris systems. > SpamAssassin Local State Dir = # /var/lib/spamassassin > > It seems the code is the same, but documentation (compare the second line!) > and update_mailscanner_conf where not correct. I changed that line to > SpamAssassin Local State Dir = /var/lib/spamassassin > and it uses now the correct rules. Go all the way and set a hashmark efore the path (effectively leaving the setting blank, which is how the commandline spamassassing tool does it... See if that doesn't work even better. > However, MS still times out. The first time I tried it almost came to an end, > but eventually timed out, anyway. It definitely takes much longer than via > command-line. I then upped the time-out to 240 seconds, but now I hit a new > phenomenon. The message is just removed from mqueue.in and Mailwatch shows > again that it times out. But MailScanner doesn't print anymore (to the log, > it doesn't do this in the debug output) that it hits a timeout. It almost > immediately finishes and doesn't process the message. Could this be the sa > cache of MS? If so, I don't understand why that didn't hit earlier and also I > don't see anything about it in the debug output. See Jules suggestion... alluded/implied, but still... Time to upgrade;-). Or turn off the SA cache. > > > > > What's wrong here, Jules? Could this be a problem with this somewhat old > > > version of MS? (4.54.6) > > > > > Might be, there's been a lot of water under the bridge... and all that:-). > > ISTR there being a rather heated discussion back somewhere there on > > how to make MS notice the sa-update stuff, leading to some rather bad > > setups with wrongly specified paths in MailScanner.conf (a modern SA > > should be able to find these things by itself, no need to "help" it... > > mostly:-). > > > The command-line SA doesn't have this problem. It's the Mail::Spamassassin > perl module. Either it needs these data or it should not get these data as it > can determine them by itself (then they shouldn't be set in MailScanner.conf) > - I don't know. *If* you need it is pretty obvious... MailScanner won't have a working SA, no rules from the sa-update will fire, while they will with the cmd-line tool... You likely don't need it. Try it and see what happens:-). Perhaps best way to test is to do that long-overdue update:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Fri Apr 4 19:18:25 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Apr 4 19:19:25 2008 Subject: SA times out In-Reply-To: <47F3AA32.50303@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 02 Apr 2008 16:45:54 +0100: > >> but perhaps a feature request could be a > >> CLI switch to specify the message ID so MS only scans the particular > >> message(s) that you're interested in observing. > >> > > Good idea. I'll take a look. Would a single ID do? > All done. It will be in the next release. Ahm, Julian, now that I have used the MS debugging feature a few times I think being able to grab a single ID may be nice, but not really helpful for a production machine. I have to disable at least MS if I want to debug (otherwise it would "steal" the queue files) and usually this is not done within a few seconds, but takes at least five minutes or more, maybe repeatedly. It would be nice if I could specify an alternative queue directory, so I can run a MailScanner instance in parallel to the production daemon and debug files from that directory while the normal sendmail/MS operation isn't affected. I think this would be much more helpful than specifying a certain ID. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Apr 4 19:18:25 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Apr 4 19:19:32 2008 Subject: SA times out In-Reply-To: <47F655F3.8000903@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> <47F655F3.8000903@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Fri, 04 Apr 2008 17:23:15 +0100: > The command-line SA calls the Mail::SpamAssassin perl module to do all > the hard work. But why is it then much faster? At least for this message. I notice that when I debug with MS it first scans some default message, maybe the one SA scans when using "spamassassin -D --lint", only then it grabs a message from the queue. Does this only happen with MS in debug mode? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From campbell at cnpapers.com Fri Apr 4 19:14:09 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Apr 4 19:19:55 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <47F652C7.80702@ecs.soton.ac.uk> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com> <610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> <47F652C7.80702@ecs.soton.ac.uk> Message-ID: <47F66FF1.7090601@cnpapers.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Or add an 'allow' rule to filename.rules.conf that allows everything > ending in \.htm$ > > Rose, Bobby wrote: > >> Zip or rename the files without all those periods. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Vernon >> Webb >> Sent: Friday, April 04, 2008 11:25 AM >> To: 'MailScanner discussion' >> Subject: False Positive, How do I resolve this? >> >> I have a client who sends email attachments in a zip file. The files (as >> you can see below) are named the way the client needs them to be. How do >> I get around this? >> >> The virus detector said this about the message: >> Report: Report: MailScanner: Found possible filename hiding >> (Supervisor.Sales.Rep.htm) >> Report: MailScanner: Found possible filename hiding >> (Director.of.Mktg.Corp.Sales.Mgr.Recruiting.Mgr.htm) >> Report: MailScanner: Found possible filename hiding (Sales.Call.Cen.htm) >> Report: MailScanner: Found possible filename hiding >> (Medical.Sales.Rep.htm) >> Report: MailScanner: Found possible filename hiding >> (Sales.agent.Customer.service.Adm.htm) >> Report: MailScanner: Found possible filename hiding (E.5.Sgt.htm) >> Report: MailScanner: Found possible filename hiding (Successful.and.htm) >> Report: MailScanner: Found possible filename hiding (Focused.on.Res.htm) >> Report: MailScanner: Found possible filename hiding (Area.Sales.Mgr.htm) >> Report: MailScanner: Found possible filename hiding (Operations.Man.htm) >> Report: MailScanner: Found possible filename hiding (SALES.REP.htm) >> Report: MailScanner: Found possible filename hiding (sales.man.htm) >> Report: MailScanner: Found possible filename hiding (insurancec.rep.htm) >> Report: MailScanner: Found possible filename hiding >> (Senior.Sales.Rep.htm) >> >> >> -- >> This message has been scanned for viruses and dangerous content at >> comp-wiz.com, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH9lLIEfZZRxQVtlQRAsvyAKDJWkaH1Qa+kzTGVQ/kmBDTxcNL0gCgyUdu > 6TyA4sBIloiSyJKWaagfu2Y= > =cdES > -----END PGP SIGNATURE----- > > Not really being much help here, but wasn't the underlying reason for this rule fixed by Microsoft in Outlook & Outlook Express ages ago and couldn't the rule that it's tripping over just be deleted? If I am recalling correctly, then, I would find it really strange to still have one of those versions of O or OE still around. I could be wrong though. Since this is such a specific sender with special requirements for file naming, and I am wrong about the M$ fix, I would think a ruleset would work for a solution (if rulesets can be used for the parm). Steve Campbell From glenn.steen at gmail.com Fri Apr 4 19:20:18 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 4 19:20:53 2008 Subject: MailScanner ignoring some rules In-Reply-To: References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> Message-ID: <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> Sorry all, for the top post... a bit too tipsy to really safely (snip) with even a virtual scissor...:-) That all _looks_ mostly OK... So, plan B... You've never used another system to edit the MailScanner.conf or rules file? Like crappy windoze? If so, there might be "non-printable" characters on the end of the line (like a spurious )... Then again, I thought the --lint would catch that... Oh well. Cheers -- Glenn On 04/04/2008, TecnoWay Digital wrote: > MailScanner --lint > > Trying to setlogsock(unix) > Read 817 hostnames from the phishing whitelist > Read 5549 hostnames from the phishing blacklist > Config: calling custom init function SQLBlacklist > Starting up SQL Blacklist > Read 326 blacklist entries > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Config: calling custom init function SQLWhitelist > Starting up SQL Whitelist > Read 40 whitelist entries > Checking version numbers... > Version number in MailScanner.conf (4.68.8) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > MailScanner setting GID to (89) > MailScanner setting UID to (89) > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temporary working directory is > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Using locktype = posix > MailScanner.conf says "Virus Scanners = mcafee" > Found these virus scanners installed: clamav, mcafee > =========================================================================== > Virus and Content Scanning: Starting > /1/eicar.com Found: EICAR test file NOT a virus. > Virus Scanning: McAfee found 1 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 1 viruses > =========================================================================== > Virus Scanner test reports: > McAfee said "/1/eicar.com Found: EICAR test file NOT a virus." > > If any of your virus scanners (clamav,mcafee) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > Config: calling custom end function SQLBlacklist > Closing down by-domain spam blacklist > Config: calling custom end function MailWatchLogging > Config: calling custom end function SQLWhitelist > Closing down by-domain spam whitelist > -------------------------------------------------------------------- > > My MailScanner.conf > > %org-name% = Silmaq > %org-long-name% = Silmaq S.A > %web-site% = www.silmaq.com.br > %etc-dir% = /etc/MailScanner > %report-dir% = /etc/MailScanner/reports/pt_br > %rules-dir% = /etc/MailScanner/rules > %mcp-dir% = /etc/MailScanner/mcp > Max Children = 5 > Run As User = postfix > Run As Group = postfix > Queue Scan Interval = 6 > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > Incoming Work Dir = /var/spool/MailScanner/incoming > Quarantine Dir = /var/spool/MailScanner/quarantine > PID file = /var/run/MailScanner.pid > Restart Every = 7200 > MTA = postfix > Sendmail = /usr/sbin/sendmail > Sendmail2 = /usr/sbin/sendmail > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0600 > Quarantine User = root > Quarantine Group = apache > Quarantine Permissions = 0660 > Max Unscanned Bytes Per Scan = 100m > Max Unsafe Bytes Per Scan = 50m > Max Unscanned Messages Per Scan = 30 > Max Unsafe Messages Per Scan = 30 > Max Normal Queue Size = 800 > Scan Messages = %rules-dir%/scan.messages.rules > Reject Message = no > Maximum Attachments Per Message = 200 > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = no > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 > File Command = /usr/bin/file > File Timeout = 20 > Gunzip Command = /bin/gunzip > Gunzip Timeout = 50 > Unrar Command = /usr/bin/unrar > Unrar Timeout = 50 > Find UU-Encoded Files = no > Maximum Message Size = %rules-dir%/max.message.size.rules > Maximum Attachment Size = -1 > Minimum Attachment Size = -1 > Maximum Archive Depth = 0 > Find Archives By Content = yes > Zip Attachments = no > Attachments Zip Filename = MessageAttachments.zip > Attachments Min Total Size To Zip = 100k > Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe > .mpeg .mp3 .rpm .htm .html .eml > Virus Scanning = yes > Virus Scanners = mcafee > Virus Scanner Timeout = 300 > Deliver Disinfected Files = no > Silent Viruses = HTML-IFrame All-Viruses > Still Deliver Silent Viruses = no > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > Block Encrypted Messages = no > Block Unencrypted Messages = no > Allow Password-Protected Archives = no > Check Filenames In Password-Protected Archives = yes > Allowed Sophos Error Messages = > Sophos IDE Dir = /opt/sophos-av/lib/sav > Sophos Lib Dir = /opt/sophos-av/lib > Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide > Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* > /usr/local/share/clamav/*.cvd > ClamAVmodule Maximum Recursion Level = 8 > ClamAVmodule Maximum Files = 1000 > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > ClamAVmodule Maximum Compression Ratio = 250 > Clamd Port = 3310 > Clamd Socket = /tmp/clamd > Clamd Lock File = # /var/lock/subsys/clamd > Clamd Use Threads = no > ClamAV Full Message Scan = yes > Fpscand Port = 10200 > Dangerous Content Scanning = yes > Allow Partial Messages = no > Allow External Message Bodies = no > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Use Stricter Phishing Net = yes > Highlight Phishing Fraud = yes > Phishing Safe Sites File = > %etc-dir%/phishing.safe.sites.conf > Phishing Bad Sites File = > %etc-dir%/phishing.bad.sites.conf > Country Sub-Domains List = %etc-dir%/country.domains.conf > Allow IFrame Tags = disarm > Allow Form Tags = disarm > Allow Script Tags = disarm > Allow WebBugs = disarm > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap > Known Web Bug Servers = msgtag.com > Web Bug Replacement = > http://www.mailscanner.tv/1x1spacer.gif > Allow Object Codebase Tags = disarm > Convert Dangerous HTML To Text = no > Convert HTML To Text = no > Allow Filenames = > Deny Filenames = > Filename Rules = %etc-dir%/filename.regra.rules > Allow Filetypes = > Allow File MIME Types = > Deny Filetypes = > Deny File MIME Types = > Filetype Rules = %etc-dir%/filetype.rules.conf > Quarantine Infections = yes > Quarantine Silent Viruses = no > Quarantine Modified Body = no > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = no > Keep Spam And MCP Archive Clean = no > Language Strings = %report-dir%/languages.conf > Rejection Report = %report-dir%/rejection.report.txt > Deleted Bad Content Message Report = > %report-dir%/deleted.content.message.txt > Deleted Bad Filename Message Report = > %report-dir%/deleted.filename.message.txt > Deleted Virus Message Report = > %report-dir%/deleted.virus.message.txt > Deleted Size Message Report = > %report-dir%/deleted.size.message.txt > Stored Bad Content Message Report = > %report-dir%/stored.content.message.txt > Stored Bad Filename Message Report = > %report-dir%/stored.filename.message.txt > Stored Virus Message Report = > %report-dir%/stored.virus.message.txt > Stored Size Message Report = > %report-dir%/stored.size.message.txt > Disinfected Report = %report-dir%/disinfected.report.txt > Inline HTML Signature = %report-dir%/inline.sig.html > Inline Text Signature = %report-dir%/inline.sig.txt > Signature Image Filename = %report-dir%/sig.jpg > Signature Image Filename = signature.jpg > Inline HTML Warning = %report-dir%/inline.warning.html > Inline Text Warning = %report-dir%/inline.warning.txt > Sender Content Report = > %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt > Sender Bad Filename Report = > %report-dir%/sender.filename.report.txt > Sender Virus Report = %report-dir%/sender.virus.report.txt > Sender Size Report = %report-dir%/sender.size.report.txt > Hide Incoming Work Dir = yes > Include Scanner Name In Reports = yes > Mail Header = X-%org-name%-MailScanner: > Spam Header = X-%org-name%-MailScanner-SpamCheck: > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > Information Header = X-%org-name%-MailScanner-Information: > Add Envelope From Header = yes > Add Envelope To Header = no > Envelope From Header = X-%org-name%-MailScanner-From: > Envelope To Header = X-%org-name%-MailScanner-To: > Spam Score Character = s > SpamScore Number Instead Of Stars = no > Minimum Stars If On Spam List = 0 > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected > Disinfected Header Value = Disinfected > Information Header Value = Please contact the ISP for more information > Detailed Spam Report = yes > Include Scores In SpamAssassin Report = yes > Always Include SpamAssassin Report = no > Multiple Headers = append > Hostname = the %org-name% ($HOSTNAME) MailScanner > Sign Messages Already Processed = no > Sign Clean Messages = %rules-dir%/regras_assinatura.rules > Attach Image To Signature = no > Attach Image To HTML Message Only = yes > Mark Infected Messages = yes > Mark Unscanned Messages = yes > Unscanned Header Value = Not scanned: please contact your Internet E-Mail > Service Provider for details > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > Deliver Cleaned Messages = yes > Notify Senders = yes > Notify Senders Of Viruses = no > Notify Senders Of Blocked Filenames Or Filetypes = yes > Notify Senders Of Blocked Size Attachments = no > Notify Senders Of Other Blocked Content = yes > Never Notify Senders Of Precedence = list bulk > Scanned Subject Text = {Scanned} > Virus Modify Subject = start > Virus Subject Text = {Virus?} > Filename Modify Subject = start > Filename Subject Text = {Filename?} > Content Modify Subject = start > Content Subject Text = {Dangerous Content?} > Size Modify Subject = start > Size Subject Text = {Size} > Disarmed Modify Subject = start > Disarmed Subject Text = {Disarmed} > Phishing Modify Subject = no > Phishing Subject Text = {Fraud?} > Spam Modify Subject = start > Spam Subject Text = {Spam?} > High Scoring Spam Modify Subject = start > High Scoring Spam Subject Text = {Spam?} > Warning Is Attachment = yes > Attachment Warning Filename = > %org-name%-Attachment-Warning.txt > Attachment Encoding Charset = ISO-8859-1 > Archive Mail = %rules-dir%/copia-email.rules > Send Notices = no > Notices Include Full Headers = yes > Hide Incoming Work Dir in Notices = no > Notice Signature = -- \nMailScanner\nEmail Virus > Scanner\nwww.mailscanner.info > Notices From = teste > Notices To = postmaster > Local Postmaster = postmaster > Spam List Definitions = %etc-dir%/spam.lists.conf > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > Spam Checks = yes > Spam Domain List = > Spam Lists To Be Spam = 1 > Spam Lists To Reach High Score = 3 > Spam List Timeout = 10 > Max Spam List Timeouts = 7 > Spam List Timeouts History = 10 > Is Definitely Not Spam = &SQLWhitelist > Is Definitely Spam = &SQLBlacklist > Definite Spam Is High Scoring = no > Ignore Spam Whitelist If Recipients Exceed = 50 > Max Spam Check Size = 200k > Use Watermarking = no > Add Watermark = yes > Check Watermarks With No Sender = yes > Treat Invalid Watermarks With No Sender as Spam = nothing > Check Watermarks To Skip Spam Checks = yes > Watermark Secret = %org-name%-Secret > Watermark Lifetime = 604800 > Watermark Header = X-%org-name%-MailScanner-Watermark: > Use SpamAssassin = yes > Max SpamAssassin Size = 200k > Required SpamAssassin Score = 6 > High SpamAssassin Score = 10 > SpamAssassin Auto Whitelist = yes > SpamAssassin Timeout = 75 > Max SpamAssassin Timeouts = 10 > SpamAssassin Timeouts History = 30 > Check SpamAssassin If On Spam List = yes > Include Binary Attachments In SpamAssassin = no > Spam Score = yes > Cache SpamAssassin Results = yes > SpamAssassin Cache Database File = > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > Rebuild Bayes Every = 0 > Wait During Bayes Rebuild = no > Use Custom Spam Scanner = no > Max Custom Spam Scanner Size = 20k > Custom Spam Scanner Timeout = 20 > Max Custom Spam Scanner Timeouts = 10 > Custom Spam Scanner Timeout History = 20 > Spam Actions = store > High Scoring Spam Actions = store > Non Spam Actions = deliver header "X-Spam-Status: No" > SpamAssassin Rule Actions = > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = > %report-dir%/sender.spam.rbl.report.txt > Sender SpamAssassin Report = > %report-dir%/sender.spam.sa.report.txt > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > Recipient Spam Report = > %report-dir%/recipient.spam.report.txt > Enable Spam Bounce = %rules-dir%/bounce.rules > Bounce Spam As Attachment = no > Syslog Facility = mail > Log Speed = no > Log Spam = no > Log Non Spam = no > Log Permitted Filenames = no > Log Permitted Filetypes = no > Log Permitted File MIME Types = no > Log Silent Viruses = no > Log Dangerous HTML Tags = no > Log SpamAssassin Rule Actions = no > SpamAssassin Temporary Dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin User State Dir = > /var/spool/MailScanner/spamassassin > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > MCP Checks = yes > First Check = mcp > MCP Required SpamAssassin Score = 1 > MCP High SpamAssassin Score = 10 > MCP Error Score = 1 > MCP Header = X-%org-name%-MailScanner-MCPCheck: > Non MCP Actions = deliver > MCP Actions = forward spam@silmaq.com.br > High Scoring MCP Actions = forward spam@silmaq.com.br > Bounce MCP As Attachment = no > MCP Modify Subject = start > MCP Subject Text = {Lista de Bloqueio} > High Scoring MCP Modify Subject = start > High Scoring MCP Subject Text = {Lista de Bloqueio} > Is Definitely MCP = no > Is Definitely Not MCP = no > Definite MCP Is High Scoring = no > Always Include MCP Report = no > Detailed MCP Report = yes > Include Scores In MCP Report = no > Log MCP = no > MCP Max SpamAssassin Timeouts = 20 > MCP Max SpamAssassin Size = 100k > MCP SpamAssassin Timeout = 10 > MCP SpamAssassin Prefs File = > %mcp-dir%/mcp.spam.assassin.prefs.conf > MCP SpamAssassin User State Dir = > MCP SpamAssassin Local Rules Dir = %mcp-dir% > MCP SpamAssassin Default Rules Dir = %mcp-dir% > MCP SpamAssassin Install Prefix = %mcp-dir% > Recipient MCP Report = > %report-dir%/recipient.mcp.report.txt > Sender MCP Report = %report-dir%/sender.mcp.report.txt > Use Default Rules With Multiple Recipients = no > Spam Score Number Format = %d > MailScanner Version Number = 4.68.8 > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > Debug = no > Debug SpamAssassin = no > Run In Foreground = no > Always Looked Up Last = &MailWatchLogging > Always Looked Up Last After Batch = no > Deliver In Background = yes > Delivery Method = batch > Split Exim Spool = no > Lockfile Dir = /tmp > Custom Functions Dir = > /usr/lib/MailScanner/MailScanner/CustomFunctions > Lock Type = > Syslog Socket Type = > Automatic Syntax Check = yes > Minimum Code Status = supported > > > > > > > > > > ----- Original Message ----- From: "Glenn Steen" > To: "MailScanner discussion" > > Sent: Friday, April 04, 2008 5:09 AM > Subject: Re: MailScanner ignoring some rules > > > > > > > On 04/04/2008, TecnoWay Digital > wrote: > > > > > [root@firewall.silmaq.com.br ~]# ls -lu > > > /etc/MailScanner/rules/scan.messages.rules > > > -rwxrwxrwx 1 root root 76 2008-04-03 21:38 > > > /etc/MailScanner/rules/scan.messages.rules > > > > > (snip) > > > > > [root@firewall.silmaq.com.br ~]# ls -lu > > > /etc/MailScanner/rules/scan.messages.rules > > > -rwxrwxrwx 1 root root 76 2008-04-03 21:38 > > > /etc/MailScanner/rules/scan.messages.rules > > > > > > > So your rule file doesn't egt read at all... Have you shown us the > > snippet of your MailScanner.conf where you use it? Could you do so? > > Also, have you run a "MailScanner --lint" and shown us that output? Please > do... > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Fri Apr 4 19:29:17 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 4 19:30:03 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com><610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> <47F650D5.6080900@evi-inc.com> <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47F6737D.4050309@evi-inc.com> Rose, Bobby wrote: > Password protect zip unless you are blocking that. That shouldn't matter either. It might stop it, but it shouldn't. You can still read the filenames of a password protected zipfile without the password, so there's no technical reason why MailScanner can't still apply filename rules to encrypted zipfiles. From maillists at conactive.com Fri Apr 4 19:31:29 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Apr 4 19:31:57 2008 Subject: Zip Attachments In-Reply-To: <47F6542A.6090204@halla.pt> References: <47F6542A.6090204@halla.pt> Message-ID: Jorge, you didn't tell what your problem is! Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dave.list at pixelhammer.com Fri Apr 4 20:14:23 2008 From: dave.list at pixelhammer.com (DAve) Date: Fri Apr 4 20:15:11 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> Message-ID: <47F67E0F.2040006@pixelhammer.com> Kai Schaetzl wrote: > Julian Field wrote on Wed, 02 Apr 2008 16:45:54 +0100: > >>>> but perhaps a feature request could be a >>>> CLI switch to specify the message ID so MS only scans the particular >>>> message(s) that you're interested in observing. >>>> >>> Good idea. I'll take a look. Would a single ID do? >> All done. It will be in the next release. > > Ahm, Julian, now that I have used the MS debugging feature a few times I > think being able to grab a single ID may be nice, but not really helpful > for a production machine. I have to disable at least MS if I want to debug > (otherwise it would "steal" the queue files) and usually this is not done > within a few seconds, but takes at least five minutes or more, maybe > repeatedly. It would be nice if I could specify an alternative queue > directory, so I can run a MailScanner instance in parallel to the > production daemon and debug files from that directory while the normal > sendmail/MS operation isn't affected. I think this would be much more > helpful than specifying a certain ID. > > Kai > I second the proposal, having used the debug feature several times in the last few days that would be a most excellent addition. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From ssilva at sgvwater.com Fri Apr 4 21:04:31 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 4 21:05:18 2008 Subject: Old free Bitdefender and hit rate Message-ID: Just out of curiosity, has anyone that is still running the old free version of bitdefender (BDC/Linux-Console v7.1 (build 2559))still been getting virus hits with it? I haven't seen anything hit with it for 6 months or so, even though it still updates and shows current. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/086433c0/signature-0001.bin From ssilva at sgvwater.com Fri Apr 4 21:15:08 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 4 21:15:29 2008 Subject: MailScanner ignoring some rules In-Reply-To: <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> Message-ID: on 4-4-2008 11:20 AM Glenn Steen spake the following: > Sorry all, for the top post... a bit too tipsy to really safely (snip) > with even a virtual scissor...:-) > Happy Friday, Glenn!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/f147efbe/signature.bin From glenn.steen at gmail.com Fri Apr 4 21:15:40 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 4 21:16:16 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> <47F655F3.8000903@ecs.soton.ac.uk> Message-ID: <223f97700804041315h42fc6e13h26a0f1c5ceae815d@mail.gmail.com> On 04/04/2008, Kai Schaetzl wrote: > Julian Field wrote on Fri, 04 Apr 2008 17:23:15 +0100: > > > > The command-line SA calls the Mail::SpamAssassin perl module to do all > > the hard work. > > > But why is it then much faster? At least for this message. I notice that > when I debug with MS it first scans some default message, maybe the one SA > scans when using "spamassassin -D --lint", only then it grabs a message > from the queue. Does this only happen with MS in debug mode? Yes. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.list at pixelhammer.com Fri Apr 4 22:03:40 2008 From: dave.list at pixelhammer.com (DAve) Date: Fri Apr 4 22:04:24 2008 Subject: Old free Bitdefender and hit rate In-Reply-To: References: Message-ID: <47F697AC.4080400@pixelhammer.com> Scott Silva wrote: > Just out of curiosity, has anyone that is still running the old free > version of bitdefender (BDC/Linux-Console v7.1 (build 2559))still been > getting virus hits with it? > > I haven't seen anything hit with it for 6 months or so, even though it > still updates and shows current. > We stopped running it last June for that same reason. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From MailScanner at ecs.soton.ac.uk Fri Apr 4 22:33:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 22:34:34 2008 Subject: Zip Attachments In-Reply-To: <47F6542A.6090204@halla.pt> References: <47F6542A.6090204@halla.pt> Message-ID: <47F69EAD.7000808@ecs.soton.ac.uk> Are you saying something doesn't work as expected? You haven't actually said you have a problem, or what the problem is. Plus some basic information such as the output of MailScanner -v would help us to help you. Jorge Costinha wrote: > i got > > Zip Attachment = %rules-dir%/filename.rules > Attachments min total size to zip = 5000k > > where in filename.rules i got: > > From: yes > FromOrTo: default no > > what am i missing? > > PS- i also have the Maximum Message Size = > %rules-dir%/anotherfilename.rules. this is working as it should. > > thanks in advance. > > Jorge > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 4 22:38:53 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 22:39:13 2008 Subject: Another question about rulesets... In-Reply-To: References: Message-ID: <47F69FED.5070003@ecs.soton.ac.uk> You are suffering from an inevitable problem when a message has multiple recipients. MailScanner does not split messages into 1-recipient-per-message itself. If you want to do that, you have to do it separately. This is quite possible in MailScanner using 'queue groups' and has been fairly well documented here before. I believe it is possible in other MTAs as well. I will leave that to other people to explain to you, once you have told us what MTA you are using. The other, easier, alternative that *may* do what you want is to use the MailScanner.conf setting "Use Default Rules With Multiple Recipients". The comments above that explain what its effects are. Hope that helps get you going in the right direction, Jules. Philip Butler wrote: > Hi all, > > I have another question about rulesets. I am trying to sign outgoing > messages with a signature. > > Here is my ruleset. 'domain123.com' and 'domain456.com' are "my" test > domains (not really mine, but using this as a test). > > ------------- > From: *@domain123.com and to: *@domain123.com no > From: *@domain123.com and to: *@domain456.com no > From: *@domain123.com yes > From: *@domain456.com and to: *@domain123.com no > From: *@domain456.com and to: *@domain456.com no > From: *@domain456.com yes > > FromOrTo: default no > ------------- > > > It works properly if there is one recipient (internal/external) but > the problem is that when I send from test1@domain123.com to > test2@domain123.com AND test@anotherdomain.com, the message does not > get signed. In other words, if ANY recipient is from a local domain, > then the message does not get signed. I would prefer it to be the > other way around. > > Any suggestions as to how I can change the ruleset ?? In a way, I want: > > ------------- > # incoming messages not signed > From: NOT *@domain123.com and to: *@domain123.com no > From: NOT *@domain123.com and to: *@domain456.com no > From: NOT *@domain456.com and to: *@domain123.com no > From: NOT *@domain456.com and to: *@domain456.com no > > # internal messages not signed > From: *@domain123.com and ONLY to: *@domain123.com no > From: *@domain123.com and ONLY to: *@domain456.com no > From: *@domain456.com and ONLY to: *@domain123.com no > From: *@domain456.com and ONLY to: *@domain456.com no > > # All others signed - including mixed local/non-local recipients > FromOrTo: default yes > ------------- > > > Also, I tried adding: > > ---- > From: 10.1.1.0/255.255.255.0 and to: *@domain123.com no > From: 10.1.1.0/255.255.255.0 and to: *@domain456.com no > From: 10.1.1.0/255.255.255.0 yes > From: 10.34.56.0/255.255.255.0 and to: *@domain123.com no > From: 10.34.56.0/255.255.255.0 and to: *@domain456.com no > From: 10.34.56.0/255.255.255.0 yes > ---- > > to the ruleset (10.1.1.0 and 10.34.56.0 are "internal" networks) and I > kept getting defunct mailscanner processes. This is based on a > previous email response from Julian. I am running MS 4.66.5 - I > haven't upgraded to the latest and greatest yet. Do I have a syntax > problem here ?? > > Phil > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 4 22:45:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 22:45:40 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> Message-ID: <47F6A16B.5070607@ecs.soton.ac.uk> Kai Schaetzl wrote: > Julian Field wrote on Wed, 02 Apr 2008 16:45:54 +0100: > > >>>> but perhaps a feature request could be a >>>> CLI switch to specify the message ID so MS only scans the particular >>>> message(s) that you're interested in observing. >>>> >>>> >>> Good idea. I'll take a look. Would a single ID do? >>> >> All done. It will be in the next release. >> > > Ahm, Julian, now that I have used the MS debugging feature a few times I > think being able to grab a single ID may be nice, but not really helpful > for a production machine. I have to disable at least MS if I want to debug > (otherwise it would "steal" the queue files) and usually this is not done > within a few seconds, but takes at least five minutes or more, maybe > repeatedly. It would be nice if I could specify an alternative queue > directory, so I can run a MailScanner instance in parallel to the > production daemon and debug files from that directory while the normal > sendmail/MS operation isn't affected. I think this would be much more > helpful than specifying a certain ID. > You can stop MailScanner completely, then restart the incoming sendmail (or whatever MTA you use) so that you are providing email service to your users. Then run MailScanner on the particular ID you want to test it with. Then when you are happy, resume normal operation. Stop everything and start incoming MTA: service MailScanner stop service MailScanner startin Run it on 1 id: MailScanner --debug --id= Start up everything normally service MailScanner restart Should solve the problem for you. Saves me writing more code :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 4 22:50:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 22:51:31 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> <47F655F3.8000903@ecs.soton.ac.uk> Message-ID: <47F6A2B4.70706@ecs.soton.ac.uk> Kai Schaetzl wrote: > Julian Field wrote on Fri, 04 Apr 2008 17:23:15 +0100: > > >> The command-line SA calls the Mail::SpamAssassin perl module to do all >> the hard work. >> > > But why is it then much faster? At least for this message. I notice that > when I debug with MS it first scans some default message, maybe the one SA > scans when using "spamassassin -D --lint", only then it grabs a message > from the queue. Does this only happen with MS in debug mode? > SpamAssassin (by design) has 'compile_once' functionality. This forces Perl to load all the functions required for its operation, and therefore compile them, so that all future messages are processed at the same speed. It implements this by processing a dummy message and throwing away the result. SpamAssassin, like many Perl modules, only loads and compiles the code of functions when they are used for the first time, thereby greatly improving the startup speed and memory footprint of large modules. In Perl terminology, it is called the Dyna-Loader. So to force this to happen, you have to execute all the functions once. SpamAssassin does this by working out the spam score for a dummy message. This is what you see happening when you have --debug-sa specified on the MailScanner command-line. Hopefully that explains what you see happening. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 4 22:54:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 22:54:50 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <47F6737D.4050309@evi-inc.com> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com><610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> <47F650D5.6080900@evi-inc.com> <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> <47F6737D.4050309@evi-inc.com> Message-ID: <47F6A395.6030006@ecs.soton.ac.uk> Matt Kettler wrote: > Rose, Bobby wrote: >> Password protect zip unless you are blocking that. > > That shouldn't matter either. It might stop it, but it shouldn't. > > You can still read the filenames of a password protected zipfile > without the password, so there's no technical reason why MailScanner > can't still apply filename rules to encrypted zipfiles. And indeed it does. You can even switch it on and off, of course :-) Straight out of MailScanner.conf: # Normally, you can still get the filenames out of a password-protected # archive, despite the encryption. So by default filename checks are still # done on these files. However, some people want to suppress this checking # as they allow a few people to receive password-protected archives that # contain things such as .exe's as part of their business needs. This option # can be used to suppress filename checks inside password-protected archives. # This can also be the filename of a ruleset. Check Filenames In Password-Protected Archives = yes Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 4 22:57:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 4 22:57:45 2008 Subject: SA times out In-Reply-To: <47F67E0F.2040006@pixelhammer.com> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> <47F67E0F.2040006@pixelhammer.com> Message-ID: <47F6A442.90109@ecs.soton.ac.uk> DAve wrote: > Kai Schaetzl wrote: >> Julian Field wrote on Wed, 02 Apr 2008 16:45:54 +0100: >> >>>>> but perhaps a feature request could be a >>>>> CLI switch to specify the message ID so MS only scans the particular >>>>> message(s) that you're interested in observing. >>>>> >>>> Good idea. I'll take a look. Would a single ID do? >>> All done. It will be in the next release. >> >> Ahm, Julian, now that I have used the MS debugging feature a few >> times I think being able to grab a single ID may be nice, but not >> really helpful for a production machine. I have to disable at least >> MS if I want to debug (otherwise it would "steal" the queue files) >> and usually this is not done within a few seconds, but takes at least >> five minutes or more, maybe repeatedly. It would be nice if I could >> specify an alternative queue directory, so I can run a MailScanner >> instance in parallel to the production daemon and debug files from >> that directory while the normal sendmail/MS operation isn't affected. >> I think this would be much more helpful than specifying a certain ID. >> >> Kai >> > > I second the proposal, having used the debug feature several times in > the last few days that would be a most excellent addition. Okay, I'll take a look this weekend. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Apr 4 23:15:30 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Apr 4 23:16:14 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> References: <47F62636.1040206@ecs.soton.ac.uk><07b601c89668$0a7b3130$1f719390$@com><610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu><47F650D5.6080900@evi-inc.com> <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> Message-ID: <024d01c896a1$64e7c0f0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rose, Bobby > Sent: Friday, April 04, 2008 1:18 PM > To: MailScanner discussion > Subject: RE: False Positive, How do I resolve this? > > Password protect zip unless you are blocking that. > > This is not true, the directory of the zip can still be accessed and MS still checks the file names in password protected zip/rar files it just can't virus scan or check the actual "type" Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Friday, April 04, 2008 12:01 PM > To: MailScanner discussion > Subject: Re: False Positive, How do I resolve this? > > Rose, Bobby wrote: > > Zip or rename the files without all those periods. > > They are in a zipfile, as per Vernon's original message. > > However, MailScanner by default digs into zipfiles and > applies filename > rules there. So zipping won't help you with a MailScanner > config where > "Maximum Archive Depth" isn't set to 0. > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Vernon Webb > > Sent: Friday, April 04, 2008 11:25 AM > > To: 'MailScanner discussion' > > Subject: False Positive, How do I resolve this? > > > > I have a client who sends email attachments in a zip file. > The files > > (as you can see below) are named the way the client needs > them to be. > > How do I get around this? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Apr 4 23:26:31 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Apr 4 23:26:49 2008 Subject: MailScanner ignoring some rules In-Reply-To: <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br><47F46B28.2050507@vanderkooij.org><47F53B57.1070307@ecs.soton.ac.uk><8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03><223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> Message-ID: <024e01c896a2$ef080e10$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn Steen > Sent: Friday, April 04, 2008 2:20 PM > To: MailScanner discussion > Subject: Re: MailScanner ignoring some rules > > Sorry all, for the top post... a bit too tipsy to really > safely (snip) > with even a virtual scissor...:-) > > That all _looks_ mostly OK... So, plan B... You've never used another > system to edit the MailScanner.conf or rules file? Like crappy > windoze? If so, there might be "non-printable" characters on the end > of the line (like a spurious )... Then again, I thought > the --lint > would catch that... Oh well. > > Cheers > -- Glenn Hey, Glenn, 99.9% of the time I edit all my *nix files with a windows only program. Boxer text editor. Been using it since it was a little dos pup. It's a really nice editor geared primarily towards programming and it handles DOS, Unix and MAC files as it sees them and I have the default save mode set to unix. Since I haven't the luxury of choosing my primary desktop OS I find boxer invaluable as all my servers (except 3 vendor managed specialty servers) are Linux boxes and with it's built in ftp open/save and projects I can't imagine living without it. BTW: You have given me a great idea, instead of worrying about running out of my Oxicotin, Percocet and vicodon I should just grab a bottle of Jack or 151 and I bet I can keep the pain down all weekend long without a single pill! ;->) > > On 04/04/2008, TecnoWay Digital > wrote: > > MailScanner --lint > > > > Trying to setlogsock(unix) > > Read 817 hostnames from the phishing whitelist > > Read 5549 hostnames from the phishing blacklist > > Config: calling custom init function SQLBlacklist > > Starting up SQL Blacklist > > Read 326 blacklist entries > > Config: calling custom init function MailWatchLogging > > Started SQL Logging child > > Config: calling custom init function SQLWhitelist > > Starting up SQL Whitelist > > Read 40 whitelist entries > > Checking version numbers... > > Version number in MailScanner.conf (4.68.8) is correct. > > > > Your envelope_sender_header in spam.assassin.prefs.conf > is correct. > > MailScanner setting GID to (89) > > MailScanner setting UID to (89) > > > > Checking for SpamAssassin errors (if you use it)... > > SpamAssassin temporary working directory is > > /var/spool/MailScanner/incoming/SpamAssassin-Temp > > SpamAssassin temp dir = > > /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > > SpamAssassin reported no errors. > > Using locktype = posix > > MailScanner.conf says "Virus Scanners = mcafee" > > Found these virus scanners installed: clamav, mcafee > > > ============================================================= > ============== > > Virus and Content Scanning: Starting > > /1/eicar.com Found: EICAR test file NOT a virus. > > Virus Scanning: McAfee found 1 infections > > Infected message 1 came from 10.1.1.1 > > Virus Scanning: Found 1 viruses > > > ============================================================= > ============== > > Virus Scanner test reports: > > McAfee said "/1/eicar.com Found: EICAR test file > NOT a virus." > > > > If any of your virus scanners (clamav,mcafee) > > are not listed there, you should check that they are > installed correctly > > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > Config: calling custom end function SQLBlacklist > > Closing down by-domain spam blacklist > > Config: calling custom end function MailWatchLogging > > Config: calling custom end function SQLWhitelist > > Closing down by-domain spam whitelist > > > -------------------------------------------------------------------- > > > > My MailScanner.conf > > > > %org-name% = Silmaq > > %org-long-name% = Silmaq S.A > > %web-site% = www.silmaq.com.br > > %etc-dir% = /etc/MailScanner > > %report-dir% = /etc/MailScanner/reports/pt_br > > %rules-dir% = /etc/MailScanner/rules > > %mcp-dir% = /etc/MailScanner/mcp > > Max Children = 5 > > Run As User = postfix > > Run As Group = postfix > > Queue Scan Interval = 6 > > Incoming Queue Dir = /var/spool/postfix/hold > > Outgoing Queue Dir = /var/spool/postfix/incoming > > Incoming Work Dir = /var/spool/MailScanner/incoming > > Quarantine Dir = /var/spool/MailScanner/quarantine > > PID file = /var/run/MailScanner.pid > > Restart Every = 7200 > > MTA = postfix > > Sendmail = /usr/sbin/sendmail > > Sendmail2 = /usr/sbin/sendmail > > Incoming Work User = > > Incoming Work Group = > > Incoming Work Permissions = 0600 > > Quarantine User = root > > Quarantine Group = apache > > Quarantine Permissions = 0660 > > Max Unscanned Bytes Per Scan = 100m > > Max Unsafe Bytes Per Scan = 50m > > Max Unscanned Messages Per Scan = 30 > > Max Unsafe Messages Per Scan = 30 > > Max Normal Queue Size = 800 > > Scan Messages = %rules-dir%/scan.messages.rules > > Reject Message = no > > Maximum Attachments Per Message = 200 > > Expand TNEF = yes > > Use TNEF Contents = replace > > Deliver Unparsable TNEF = no > > TNEF Expander = /usr/bin/tnef --maxsize=100000000 > > TNEF Timeout = 120 > > File Command = /usr/bin/file > > File Timeout = 20 > > Gunzip Command = /bin/gunzip > > Gunzip Timeout = 50 > > Unrar Command = /usr/bin/unrar > > Unrar Timeout = 50 > > Find UU-Encoded Files = no > > Maximum Message Size = %rules-dir%/max.message.size.rules > > Maximum Attachment Size = -1 > > Minimum Attachment Size = -1 > > Maximum Archive Depth = 0 > > Find Archives By Content = yes > > Zip Attachments = no > > Attachments Zip Filename = MessageAttachments.zip > > Attachments Min Total Size To Zip = 100k > > Attachment Extensions Not To Zip = .zip .rar .gz .tgz > .jpg .jpeg .mpg .mpe > > .mpeg .mp3 .rpm .htm .html .eml > > Virus Scanning = yes > > Virus Scanners = mcafee > > Virus Scanner Timeout = 300 > > Deliver Disinfected Files = no > > Silent Viruses = HTML-IFrame All-Viruses > > Still Deliver Silent Viruses = no > > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar > > Block Encrypted Messages = no > > Block Unencrypted Messages = no > > Allow Password-Protected Archives = no > > Check Filenames In Password-Protected Archives = yes > > Allowed Sophos Error Messages = > > Sophos IDE Dir = /opt/sophos-av/lib/sav > > Sophos Lib Dir = /opt/sophos-av/lib > > Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide > > Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* > > /usr/local/share/clamav/*.cvd > > ClamAVmodule Maximum Recursion Level = 8 > > ClamAVmodule Maximum Files = 1000 > > ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) > > ClamAVmodule Maximum Compression Ratio = 250 > > Clamd Port = 3310 > > Clamd Socket = /tmp/clamd > > Clamd Lock File = # /var/lock/subsys/clamd > > Clamd Use Threads = no > > ClamAV Full Message Scan = yes > > Fpscand Port = 10200 > > Dangerous Content Scanning = yes > > Allow Partial Messages = no > > Allow External Message Bodies = no > > Find Phishing Fraud = yes > > Also Find Numeric Phishing = yes > > Use Stricter Phishing Net = yes > > Highlight Phishing Fraud = yes > > Phishing Safe Sites File = > > %etc-dir%/phishing.safe.sites.conf > > Phishing Bad Sites File = > > %etc-dir%/phishing.bad.sites.conf > > Country Sub-Domains List = %etc-dir%/country.domains.conf > > Allow IFrame Tags = disarm > > Allow Form Tags = disarm > > Allow Script Tags = disarm > > Allow WebBugs = disarm > > Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap > > Known Web Bug Servers = msgtag.com > > Web Bug Replacement = > > http://www.mailscanner.tv/1x1spacer.gif > > Allow Object Codebase Tags = disarm > > Convert Dangerous HTML To Text = no > > Convert HTML To Text = no > > Allow Filenames = > > Deny Filenames = > > Filename Rules = %etc-dir%/filename.regra.rules > > Allow Filetypes = > > Allow File MIME Types = > > Deny Filetypes = > > Deny File MIME Types = > > Filetype Rules = %etc-dir%/filetype.rules.conf > > Quarantine Infections = yes > > Quarantine Silent Viruses = no > > Quarantine Modified Body = no > > Quarantine Whole Message = yes > > Quarantine Whole Messages As Queue Files = no > > Keep Spam And MCP Archive Clean = no > > Language Strings = %report-dir%/languages.conf > > Rejection Report = %report-dir%/rejection.report.txt > > Deleted Bad Content Message Report = > > %report-dir%/deleted.content.message.txt > > Deleted Bad Filename Message Report = > > %report-dir%/deleted.filename.message.txt > > Deleted Virus Message Report = > > %report-dir%/deleted.virus.message.txt > > Deleted Size Message Report = > > %report-dir%/deleted.size.message.txt > > Stored Bad Content Message Report = > > %report-dir%/stored.content.message.txt > > Stored Bad Filename Message Report = > > %report-dir%/stored.filename.message.txt > > Stored Virus Message Report = > > %report-dir%/stored.virus.message.txt > > Stored Size Message Report = > > %report-dir%/stored.size.message.txt > > Disinfected Report = %report-dir%/disinfected.report.txt > > Inline HTML Signature = %report-dir%/inline.sig.html > > Inline Text Signature = %report-dir%/inline.sig.txt > > Signature Image Filename = %report-dir%/sig.jpg > > Signature Image Filename = signature.jpg > > Inline HTML Warning = %report-dir%/inline.warning.html > > Inline Text Warning = %report-dir%/inline.warning.txt > > Sender Content Report = > > %report-dir%/sender.content.report.txt > > Sender Error Report = %report-dir%/sender.error.report.txt > > Sender Bad Filename Report = > > %report-dir%/sender.filename.report.txt > > Sender Virus Report = %report-dir%/sender.virus.report.txt > > Sender Size Report = %report-dir%/sender.size.report.txt > > Hide Incoming Work Dir = yes > > Include Scanner Name In Reports = yes > > Mail Header = X-%org-name%-MailScanner: > > Spam Header = X-%org-name%-MailScanner-SpamCheck: > > Spam Score Header = X-%org-name%-MailScanner-SpamScore: > > Information Header = X-%org-name%-MailScanner-Information: > > Add Envelope From Header = yes > > Add Envelope To Header = no > > Envelope From Header = X-%org-name%-MailScanner-From: > > Envelope To Header = X-%org-name%-MailScanner-To: > > Spam Score Character = s > > SpamScore Number Instead Of Stars = no > > Minimum Stars If On Spam List = 0 > > Clean Header Value = Found to be clean > > Infected Header Value = Found to be infected > > Disinfected Header Value = Disinfected > > Information Header Value = Please contact the ISP for > more information > > Detailed Spam Report = yes > > Include Scores In SpamAssassin Report = yes > > Always Include SpamAssassin Report = no > > Multiple Headers = append > > Hostname = the %org-name% ($HOSTNAME) MailScanner > > Sign Messages Already Processed = no > > Sign Clean Messages = %rules-dir%/regras_assinatura.rules > > Attach Image To Signature = no > > Attach Image To HTML Message Only = yes > > Mark Infected Messages = yes > > Mark Unscanned Messages = yes > > Unscanned Header Value = Not scanned: please contact your > Internet E-Mail > > Service Provider for details > > Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: > > Deliver Cleaned Messages = yes > > Notify Senders = yes > > Notify Senders Of Viruses = no > > Notify Senders Of Blocked Filenames Or Filetypes = yes > > Notify Senders Of Blocked Size Attachments = no > > Notify Senders Of Other Blocked Content = yes > > Never Notify Senders Of Precedence = list bulk > > Scanned Subject Text = {Scanned} > > Virus Modify Subject = start > > Virus Subject Text = {Virus?} > > Filename Modify Subject = start > > Filename Subject Text = {Filename?} > > Content Modify Subject = start > > Content Subject Text = {Dangerous Content?} > > Size Modify Subject = start > > Size Subject Text = {Size} > > Disarmed Modify Subject = start > > Disarmed Subject Text = {Disarmed} > > Phishing Modify Subject = no > > Phishing Subject Text = {Fraud?} > > Spam Modify Subject = start > > Spam Subject Text = {Spam?} > > High Scoring Spam Modify Subject = start > > High Scoring Spam Subject Text = {Spam?} > > Warning Is Attachment = yes > > Attachment Warning Filename = > > %org-name%-Attachment-Warning.txt > > Attachment Encoding Charset = ISO-8859-1 > > Archive Mail = %rules-dir%/copia-email.rules > > Send Notices = no > > Notices Include Full Headers = yes > > Hide Incoming Work Dir in Notices = no > > Notice Signature = -- \nMailScanner\nEmail Virus > > Scanner\nwww.mailscanner.info > > Notices From = teste > > Notices To = postmaster > > Local Postmaster = postmaster > > Spam List Definitions = %etc-dir%/spam.lists.conf > > Virus Scanner Definitions = %etc-dir%/virus.scanners.conf > > Spam Checks = yes > > Spam Domain List = > > Spam Lists To Be Spam = 1 > > Spam Lists To Reach High Score = 3 > > Spam List Timeout = 10 > > Max Spam List Timeouts = 7 > > Spam List Timeouts History = 10 > > Is Definitely Not Spam = &SQLWhitelist > > Is Definitely Spam = &SQLBlacklist > > Definite Spam Is High Scoring = no > > Ignore Spam Whitelist If Recipients Exceed = 50 > > Max Spam Check Size = 200k > > Use Watermarking = no > > Add Watermark = yes > > Check Watermarks With No Sender = yes > > Treat Invalid Watermarks With No Sender as Spam = nothing > > Check Watermarks To Skip Spam Checks = yes > > Watermark Secret = %org-name%-Secret > > Watermark Lifetime = 604800 > > Watermark Header = X-%org-name%-MailScanner-Watermark: > > Use SpamAssassin = yes > > Max SpamAssassin Size = 200k > > Required SpamAssassin Score = 6 > > High SpamAssassin Score = 10 > > SpamAssassin Auto Whitelist = yes > > SpamAssassin Timeout = 75 > > Max SpamAssassin Timeouts = 10 > > SpamAssassin Timeouts History = 30 > > Check SpamAssassin If On Spam List = yes > > Include Binary Attachments In SpamAssassin = no > > Spam Score = yes > > Cache SpamAssassin Results = yes > > SpamAssassin Cache Database File = > > /var/spool/MailScanner/incoming/SpamAssassin.cache.db > > Rebuild Bayes Every = 0 > > Wait During Bayes Rebuild = no > > Use Custom Spam Scanner = no > > Max Custom Spam Scanner Size = 20k > > Custom Spam Scanner Timeout = 20 > > Max Custom Spam Scanner Timeouts = 10 > > Custom Spam Scanner Timeout History = 20 > > Spam Actions = store > > High Scoring Spam Actions = store > > Non Spam Actions = deliver header "X-Spam-Status: No" > > SpamAssassin Rule Actions = > > Sender Spam Report = %report-dir%/sender.spam.report.txt > > Sender Spam List Report = > > %report-dir%/sender.spam.rbl.report.txt > > Sender SpamAssassin Report = > > %report-dir%/sender.spam.sa.report.txt > > Inline Spam Warning = %report-dir%/inline.spam.warning.txt > > Recipient Spam Report = > > %report-dir%/recipient.spam.report.txt > > Enable Spam Bounce = %rules-dir%/bounce.rules > > Bounce Spam As Attachment = no > > Syslog Facility = mail > > Log Speed = no > > Log Spam = no > > Log Non Spam = no > > Log Permitted Filenames = no > > Log Permitted Filetypes = no > > Log Permitted File MIME Types = no > > Log Silent Viruses = no > > Log Dangerous HTML Tags = no > > Log SpamAssassin Rule Actions = no > > SpamAssassin Temporary Dir = > > /var/spool/MailScanner/incoming/SpamAssassin-Temp > > SpamAssassin User State Dir = > > /var/spool/MailScanner/spamassassin > > SpamAssassin Install Prefix = > > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > > SpamAssassin Local Rules Dir = > > SpamAssassin Default Rules Dir = > > MCP Checks = yes > > First Check = mcp > > MCP Required SpamAssassin Score = 1 > > MCP High SpamAssassin Score = 10 > > MCP Error Score = 1 > > MCP Header = X-%org-name%-MailScanner-MCPCheck: > > Non MCP Actions = deliver > > MCP Actions = forward spam@silmaq.com.br > > High Scoring MCP Actions = forward spam@silmaq.com.br > > Bounce MCP As Attachment = no > > MCP Modify Subject = start > > MCP Subject Text = {Lista de Bloqueio} > > High Scoring MCP Modify Subject = start > > High Scoring MCP Subject Text = {Lista de Bloqueio} > > Is Definitely MCP = no > > Is Definitely Not MCP = no > > Definite MCP Is High Scoring = no > > Always Include MCP Report = no > > Detailed MCP Report = yes > > Include Scores In MCP Report = no > > Log MCP = no > > MCP Max SpamAssassin Timeouts = 20 > > MCP Max SpamAssassin Size = 100k > > MCP SpamAssassin Timeout = 10 > > MCP SpamAssassin Prefs File = > > %mcp-dir%/mcp.spam.assassin.prefs.conf > > MCP SpamAssassin User State Dir = > > MCP SpamAssassin Local Rules Dir = %mcp-dir% > > MCP SpamAssassin Default Rules Dir = %mcp-dir% > > MCP SpamAssassin Install Prefix = %mcp-dir% > > Recipient MCP Report = > > %report-dir%/recipient.mcp.report.txt > > Sender MCP Report = %report-dir%/sender.mcp.report.txt > > Use Default Rules With Multiple Recipients = no > > Spam Score Number Format = %d > > MailScanner Version Number = 4.68.8 > > SpamAssassin Cache Timings = 1800,300,10800,172800,600 > > Debug = no > > Debug SpamAssassin = no > > Run In Foreground = no > > Always Looked Up Last = &MailWatchLogging > > Always Looked Up Last After Batch = no > > Deliver In Background = yes > > Delivery Method = batch > > Split Exim Spool = no > > Lockfile Dir = /tmp > > Custom Functions Dir = > > /usr/lib/MailScanner/MailScanner/CustomFunctions > > Lock Type = > > Syslog Socket Type = > > Automatic Syntax Check = yes > > Minimum Code Status = supported > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- From: "Glenn Steen" > > > To: "MailScanner discussion" > > > > Sent: Friday, April 04, 2008 5:09 AM > > Subject: Re: MailScanner ignoring some rules > > > > > > > > > > > > On 04/04/2008, TecnoWay Digital > > wrote: > > > > > > > [root@firewall.silmaq.com.br ~]# ls -lu > > > > /etc/MailScanner/rules/scan.messages.rules > > > > -rwxrwxrwx 1 root root 76 2008-04-03 21:38 > > > > /etc/MailScanner/rules/scan.messages.rules > > > > > > > (snip) > > > > > > > [root@firewall.silmaq.com.br ~]# ls -lu > > > > /etc/MailScanner/rules/scan.messages.rules > > > > -rwxrwxrwx 1 root root 76 2008-04-03 21:38 > > > > /etc/MailScanner/rules/scan.messages.rules > > > > > > > > > > So your rule file doesn't egt read at all... Have you > shown us the > > > snippet of your MailScanner.conf where you use it? Could > you do so? > > > Also, have you run a "MailScanner --lint" and shown us > that output? Please > > do... > > > > > > Cheers > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Apr 4 23:28:52 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Apr 4 23:29:04 2008 Subject: Old free Bitdefender and hit rate In-Reply-To: References: Message-ID: <024f01c896a3$42fb24d0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Scott Silva > Sent: Friday, April 04, 2008 4:05 PM > To: mailscanner@lists.mailscanner.info > Subject: Old free Bitdefender and hit rate > > Just out of curiosity, has anyone that is still running the > old free version > of bitdefender (BDC/Linux-Console v7.1 (build 2559))still > been getting virus > hits with it? > > I haven't seen anything hit with it for 6 months or so, even > though it still > updates and shows current. > I mentioned this a looong time ago. Running from the command line it will hit but from within MS it does not. IIRC it doesn't even hit EICAR. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Fri Apr 4 23:33:45 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Apr 4 23:34:22 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> References: <47F62636.1040206@ecs.soton.ac.uk><07b601c89668$0a7b3130$1f719390$@com><610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu><47F650D5.6080900@evi-inc.com> <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> Message-ID: <025001c896a3$f1dfc9b0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Rose, Bobby > Sent: Friday, April 04, 2008 1:18 PM > To: MailScanner discussion > Subject: RE: False Positive, How do I resolve this? > > Password protect zip unless you are blocking that. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > Kettler > Sent: Friday, April 04, 2008 12:01 PM > To: MailScanner discussion > Subject: Re: False Positive, How do I resolve this? > > Rose, Bobby wrote: > > Zip or rename the files without all those periods. > > They are in a zipfile, as per Vernon's original message. > > However, MailScanner by default digs into zipfiles and > applies filename > rules there. So zipping won't help you with a MailScanner > config where > "Maximum Archive Depth" isn't set to 0. > > I think the answer is that Julian takes my ArchivedFileName and ArchivedFileType rules patch and mainstreams it. Then you can have completely different (read relaxed) rules for files within archives. Of course I am prejudiced because that would save me having to re-patch every time I build MailScanner |-) Rick > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > Vernon Webb > > Sent: Friday, April 04, 2008 11:25 AM > > To: 'MailScanner discussion' > > Subject: False Positive, How do I resolve this? > > > > I have a client who sends email attachments in a zip file. > The files > > (as you can see below) are named the way the client needs > them to be. > > How do I get around this? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Fri Apr 4 23:50:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 4 23:51:52 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <47F6A395.6030006@ecs.soton.ac.uk> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com><610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu> <47F650D5.6080900@evi-inc.com> <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> <47F6737D.4050309@evi-inc.com> <47F6A395.6030006@ecs.soton.ac.uk> Message-ID: on 4-4-2008 2:54 PM Julian Field spake the following: > > > Matt Kettler wrote: >> Rose, Bobby wrote: >>> Password protect zip unless you are blocking that. >> >> That shouldn't matter either. It might stop it, but it shouldn't. >> >> You can still read the filenames of a password protected zipfile >> without the password, so there's no technical reason why MailScanner >> can't still apply filename rules to encrypted zipfiles. > And indeed it does. You can even switch it on and off, of course :-) > Straight out of MailScanner.conf: > > # Normally, you can still get the filenames out of a password-protected > # archive, despite the encryption. So by default filename checks are still > # done on these files. However, some people want to suppress this checking > # as they allow a few people to receive password-protected archives that > # contain things such as .exe's as part of their business needs. This > option > # can be used to suppress filename checks inside password-protected > archives. > # This can also be the filename of a ruleset. > Check Filenames In Password-Protected Archives = yes > > Jules > The only thing with that is there were password protected zip files with exe's that were virulent malware. So an admin needs to weigh this very carefully. "There is no such thing as "user proof". The best you can hope for is "user resistant". -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/de03c64b/signature.bin From ssilva at sgvwater.com Sat Apr 5 00:45:03 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Apr 5 00:45:46 2008 Subject: MailScanner ignoring some rules In-Reply-To: <024e01c896a2$ef080e10$0301a8c0@SAHOMELT> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br><47F46B28.2050507@vanderkooij.org><47F53B57.1070307@ecs.soton.ac.uk><8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03><223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> <024e01c896a2$ef080e10$0301a8c0@SAHOMELT> Message-ID: on 4-4-2008 3:26 PM Rick Cooper spake the following: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Glenn Steen > > Sent: Friday, April 04, 2008 2:20 PM > > To: MailScanner discussion > > Subject: Re: MailScanner ignoring some rules > > > > Sorry all, for the top post... a bit too tipsy to really > > safely (snip) > > with even a virtual scissor...:-) > > > > That all _looks_ mostly OK... So, plan B... You've never used another > > system to edit the MailScanner.conf or rules file? Like crappy > > windoze? If so, there might be "non-printable" characters on the end > > of the line (like a spurious )... Then again, I thought > > the --lint > > would catch that... Oh well. > > > > Cheers > > -- Glenn > > Hey, Glenn, 99.9% of the time I edit all my *nix files with a windows only > program. Boxer text editor. Been using it since it was a little dos pup. > It's a really nice editor geared primarily towards programming and it > handles DOS, Unix and MAC files as it sees them and I have the default save > mode set to unix. Since I haven't the luxury of choosing my primary desktop > OS I find boxer invaluable as all my servers (except 3 vendor managed > specialty servers) are Linux boxes and with it's built in ftp open/save and > projects I can't imagine living without it. > > BTW: You have given me a great idea, instead of worrying about running out > of my Oxicotin, Percocet and vicodon I should just grab a bottle of Jack or > 151 and I bet I can keep the pain down all weekend long without a single > pill! ;->) > >I usually use winscp to access and edit my systems if I don't just ssh in with putty and us vim on them. I too have to be stuck on a windows machine because that is what my user base is on. I can't have something better, they would get jealous!! But I'm on the same page with the "liquid painkiller"!! ;-P Now just an hour on the train and 10 minutes to home, and I'm there.. Hurry up 5:00!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/40ea5ceb/signature.bin From ssilva at sgvwater.com Sat Apr 5 00:46:44 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Apr 5 00:50:13 2008 Subject: Old free Bitdefender and hit rate In-Reply-To: <024f01c896a3$42fb24d0$0301a8c0@SAHOMELT> References: <024f01c896a3$42fb24d0$0301a8c0@SAHOMELT> Message-ID: on 4-4-2008 3:28 PM Rick Cooper spake the following: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Scott Silva > > Sent: Friday, April 04, 2008 4:05 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Old free Bitdefender and hit rate > > > > Just out of curiosity, has anyone that is still running the > > old free version > > of bitdefender (BDC/Linux-Console v7.1 (build 2559))still > > been getting virus > > hits with it? > > > > I haven't seen anything hit with it for 6 months or so, even > > though it still > > updates and shows current. > > > > I mentioned this a looong time ago. Running from the command line it will > hit but from within MS it does not. IIRC it doesn't even hit EICAR. > > Rick Mine hits eicar just fine, but I'm not too worried about a deluge of "non viruses"! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080404/e617155d/signature.bin From rcooper at dwford.com Sat Apr 5 01:29:22 2008 From: rcooper at dwford.com (Rick Cooper) Date: Sat Apr 5 01:30:05 2008 Subject: MailScanner ignoring some rules In-Reply-To: References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br><47F46B28.2050507@vanderkooij.org><47F53B57.1070307@ecs.soton.ac.uk><8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03><223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com><024e01c896a2$ef080e10$0301a8c0@SAHOMELT> Message-ID: <027201c896b4$186f34c0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Scott Silva > Sent: Friday, April 04, 2008 7:45 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner ignoring some rules > > on 4-4-2008 3:26 PM Rick Cooper spake the following: > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > Behalf Of Glenn Steen > > > Sent: Friday, April 04, 2008 2:20 PM > > > To: MailScanner discussion > > > Subject: Re: MailScanner ignoring some rules > > > > > > Sorry all, for the top post... a bit too tipsy to really > > > safely (snip) > > > with even a virtual scissor...:-) > > > > > > That all _looks_ mostly OK... So, plan B... You've > never used another > > > system to edit the MailScanner.conf or rules file? Like crappy > > > windoze? If so, there might be "non-printable" > characters on the end > > > of the line (like a spurious )... Then again, I thought > > > the --lint > > > would catch that... Oh well. > > > > > > Cheers > > > -- Glenn > > > > Hey, Glenn, 99.9% of the time I edit all my *nix files > with a windows only > > program. Boxer text editor. Been using it since it was a > little dos pup. > > It's a really nice editor geared primarily towards > programming and it > > handles DOS, Unix and MAC files as it sees them and I have > the default save > > mode set to unix. Since I haven't the luxury of choosing > my primary desktop > > OS I find boxer invaluable as all my servers (except 3 > vendor managed > > specialty servers) are Linux boxes and with it's built in > ftp open/save and > > projects I can't imagine living without it. > > > > BTW: You have given me a great idea, instead of worrying > about running out > > of my Oxicotin, Percocet and vicodon I should just grab a > bottle of Jack or > > 151 and I bet I can keep the pain down all weekend long > without a single > > pill! ;->) > > > >I usually use winscp to access and edit my systems if I > don't just ssh in with > putty and us vim on them. > I too have to be stuck on a windows machine because that is > what my user base > is on. I can't have something better, they would get jealous!! > > But I'm on the same page with the "liquid painkiller"!! ;-P > > Now just an hour on the train and 10 minutes to home, and I'm there.. > > > Hurry up 5:00!!! > Putty is a life saver in the windows world for sure. I do system maint and such via putty but I like the syntax highlighting and block operations, macros and so forth of a real programmer's editor and Boxer is just hands down the best I have yet to see. It's not a corporate thing that keeps me on windows so much as vendors. For instance the 7 Ford Dealerships the company owns. Ford is totally in bed with Microsoft products so without running windows a technician cannot even access shop manuals or the online tech bulletins. Almost all our banking and finance vendors use ActiveX over Java so there goes accounting and finance. I bitch to vendors all the time because were it not for them there wouldn't be a windows box in the company. Interesting note, we have a older CRM application written in MS access that used to keep the data files on a window based box and it was constantly locking up and crashing daily, multiple times, with six ti seven users. They updated to windows XP, same thing. I moved the data to one of the Samba servers and have never had a call yet in nearly three years, I almost forget that department exists now. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Sat Apr 5 04:29:13 2008 From: dave.list at pixelhammer.com (DAve) Date: Sat Apr 5 04:29:57 2008 Subject: SA times out In-Reply-To: <47F6A16B.5070607@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> <47F6A16B.5070607@ecs.soton.ac.uk> Message-ID: <47F6F209.7090704@pixelhammer.com> Julian Field wrote: > > > Kai Schaetzl wrote: >> Julian Field wrote on Wed, 02 Apr 2008 16:45:54 +0100: >> >> >>>>> but perhaps a feature request could be a >>>>> CLI switch to specify the message ID so MS only scans the particular >>>>> message(s) that you're interested in observing. >>>>> >>>> Good idea. I'll take a look. Would a single ID do? >>>> >>> All done. It will be in the next release. >>> >> >> Ahm, Julian, now that I have used the MS debugging feature a few times >> I think being able to grab a single ID may be nice, but not really >> helpful for a production machine. I have to disable at least MS if I >> want to debug (otherwise it would "steal" the queue files) and usually >> this is not done within a few seconds, but takes at least five minutes >> or more, maybe repeatedly. It would be nice if I could specify an >> alternative queue directory, so I can run a MailScanner instance in >> parallel to the production daemon and debug files from that directory >> while the normal sendmail/MS operation isn't affected. I think this >> would be much more helpful than specifying a certain ID. >> > You can stop MailScanner completely, then restart the incoming sendmail > (or whatever MTA you use) so that you are providing email service to > your users. Then run MailScanner on the particular ID you want to test > it with. Then when you are happy, resume normal operation. > Stop everything and start incoming MTA: > service MailScanner stop > service MailScanner startin > Run it on 1 id: > MailScanner --debug --id= > Start up everything normally > service MailScanner restart > > Should solve the problem for you. Saves me writing more code :-) In my case, in the time it took to run debug four times I gained 400 messages in the queue. I don't get much time to ponder the results. What I did this week was dump the output to file and then alternate which of the servers I stopped MS on so as to spread the downtime. I am considering pushing a VMWare install up on the network and then installing roundhouse, just for testing with future upgrades. Which is arguably the smart option. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From hvdkooij at vanderkooij.org Sat Apr 5 07:44:45 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Apr 5 07:45:59 2008 Subject: MailScanner ignoring some rules In-Reply-To: <6FDE866AAB924CC68FC64A2B0E04BBBB@TWDNB03> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> <6FDE866AAB924CC68FC64A2B0E04BBBB@TWDNB03> Message-ID: <47F71FDD.4030401@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TecnoWay Digital wrote: | Julian, another information about my server. | | I'm using mailwatch too. | | If the mailbox marketing@silmaq.com.br is not set to be scanned, | why it continue been logged to mailWatch SQL ? | I imagine the "MailWatch.pm" is called from MailScanner to log only | scanned messages. No. You have called upon MS to look at the message. So the message gets logged by MS. Even when after a minimal glance it decided not to scan the content for ...... Actually I put a lot of other info in the same table by parsing the postfix syslog file. Just to make sure I present the whole picture in the tables for my family. There are limits to MailWatch 1 and I am not sure how many of them will be tackled in v2 and wether or not I will actually ever use MailWatch v2. But that is a discussion for another mailinglist. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH9x/bBvzDRVjxmYERAgm5AJ9BAy5hGz1RhjH7kFJ6qSDoPgrQLwCgrkQa c/vm2DOOkAQwOhef82CZ/Uc= =SpRF -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Apr 5 08:06:15 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Apr 5 08:07:20 2008 Subject: Error when update Geoip In-Reply-To: <47F4ABD6.8040505@ecs.soton.ac.uk> References: <20080403091800.C35B0233C8@ws5-3.us4.outblaze.com> <47F4ABD6.8040505@ecs.soton.ac.uk> Message-ID: <47F724E7.8040607@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | Please ask on the MailWatch mailing list, not this one. Better yet. Read the documentation on the MailWatch website. This is listed as a known issue and solutions are provided. The original sender has lost many many karma points. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH9yTlBvzDRVjxmYERAmMFAJwJOA/YWzHM7V0IrVJlkuaRggC9bACgjg+t ndqQxgBOYbJzsdkKa241/N8= =AFK1 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Apr 5 08:09:59 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Apr 5 08:10:46 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> Message-ID: <47F725C7.4070103@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Furnish, Trever G wrote: | Anyone know a way to get MailScanner/SA to detect executables embedded | within Microsoft Office documents? We've had a word file come in with a | .scr file embedded inside, wasn't detected by antivirus, but was | definitely malware. Would love to be able to block files embedded into | office docs based on file extension / file type. Didn't even know it | was possible to do that (embed an executable inside a word file) until | today. How will an open source community work with closed source solutions? Perhaps it safer to block them all together. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH9yXFBvzDRVjxmYERAqWcAKC0rT5sHA5O86RE06VKMmHsDQKmcgCgqFKo mnXOTVEda8lvSlz5KhGSxRc= =rH+q -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Apr 5 08:13:08 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Apr 5 08:13:49 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <07b601c89668$0a7b3130$1f719390$@com> References: <47F62636.1040206@ecs.soton.ac.uk> <07b601c89668$0a7b3130$1f719390$@com> Message-ID: <47F72684.3000502@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vernon Webb wrote: | I have a client who sends email attachments in a zip file. The files (as you | can see below) are named the way the client needs them to be. How do I get | around this? By stealing a thread on a mailinglist. Evidence provided by your own message: References: <47F62636.1040206@ecs.soton.ac.uk> In-Reply-To: Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH9yaCBvzDRVjxmYERAijwAJ9xKZynhyrV81fdv5u2njti+++zcgCdGadS 0uCIldc20vqxCu/fae6aOt0= =iUu/ -----END PGP SIGNATURE----- From glenn.steen at gmail.com Sat Apr 5 08:40:43 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 5 08:41:19 2008 Subject: Another question about rulesets... In-Reply-To: <47F69FED.5070003@ecs.soton.ac.uk> References: <47F69FED.5070003@ecs.soton.ac.uk> Message-ID: <223f97700804050040h681db447w4cb9b11e16e9fef3@mail.gmail.com> On 04/04/2008, Julian Field wrote: > You are suffering from an inevitable problem when a message has multiple > recipients. MailScanner does not split messages into 1-recipient-per-message > itself. If you want to do that, you have to do it separately. This is quite > possible in MailScanner using 'queue groups' and has been fairly well Errr... You mean "quite possible in Sendmail..." ;-) > documented here before. I believe it is possible in other MTAs as well. I > will leave that to other people to explain to you, once you have told us > what MTA you are using. Postfix docs are in the wiki, warts and all:-). > The other, easier, alternative that *may* do what you want is to use the > MailScanner.conf setting "Use Default Rules With Multiple Recipients". The > comments above that explain what its effects are. > > Hope that helps get you going in the right direction, > Jules. > (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 5 08:45:32 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 5 08:46:06 2008 Subject: Old free Bitdefender and hit rate In-Reply-To: References: Message-ID: <223f97700804050045s52c06609xae5218dbef76467@mail.gmail.com> On 04/04/2008, Scott Silva wrote: > Just out of curiosity, has anyone that is still running the old free version > of bitdefender (BDC/Linux-Console v7.1 (build 2559))still been getting virus > hits with it? > > I haven't seen anything hit with it for 6 months or so, even though it > still updates and shows current. > Yes, but few and faar apart... Not that much worse than McAfee, but ... ClamAV is king, and MailScanner itself get to lock quite a few of the fast-mutating stuff. Thank God (a.k.a. Jules...?:-) for filetype/name blocking. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 5 08:51:12 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 5 08:51:47 2008 Subject: Old free Bitdefender and hit rate In-Reply-To: <024f01c896a3$42fb24d0$0301a8c0@SAHOMELT> References: <024f01c896a3$42fb24d0$0301a8c0@SAHOMELT> Message-ID: <223f97700804050051h69fa47cfu6378e4f95d336bc7@mail.gmail.com> On 05/04/2008, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Scott Silva > > Sent: Friday, April 04, 2008 4:05 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Old free Bitdefender and hit rate > > > > Just out of curiosity, has anyone that is still running the > > old free version > > of bitdefender (BDC/Linux-Console v7.1 (build 2559))still > > been getting virus > > hits with it? > > > > I haven't seen anything hit with it for 6 months or so, even > > though it still > > updates and shows current. > > > > > I mentioned this a looong time ago. Running from the command line it will > hit but from within MS it does not. IIRC it doesn't even hit EICAR. > > Rick > Hm, strange. Mine hits things like Kobca (or whatever it's named... Not at the machine ATM...) teh occasional old MyDoom etc. I can probably massage my MailWatch maillog table for some real stats, not just my foggy recollections...:-) But however foggy they are, it's been hitting within the last 6 months, that is for sure. Anyway, it's just a matter of time before this one is completely obsoleted. Since it is a CPU pig, one should probably look elsewhere for a secondary/tertiary scanner... Even if one has it, and it still works... after a fashion. On my very long TODO-list. Sigh. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 5 08:57:51 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 5 08:58:26 2008 Subject: MailScanner ignoring some rules In-Reply-To: References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> Message-ID: <223f97700804050057v7d8a662q5e20c63ff16c648a@mail.gmail.com> On 04/04/2008, Scott Silva wrote: > on 4-4-2008 11:20 AM Glenn Steen spake the following: > > > Sorry all, for the top post... a bit too tipsy to really safely (snip) > > with even a virtual scissor...:-) > > > > > Happy Friday, Glenn!! > There'salways something to celebrate....:-) This time it was "first day this week that I didn't need work underpaid(!!!) overtime"... It's been a b*tch of a week. Again. So friday just couldn't come quite fast eenough:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 5 09:04:33 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 5 09:05:09 2008 Subject: MailScanner ignoring some rules In-Reply-To: <024e01c896a2$ef080e10$0301a8c0@SAHOMELT> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> <024e01c896a2$ef080e10$0301a8c0@SAHOMELT> Message-ID: <223f97700804050104j3d8954ecq78be7cfed37d96d6@mail.gmail.com> On 05/04/2008, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Glenn Steen > > Sent: Friday, April 04, 2008 2:20 PM > > To: MailScanner discussion > > Subject: Re: MailScanner ignoring some rules > > > > > Sorry all, for the top post... a bit too tipsy to really > > safely (snip) > > with even a virtual scissor...:-) > > > > That all _looks_ mostly OK... So, plan B... You've never used another > > system to edit the MailScanner.conf or rules file? Like crappy > > windoze? If so, there might be "non-printable" characters on the end > > of the line (like a spurious )... Then again, I thought > > the --lint > > would catch that... Oh well. > > > > Cheers > > -- Glenn > > > Hey, Glenn, 99.9% of the time I edit all my *nix files with a windows only > program. Haha, don't you pretend you don't know what I mean....:-) > Boxer text editor. Been using it since it was a little dos pup. > It's a really nice editor geared primarily towards programming and it > handles DOS, Unix and MAC files as it sees them and I have the default save > mode set to unix. Since I haven't the luxury of choosing my primary desktop > OS I find boxer invaluable as all my servers (except 3 vendor managed > specialty servers) are Linux boxes and with it's built in ftp open/save and > projects I can't imagine living without it. On the Windoze box sitting on my desktop (no, I don't get to choose that one... It is compensated by being flanked by 7 linux/unix boxes, with more just a PuTTY/VNC away...) I of course have both Vim and Emacs. Wouldn't survive without them! As usual when it comes to editors... it is what you're used/whatever works for you ... that matters:-). And as said, you know full well that some will use the useless Notepad or similar idiotic app... that will insert gratuitous malformed line endings. > BTW: You have given me a great idea, instead of worrying about running out > of my Oxicotin, Percocet and vicodon I should just grab a bottle of Jack or > 151 and I bet I can keep the pain down all weekend long without a single > pill! ;->) > (snip... Yeah, sober now) Watch it... We're going to get in trouble with Hugo now....:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 5 09:21:55 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 5 09:22:31 2008 Subject: MailScanner ignoring some rules In-Reply-To: <027201c896b4$186f34c0$0301a8c0@SAHOMELT> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> <024e01c896a2$ef080e10$0301a8c0@SAHOMELT> <027201c896b4$186f34c0$0301a8c0@SAHOMELT> Message-ID: <223f97700804050121i426a0a30k390de1a009b90682@mail.gmail.com> On 05/04/2008, Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > Behalf Of Scott Silva > > Sent: Friday, April 04, 2008 7:45 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: MailScanner ignoring some rules > > > > on 4-4-2008 3:26 PM Rick Cooper spake the following: > > > > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > > > Behalf Of Glenn Steen > > > > Sent: Friday, April 04, 2008 2:20 PM > > > > To: MailScanner discussion > > > > Subject: Re: MailScanner ignoring some rules > > > > > > > > Sorry all, for the top post... a bit too tipsy to really > > > > safely (snip) > > > > with even a virtual scissor...:-) > > > > > > > > That all _looks_ mostly OK... So, plan B... You've > > never used another > > > > system to edit the MailScanner.conf or rules file? Like crappy > > > > windoze? If so, there might be "non-printable" > > characters on the end > > > > of the line (like a spurious )... Then again, I thought > > > > the --lint > > > > would catch that... Oh well. > > > > > > > > Cheers > > > > -- Glenn > > > > > > Hey, Glenn, 99.9% of the time I edit all my *nix files > > with a windows only > > > program. Boxer text editor. Been using it since it was a > > little dos pup. > > > It's a really nice editor geared primarily towards > > programming and it > > > handles DOS, Unix and MAC files as it sees them and I have > > the default save > > > mode set to unix. Since I haven't the luxury of choosing > > my primary desktop > > > OS I find boxer invaluable as all my servers (except 3 > > vendor managed > > > specialty servers) are Linux boxes and with it's built in > > ftp open/save and > > > projects I can't imagine living without it. > > > > > > BTW: You have given me a great idea, instead of worrying > > about running out > > > of my Oxicotin, Percocet and vicodon I should just grab a > > bottle of Jack or > > > 151 and I bet I can keep the pain down all weekend long > > without a single > > > pill! ;->) > > > > > >I usually use winscp to access and edit my systems if I > > don't just ssh in with > > putty and us vim on them. > > I too have to be stuck on a windows machine because that is > > what my user base > > is on. I can't have something better, they would get jealous!! > > > > But I'm on the same page with the "liquid painkiller"!! ;-P > > > > Now just an hour on the train and 10 minutes to home, and I'm there.. > > > > > > Hurry up 5:00!!! > > > > > > Putty is a life saver in the windows world for sure. I do system maint and > such via putty but I like the syntax highlighting and block operations, > macros and so forth of a real programmer's editor and Boxer is just hands > down the best I have yet to see. vim/emacs (yeah, I'm weird that way... I use either... equally well...) can do that for me. As said, whatever works for you:-). vi/vim is always there... no need to scp anything anywhere... just to tap-tap-tap away...:-) > It's not a corporate thing that keeps me on windows so much as vendors. For > instance the 7 Ford Dealerships the company owns. Ford is totally in bed > with Microsoft products so without running windows a technician cannot even > access shop manuals or the online tech bulletins. Almost all our banking and > finance vendors use ActiveX over Java so there goes accounting and finance. > I bitch to vendors all the time because were it not for them there wouldn't > be a windows box in the company. My users are heavily into Reuters, Bloomberg, SimCorp Dimension etc etc (all big-wigs in the financial sector)... which are pretty much in bed with M$ too. Frustrating, that... And the PHB has foisted (quite a few years back) M-Sexchange on us... So in my case ... it is company policy that decree I must do things this way. Sigh. Compensating with a *lot* of alternative systems helps a bit though:-). > Interesting note, we have a older CRM application written in MS access that > used to keep the data files on a window based box and it was constantly > locking up and crashing daily, multiple times, with six ti seven users. They 67 or 6-7? > updated to windows XP, same thing. I moved the data to one of the Samba > servers and have never had a call yet in nearly three years, I almost forget > that department exists now. :-) Love your Samba... And it'll love you:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From butler at globeserver.com Sat Apr 5 11:56:04 2008 From: butler at globeserver.com (Philip Butler) Date: Sat Apr 5 11:57:16 2008 Subject: Another question about rulesets... In-Reply-To: <223f97700804050040h681db447w4cb9b11e16e9fef3@mail.gmail.com> References: <47F69FED.5070003@ecs.soton.ac.uk> <223f97700804050040h681db447w4cb9b11e16e9fef3@mail.gmail.com> Message-ID: <231ABE57-C7A4-4D4E-94AB-0A9B3FABA40D@globeserver.com> I am running sendmail - how does one get sendmail to split messages into 1 recipient per message ?? Thanks, Phil On Apr 5, 2008, at 3:40 AM, Glenn Steen wrote: > On 04/04/2008, Julian Field wrote: >> You are suffering from an inevitable problem when a message has >> multiple >> recipients. MailScanner does not split messages into 1-recipient- >> per-message >> itself. If you want to do that, you have to do it separately. This >> is quite >> possible in MailScanner using 'queue groups' and has been fairly well > Errr... You mean "quite possible in Sendmail..." ;-) > >> documented here before. I believe it is possible in other MTAs as >> well. I >> will leave that to other people to explain to you, once you have >> told us >> what MTA you are using. > Postfix docs are in the wiki, warts and all:-). > >> The other, easier, alternative that *may* do what you want is to >> use the >> MailScanner.conf setting "Use Default Rules With Multiple >> Recipients". The >> comments above that explain what its effects are. >> >> Hope that helps get you going in the right direction, >> Jules. >> > (snip) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From maillists at conactive.com Sat Apr 5 12:31:19 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Apr 5 12:32:09 2008 Subject: SA times out In-Reply-To: <47F6A16B.5070607@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> <47F6A16B.5070607@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Fri, 04 Apr 2008 22:45:15 +0100: > You can stop MailScanner completely, then restart the incoming sendmail > (or whatever MTA you use) so that you are providing email service to > your users. Then run MailScanner on the particular ID you want to test > it with. Then when you are happy, resume normal operation. That is what I did (just killall MailScanner), but you can have a few mails piling up there ;-) With the option of a separate queue directory you have "all the time of the world". Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Sat Apr 5 12:32:34 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 5 12:33:15 2008 Subject: Another question about rulesets... In-Reply-To: <231ABE57-C7A4-4D4E-94AB-0A9B3FABA40D@globeserver.com> References: <47F69FED.5070003@ecs.soton.ac.uk> <223f97700804050040h681db447w4cb9b11e16e9fef3@mail.gmail.com> <231ABE57-C7A4-4D4E-94AB-0A9B3FABA40D@globeserver.com> Message-ID: <223f97700804050432n653d0f41t87f6b93a39dc73a9@mail.gmail.com> On 05/04/2008, Philip Butler wrote: > I am running sendmail - how does one get sendmail to split messages into 1 > recipient per message ?? That's in the wiki too....: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Sat Apr 5 14:31:14 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Apr 5 14:32:05 2008 Subject: SA times out In-Reply-To: <47F6A2B4.70706@ecs.soton.ac.uk> References: <47F39721.3000603@ecs.soton.ac.uk> <223f97700804040057j39668387sad309a47257d7722@mail.gmail.com> <47F655F3.8000903@ecs.soton.ac.uk> <47F6A2B4.70706@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Fri, 04 Apr 2008 22:50:44 +0100: > Hopefully that explains what you see happening. Yeah, thanks for the explanation. Although it doesn't explain why it takes longer via MS than via command-line. Anyway, those messages get caught now after I upped the timeout from 120 to 240 seconds. Have a nice weekend, Jules! Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sat Apr 5 15:19:12 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 5 15:20:02 2008 Subject: False Positive, How do I resolve this? In-Reply-To: <025001c896a3$f1dfc9b0$0301a8c0@SAHOMELT> References: <47F62636.1040206@ecs.soton.ac.uk><07b601c89668$0a7b3130$1f719390$@com><610C64469748E84DB6BDD5BD23F01A761802FC@MED-CORE03-MS1.med.wayne.edu><47F650D5.6080900@evi-inc.com> <610C64469748E84DB6BDD5BD23F01A76180313@MED-CORE03-MS1.med.wayne.edu> <025001c896a3$f1dfc9b0$0301a8c0@SAHOMELT> Message-ID: <47F78A60.8020703@ecs.soton.ac.uk> Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Rose, Bobby > > Sent: Friday, April 04, 2008 1:18 PM > > To: MailScanner discussion > > Subject: RE: False Positive, How do I resolve this? > > > > Password protect zip unless you are blocking that. > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt > > Kettler > > Sent: Friday, April 04, 2008 12:01 PM > > To: MailScanner discussion > > Subject: Re: False Positive, How do I resolve this? > > > > Rose, Bobby wrote: > > > Zip or rename the files without all those periods. > > > > They are in a zipfile, as per Vernon's original message. > > > > However, MailScanner by default digs into zipfiles and > > applies filename > > rules there. So zipping won't help you with a MailScanner > > config where > > "Maximum Archive Depth" isn't set to 0. > > > > > > I think the answer is that Julian takes my ArchivedFileName and > ArchivedFileType rules patch and mainstreams it. Then you can have > completely different (read relaxed) rules for files within archives. Personally, I think that the extra complexity this adds to understanding MailScanner for new guys is not really worth it for the number of people that really need this level of extra functionality. You can already switch on and off the filename checking within password-protected archives, I think that's enough for 99.9% of people. Sorry. > Of > course I am prejudiced because that would save me having to re-patch every > time I build MailScanner |-) > > > > Rick > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > > > Vernon Webb > > > Sent: Friday, April 04, 2008 11:25 AM > > > To: 'MailScanner discussion' > > > Subject: False Positive, How do I resolve this? > > > > > > I have a client who sends email attachments in a zip file. > > The files > > > (as you can see below) are named the way the client needs > > them to be. > > > How do I get around this? > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 5 15:23:04 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 5 15:23:23 2008 Subject: SA times out In-Reply-To: <47F6F209.7090704@pixelhammer.com> References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> <47F6A16B.5070607@ecs.soton.ac.uk> <47F6F209.7090704@pixelhammer.com> Message-ID: <47F78B48.4080307@ecs.soton.ac.uk> DAve wrote: > Julian Field wrote: >> >> >> Kai Schaetzl wrote: >>> Julian Field wrote on Wed, 02 Apr 2008 16:45:54 +0100: >>> >>> >>>>>> but perhaps a feature request could be a >>>>>> CLI switch to specify the message ID so MS only scans the particular >>>>>> message(s) that you're interested in observing. >>>>>> >>>>> Good idea. I'll take a look. Would a single ID do? >>>>> >>>> All done. It will be in the next release. >>>> >>> >>> Ahm, Julian, now that I have used the MS debugging feature a few >>> times I think being able to grab a single ID may be nice, but not >>> really helpful for a production machine. I have to disable at least >>> MS if I want to debug (otherwise it would "steal" the queue files) >>> and usually this is not done within a few seconds, but takes at >>> least five minutes or more, maybe repeatedly. It would be nice if I >>> could specify an alternative queue directory, so I can run a >>> MailScanner instance in parallel to the production daemon and debug >>> files from that directory while the normal sendmail/MS operation >>> isn't affected. I think this would be much more helpful than >>> specifying a certain ID. >>> >> You can stop MailScanner completely, then restart the incoming >> sendmail (or whatever MTA you use) so that you are providing email >> service to your users. Then run MailScanner on the particular ID you >> want to test it with. Then when you are happy, resume normal operation. >> Stop everything and start incoming MTA: >> service MailScanner stop >> service MailScanner startin >> Run it on 1 id: >> MailScanner --debug --id= >> Start up everything normally >> service MailScanner restart >> >> Should solve the problem for you. Saves me writing more code :-) > > In my case, in the time it took to run debug four times I gained 400 > messages in the queue. I don't get much time to ponder the results. > What I did this week was dump the output to file and then alternate > which of the servers I stopped MS on so as to spread the downtime. > > I am considering pushing a VMWare install up on the network and then > installing roundhouse, just for testing with future upgrades. Which is > arguably the smart option. milter-bcc is a simple solution that roundhouse, much faster to setup. You just put in a mailertable entry for the recipient you bcc to, can be any domain name you make up. That's what I do (except I didn't know about milter-bcc at the time so use a home-grown version of it written in a few lines of Perl). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 5 15:25:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 5 15:26:08 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <47F725C7.4070103@vanderkooij.org> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> Message-ID: <47F78BED.5020606@ecs.soton.ac.uk> Hugo van der Kooij wrote: > * PGP Signed by an unverified key: 04/05/08 at 08:09:57 > > Furnish, Trever G wrote: > | Anyone know a way to get MailScanner/SA to detect executables embedded > | within Microsoft Office documents? We've had a word file come in > with a > | .scr file embedded inside, wasn't detected by antivirus, but was > | definitely malware. Would love to be able to block files embedded into > | office docs based on file extension / file type. Didn't even know it > | was possible to do that (embed an executable inside a word file) until > | today. > > How will an open source community work with closed source solutions? > Perhaps it safer to block them all together. There are open-source programs that can extract information from OLE documents (i.e. up to Office 2004). I suspect there is not a problem with Office 2007/2008 documents as they are just zip archives. I just wish I could remember the names of any of the stuff that reads OLE documents... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Sat Apr 5 15:40:39 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Sat Apr 5 15:41:23 2008 Subject: Old free Bitdefender and hit rate In-Reply-To: <024f01c896a3$42fb24d0$0301a8c0@SAHOMELT> References: <024f01c896a3$42fb24d0$0301a8c0@SAHOMELT> Message-ID: <20080405143624.M36381@firstbhph.com> On Fri, 4 Apr 2008 18:28:52 -0400, Rick Cooper wrote > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Scott Silva > > Sent: Friday, April 04, 2008 4:05 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Old free Bitdefender and hit rate > > > > Just out of curiosity, has anyone that is still running the > > old free version > > of bitdefender (BDC/Linux-Console v7.1 (build 2559))still > > been getting virus > > hits with it? > > > > I haven't seen anything hit with it for 6 months or so, even > > though it still > > updates and shows current. > > > > I mentioned this a looong time ago. Running from the command line it will > hit but from within MS it does not. IIRC it doesn't even hit EICAR. > > Rick > > -- At least on our system, it does hit Eicar via MailScanner lint, for what that's worth. Ours is a small system, though, and rarely do we see email-born viruses hit, regardless of the anti-virus system we have in place. So, I can't really say whether Bitdefender is working or not. Maybe it's providing a false sense of security. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 5 15:57:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 5 15:58:49 2008 Subject: SA times out In-Reply-To: References: <47F39721.3000603@ecs.soton.ac.uk> <47F3A36A.10008@ecs.soton.ac.uk> <47F3AA32.50303@ecs.soton.ac.uk> <47F6A16B.5070607@ecs.soton.ac.uk> Message-ID: <47F7936F.6080401@ecs.soton.ac.uk> Kai Schaetzl wrote: > Julian Field wrote on Fri, 04 Apr 2008 22:45:15 +0100: > > >> You can stop MailScanner completely, then restart the incoming sendmail >> (or whatever MTA you use) so that you are providing email service to >> your users. Then run MailScanner on the particular ID you want to test >> it with. Then when you are happy, resume normal operation. >> > > That is what I did (just killall MailScanner), but you can have a few > mails piling up there ;-) With the option of a separate queue directory > you have "all the time of the world". > All done. It will be in the next release. For reference, "MailScanner --help" does what you would expect. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From warren.guy at calorieking.com Sat Apr 5 17:19:00 2008 From: warren.guy at calorieking.com (Warren Guy) Date: Sat Apr 5 17:21:22 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <47F78BED.5020606@ecs.soton.ac.uk> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> Message-ID: <47F7A674.1040501@calorieking.com> Julian Field wrote: > There are open-source programs that can extract information from OLE > documents (i.e. up to Office 2004). I suspect there is not a problem > with Office 2007/2008 documents as they are just zip archives. > > I just wish I could remember the names of any of the stuff that reads > OLE documents... http://www.pldaniels.com/ripole/ http://search.cpan.org/dist/OLE-Storage_Lite/Storage_Lite.pm There's also the libcole library, but I can't find it on the web -- Warren Guy Senior System Administrator, CalorieKing Direct +61 8 6468 3877 Suite 1, 88 Broadway Tel +61 8 9389 8777 Nedlands WA 6009, Australia Fax +61 8 9389 8444 www.calorieking.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080406/c44501f5/signature.bin From J.Ede at birchenallhowden.co.uk Sat Apr 5 20:53:53 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Apr 5 20:56:37 2008 Subject: SA times out Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C406871CBF7@server02.bhl.local> How about ability to define an action for an email if sa times out? Such as quarantine etc? If could store it in queue format then could easily pipe it back in to ms to debug? jason -----Original Message----- From: Julian Field Sent: 05 April 2008 16:09 To: MailScanner discussion Subject: Re: SA times out Kai Schaetzl wrote: > Julian Field wrote on Fri, 04 Apr 2008 22:45:15 +0100: > > >> You can stop MailScanner completely, then restart the incoming sendmail >> (or whatever MTA you use) so that you are providing email service to >> your users. Then run MailScanner on the particular ID you want to test >> it with. Then when you are happy, resume normal operation. >> > > That is what I did (just killall MailScanner), but you can have a few > mails piling up there ;-) With the option of a separate queue directory > you have "all the time of the world". > All done. It will be in the next release. For reference, "MailScanner --help" does what you would expect. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Sun Apr 6 09:30:37 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Apr 6 09:31:21 2008 Subject: MS+Postfix, Selective HOLD Message-ID: <47F88A2D.9060508@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have been trying to get my head around this question before. I find that I have a scalability problem that I could resolve if I can put messages on HOLD for MS to pickup only if it is not for a certain recipient. There is one recipient that goes straight into a procmail parser to extract specific information. There is no need to fire up the whole MS circus for each message. This is an automated system that will get 1 message per monitored SMTP server per minute. The normal config is: # Do some header checks # This includes setting almost anything on hold for MailScanner to pick up header_checks = regexp:/etc/postfix/regexp/header-checks So I have tried a number of setups. Most of them failed miserably. This morning I woke up whith what seems to be the answer so I gave it a spin and here are my findings. What does work is at the end of my smtpd checks add a table to list explicit addresses to scan. In the main.cf it looks like: # Access rules smtpd_client_restrictions = ~ permit_mynetworks, ~ permit_sasl_authenticated, ....Long list removed....... ~ reject_unauth_destination, ~ check_recipient_access hash:/etc/postfix/hash/valid-recipients And the hash tables explicit lists everyone for whome MS should be called upon. Like: hugo@vanderkooij.org HOLD hvdkooij@vanderkooij.org HOLD (I know putting email in the clear scares some people. But if you ever see a Megalist without these two then do not buy it. ;-) But the drawback is it only works for a simple setup at home with only a moderate list of recipients. And where you actually know all the recipients. But if you want to have just a few exceptions then you better use regular expressions. So replace: check_recipient_access hash:/etc/postfix/hash/valid-recipients with: check_recipient_access regexp:/etc/postfix/regexp/MailScanner With /etc/postfix/regexp/MailScanner looking like: # # header_checks - Postfix built-in header/body inspection # /exclusion@test\.example\.net/ OK # Everyone else will go through MailScanner! /.*/ HOLD # EOF This does the trick for me. It might work for others. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH+IorBvzDRVjxmYERAgMyAJ4xhxORHyI5FCR4+SmqBsHF0hEG6ACdEsxF Rc+yfJOmfToGmB65GW0nQ1I= =u3N0 -----END PGP SIGNATURE----- From test at remedial-teacher.nl Sun Apr 6 09:32:05 2008 From: test at remedial-teacher.nl (Test) Date: Sun Apr 6 09:32:45 2008 Subject: Trouble with Mailscanner after upgrading to 4.68 (plz help) Message-ID: <20080406102121.B0EE.EE63E960@remedial-teacher.nl> I decided to upgrade to 4.68 yesterday, and since that upgrade, mailscanner is not working. (i did'nt change anything else on the system) I i run mailscanner --debug, it shows following messages: 10:20:16 Building a message batch to scan... 10:20:16 Have a batch of 2 messages. max message size is '30000' max message size is '30000' and stops processing. In the process list i see the MailScanner proces consuming 100% cpu, and also an awk process with the following parameters: awk {printf "%s %s\n", strftime("%T"), $0} It seems that it hangs at that point. I remove the whole of the mailscanner installation and installed 4.67.. But i still have the same problem (4.67 has been running fine before) I manually adjusted the MailScanner.conf file to make sure there are no strange characters or other fuzzy things in there. I did an strace of the MailScanner --debug session, with the following last lines which keep on scrolling (debugging did not give any strange messages or errors): waitpid(-1, 0xbf9b9b18, WNOHANG) = 0 waitpid(-1, 0xbf9b9b18, WNOHANG) = 0 waitpid(-1, 0xbf9b9b18, WNOHANG) = 0 waitpid(-1, 0xbf9b9b18, WNOHANG) = 0 waitpid(-1, 0xbf9b9b18, WNOHANG) = 0 waitpid(-1, 0xbf9b9b18, WNOHANG) = 0 waitpid(-1, 0xbf9b9b18, WNOHANG) = 0 Anyone ? -- Test From hvdkooij at vanderkooij.org Sun Apr 6 10:27:04 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Apr 6 10:27:38 2008 Subject: Trouble with Mailscanner after upgrading to 4.68 (plz help) In-Reply-To: <20080406102121.B0EE.EE63E960@remedial-teacher.nl> References: <20080406102121.B0EE.EE63E960@remedial-teacher.nl> Message-ID: <47F89768.2060705@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Test wrote: | I decided to upgrade to 4.68 yesterday, and since that upgrade, | mailscanner is not working. (i did'nt change anything else on the system) | | I i run mailscanner --debug, it shows following messages: | | 10:20:16 Building a message batch to scan... | 10:20:16 Have a batch of 2 messages. | max message size is '30000' | max message size is '30000' | | and stops processing. | | In the process list i see the MailScanner proces consuming 100% cpu, and | also an awk process with the following parameters: | | awk {printf "%s %s\n", strftime("%T"), $0} | | It seems that it hangs at that point. | | I remove the whole of the mailscanner installation and installed 4.67.. | | But i still have the same problem (4.67 has been running fine before) My guess: A previous change did have an impact on MS. But only if you restart MS. So it surfaces as a problem with an upgrade but the problem was introduced (long) before the upgrade. You just were not hit before. So go over ALL other changes to the system. Wether they are explicit changes you made or implicit changes made by daily, weekly or monthly cron jobs for example. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH+JdmBvzDRVjxmYERAiZEAJ4qFm85L1Go3M9fUpfpr412BTgqPQCdEC4k vylI+TCpED3f/+KAhs2GFuQ= =c02i -----END PGP SIGNATURE----- From maillists at conactive.com Sun Apr 6 12:31:15 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Apr 6 12:32:20 2008 Subject: Trouble with Mailscanner after upgrading to 4.68 (plz help) In-Reply-To: <47F89768.2060705@vanderkooij.org> References: <20080406102121.B0EE.EE63E960@remedial-teacher.nl> <47F89768.2060705@vanderkooij.org> Message-ID: Hugo van der Kooij wrote on Sun, 06 Apr 2008 11:27:04 +0200: > My guess: A previous change did have an impact on MS. But only if you > restart MS. So it surfaces as a problem with an upgrade but the problem > was introduced (long) before the upgrade. MS restarts every 6 hours or so. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From test at remedial-teacher.nl Sun Apr 6 13:02:12 2008 From: test at remedial-teacher.nl (Test) Date: Sun Apr 6 13:05:21 2008 Subject: Trouble with Mailscanner after upgrading to 4.68 (plz help) (SOLVED) In-Reply-To: <20080406102121.B0EE.EE63E960@remedial-teacher.nl> References: <20080406102121.B0EE.EE63E960@remedial-teacher.nl> Message-ID: <20080406140156.B103.EE63E960@remedial-teacher.nl> Phew, i solved it... In SA.pm (/usr/lib/MailScanner/MailScanner/SA.pm) comment the line starting with $result... # Do a trial run of awk to see if it is going to work on this system. eval { #$result = `echo 'Hello,World' | awk '{printf \"%s %s\\n\", strftime(\"%T\"), \$0}' 2>&1`; #print "Result is \"$result\"\n"; As far as i can tell, it then skips the awk check, and runs as it should... -- Test From MailScanner at ecs.soton.ac.uk Sun Apr 6 16:09:05 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 6 16:09:51 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <47F7A674.1040501@calorieking.com> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> <47F7A674.1040501@calorieking.com> Message-ID: <47F8E791.10709@ecs.soton.ac.uk> Ignore all previous requests for information. I've got enough of it, pretty much. The only thing I cannot handle is inserted OLE "Packages" that contain multiple files. If someone fancies creating one of those and sending it to me, I'll improve the Package parser to cope with it. But it now works with files inserted into Microsoft Office documents just fine. This will be in the next release. I guess it's a fairly major new feature, the ability to extract embedded files from Microsoft Office documents. :-) I think I'm going to have a rest now... Jules. Warren Guy wrote: > Julian Field wrote: >> There are open-source programs that can extract information from OLE >> documents (i.e. up to Office 2004). I suspect there is not a problem >> with Office 2007/2008 documents as they are just zip archives. >> >> I just wish I could remember the names of any of the stuff that reads >> OLE documents... > > http://www.pldaniels.com/ripole/ > > http://search.cpan.org/dist/OLE-Storage_Lite/Storage_Lite.pm > > There's also the libcole library, but I can't find it on the web > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Apr 6 18:45:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 6 18:46:20 2008 Subject: Beta 4.69.1 -- can find files embedded in MS Office docs Message-ID: <47F90C41.9060401@ecs.soton.ac.uk> Folks, I have just released the first beta of version 4.69. It has a few new features, the most obviously important of which is its ability to extract files embedded within Microsoft Office documents, and subject them to the same filename and filetype tests that the contents of other archives have to pass. The other new useful things are a couple of new command-line options to help when debugging systems, notably the "--id" and "--inqueuedir" options to restrict what messages the MailScanner instance will process. For the embedded-in-Office-documents tests, I *strongly* recommend you change your "Maximum Archive Depth" setting to at least 3, or else a lot of your users will get really annoyed that their files are being rejected as being nested too deeply within an archive. The "upgrade_MailScanner_conf" script will warn you of this if it is set to 1 or 2. People who have set this to 0 will obviously be left in peace :-) Please can you give this release a good hammering, particularly in the area of the new Microsoft Office document handling. Download as usual from www.mailscanner.info. Best regards, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.siddall at elirion.net Sun Apr 6 20:00:32 2008 From: richard.siddall at elirion.net (Richard Siddall) Date: Sun Apr 6 20:01:16 2008 Subject: Way OT: What's the status of Julian's World Tour? In-Reply-To: <47F25E75.3070508@ecs.soton.ac.uk> References: <47F24E00.6040107@elirion.net> <47F25E75.3070508@ecs.soton.ac.uk> Message-ID: <47F91DD0.8070609@elirion.net> Julian Field wrote: > It's going to have to go on hold for a while, I'm afraid. > I am currently awaiting an appointment date for my assessment week in > hospital in Cambridge, UK, when they will decide if I qualify for a > liver transplant. There is a lot of competition, and if you aren't sick > enough they don't put you on the list. > [snip] I'm beginning to wish I hadn't asked. ;> If they're making you go all the way to Cambridge it sounds like they're sending you to a specialist hospital (maybe Addenbrooke's?), which is good. You don't want someone who's doing his first transplant experimenting on you. I just updated the wiki to say that the US tour didn't take place. Regards, Richard. From glenn.steen at gmail.com Sun Apr 6 20:38:41 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 6 20:39:19 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <47F88A2D.9060508@vanderkooij.org> References: <47F88A2D.9060508@vanderkooij.org> Message-ID: <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> On 06/04/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I have been trying to get my head around this question before. I find > that I have a scalability problem that I could resolve if I can put > messages on HOLD for MS to pickup only if it is not for a certain > recipient. > > There is one recipient that goes straight into a procmail parser to > extract specific information. There is no need to fire up the whole MS > circus for each message. This is an automated system that will get 1 > message per monitored SMTP server per minute. > > The normal config is: > # Do some header checks > # This includes setting almost anything on hold for MailScanner to > pick up > header_checks = regexp:/etc/postfix/regexp/header-checks > > So I have tried a number of setups. Most of them failed miserably. > > This morning I woke up whith what seems to be the answer so I gave it a > spin and here are my findings. > > > What does work is at the end of my smtpd checks add a table to list > explicit addresses to scan. In the main.cf it looks like: > > # Access rules > smtpd_client_restrictions = > ~ permit_mynetworks, > ~ permit_sasl_authenticated, > ....Long list removed....... > ~ reject_unauth_destination, > ~ check_recipient_access > hash:/etc/postfix/hash/valid-recipients > > And the hash tables explicit lists everyone for whome MS should be > called upon. Like: > > hugo@vanderkooij.org HOLD > hvdkooij@vanderkooij.org HOLD > > (I know putting email in the clear scares some people. But if you ever > see a Megalist without these two then do not buy it. ;-) > > But the drawback is it only works for a simple setup at home with only a > moderate list of recipients. And where you actually know all the > recipients. > Actually... If you (as ) already use the relay_recipient_map thing, it'd be trivial to rewrite the script that generates the relay_recipient_map to also do an access_map...:). But then again... > > But if you want to have just a few exceptions then you better use > regular expressions. > > So replace: > check_recipient_access > hash:/etc/postfix/hash/valid-recipients > > with: > check_recipient_access > regexp:/etc/postfix/regexp/MailScanner > > With /etc/postfix/regexp/MailScanner looking like: > > # > # header_checks - Postfix built-in header/body inspection > # > /exclusion@test\.example\.net/ OK > > # Everyone else will go through MailScanner! > /.*/ HOLD > > # EOF > > > This does the trick for me. It might work for others. This would be a better replacement for the header check thing, in cases where you'd like to be selective. Thanks for thinking it up, and sharing. > Hugo. > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Sun Apr 6 23:53:28 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Apr 6 23:55:00 2008 Subject: MailScanner ignoring some rules In-Reply-To: <223f97700804050057v7d8a662q5e20c63ff16c648a@mail.gmail.com> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F46B28.2050507@vanderkooij.org> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> <223f97700804050057v7d8a662q5e20c63ff16c648a@mail.gmail.com> Message-ID: on 4-5-2008 12:57 AM Glenn Steen spake the following: > On 04/04/2008, Scott Silva wrote: >> on 4-4-2008 11:20 AM Glenn Steen spake the following: >> >>> Sorry all, for the top post... a bit too tipsy to really safely (snip) >>> with even a virtual scissor...:-) >>> >>> >> Happy Friday, Glenn!! >> > There'salways something to celebrate....:-) > This time it was "first day this week that I didn't need work > underpaid(!!!) overtime"... It's been a b*tch of a week. Again. So > friday just couldn't come quite fast eenough:-):-) > > Cheers I understand that! I get non-paid overtime, so I feel your pain!! Don't get me wrong, as my pay isn't that bad, but it goes down very quickly as you add hours :-( -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080406/57bd4fe7/signature.bin From ssilva at sgvwater.com Mon Apr 7 00:00:45 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 7 00:01:26 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <47F8E791.10709@ecs.soton.ac.uk> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> <47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> Message-ID: on 4-6-2008 8:09 AM Julian Field spake the following: > Ignore all previous requests for information. I've got enough of it, > pretty much. > The only thing I cannot handle is inserted OLE "Packages" that contain > multiple files. If someone fancies creating one of those and sending it > to me, I'll improve the Package parser to cope with it. > > But it now works with files inserted into Microsoft Office documents > just fine. > > This will be in the next release. > I guess it's a fairly major new feature, the ability to extract embedded > files from Microsoft Office documents. > :-) > > I think I'm going to have a rest now... > Poking another hole in the Microsoft armor was a big task. A well deserved rest it will be!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080406/d07990aa/signature.bin From steinmb at tbsk.no Mon Apr 7 00:49:06 2008 From: steinmb at tbsk.no (steinmb) Date: Mon Apr 7 00:49:51 2008 Subject: Moving black hole test to Postfix Message-ID: Hi Have been thinking about moving some of the blackhole testing to Postfix (SMTP level). In my head this is cheaper? My mail server is old so less scanning Mailscanner have to do the better. In /etc/postfix I changed smtpd_recipient_restrictions to: smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recip ient, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client autoblock.dnsbl Now what? Do I remove those I run on SMTP level from my /etc/Mailscanner/spam.lists.conf ? Doing those checks twice makes no sense. In spam.lists.conf I find lines like: spamhaus.org sbl.spamhaus.org. spamhaus-XBL xbl.spamhaus.org. spamhaus-PBL pbl.spamhaus.org. spamhaus-ZEN zen.spamhaus.org. SBL+XBL sbl-xbl.spamhaus.org. -- Stein From rapin at linuxmail.org Mon Apr 7 05:29:03 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Mon Apr 7 05:29:49 2008 Subject: how to config Message Content Protection (MCP) Message-ID: <20080407042903.2D58F7B8F1@ws5-10.us4.outblaze.com> Dear all I want to know how to config Message Content Protection (MCP)? Thx.. -------------------------------------------------- Linuxmail Rapin P. = Tax Planning for Travel Nurses As a Travel nurse, you need accurate tax information. TravelTax offers the solutions you need. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=115328fc5e72e7c03c2be1a4cc3116ed -- Powered by Outblaze From hvdkooij at vanderkooij.org Mon Apr 7 06:18:46 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Apr 7 06:19:31 2008 Subject: Moving black hole test to Postfix In-Reply-To: References: Message-ID: <47F9AEB6.9000308@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 steinmb wrote: | Hi | Have been thinking about moving some of the blackhole testing to Postfix | (SMTP level). In my head this is cheaper? My mail server is old so less | scanning Mailscanner have to do the better. | | In /etc/postfix I changed smtpd_recipient_restrictions to: | | smtpd_recipient_restrictions = permit_sasl_authenticated, | permit_mynetworks, reject_unauth_destination, | reject_unknown_recipient_domain, reject_unverified_recip | ient, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, | reject_rbl_client autoblock.dnsbl | | Now what? Do I remove those I run on SMTP level from my | /etc/Mailscanner/spam.lists.conf ? Doing those checks twice makes no sense. | In spam.lists.conf I find lines like: | | spamhaus.org sbl.spamhaus.org. | spamhaus-XBL xbl.spamhaus.org. | spamhaus-PBL pbl.spamhaus.org. | spamhaus-ZEN zen.spamhaus.org. | SBL+XBL sbl-xbl.spamhaus.org. Keep in mind that SA runs them on all the Received: headers. So your contact might be clean but it may have received them from a system that is on every known list. You might want to take that into account handing out points. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD4DBQFH+a61BvzDRVjxmYERAmHxAJi3pQEQcYQWobCvSHeEVxfMq6n1AJwMkLWZ qa44c6qNMFKTlmqwXGlGKQ== =DI69 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Mon Apr 7 06:29:42 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Apr 7 06:29:51 2008 Subject: how to config Message Content Protection (MCP) In-Reply-To: <20080407042903.2D58F7B8F1@ws5-10.us4.outblaze.com> References: <20080407042903.2D58F7B8F1@ws5-10.us4.outblaze.com> Message-ID: <47F9B146.8050402@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linuxmail R. wrote: | I want to know how to config Message Content Protection (MCP)? And what effort have you put into this yourself? What have you read? What have you searched for? I am afraid that every posting on this or any other mailinglist from you that I have seen so far shows that you have put in zero effort before you start sending questions to a mailinglist. That is simply the way to being ignored. Please read the fine introduction to asking questions on mailinglists: http://catb.org/%7Eesr/faqs/smart-questions.html We all make incidental mistakes in this regard but at least show the rest of the world you understood the spirit in which the manual was written and show you have put in some work of yourself. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH+bFEBvzDRVjxmYERAhDqAJ0eDyRu7OSavKb33o53rvyslWXCUACeMu/Z xx+LJQvwBlHYa36I43c0LdA= =goTW -----END PGP SIGNATURE----- From Robert.Meurlin at se.fujitsu.com Mon Apr 7 08:32:17 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Mon Apr 7 08:33:35 2008 Subject: a lot of mail delivery failed mail slips trough the filter Message-ID: <797363C57EE0884786F428AAABCD469201490BD9@sea0120sex2.nordic.x> Hello, i have seen recent week that a lot of spam that have these subject lines: failure notice Delivery Status Notification (Failure) Delivery failure WARNING. Mail Delayed Returned mail: see transcript for detail slipps trough the filter, is there any other way to stop them without header FRIEND_GREETINGS7 Subject =~ /Delivery Status Notification (Failure)/i describe FRIEND_GREETINGS7 blabla score FRIEND_GREETINGS7 100.0 ? /Rob. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/987fb76a/attachment.html From glenn.steen at gmail.com Mon Apr 7 08:46:10 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 7 08:46:46 2008 Subject: MailScanner ignoring some rules In-Reply-To: References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> <223f97700804050057v7d8a662q5e20c63ff16c648a@mail.gmail.com> Message-ID: <223f97700804070046x244cdf03t7f15378ec77fcbe8@mail.gmail.com> On 07/04/2008, Scott Silva wrote: > on 4-5-2008 12:57 AM Glenn Steen spake the following: > > > On 04/04/2008, Scott Silva wrote: > > > > > on 4-4-2008 11:20 AM Glenn Steen spake the following: > > > > > > > > > > Sorry all, for the top post... a bit too tipsy to really safely (snip) > > > > with even a virtual scissor...:-) > > > > > > > > > > > > > > > Happy Friday, Glenn!! > > > > > > > > There'salways something to celebrate....:-) > > This time it was "first day this week that I didn't need work > > underpaid(!!!) overtime"... It's been a b*tch of a week. Again. So > > friday just couldn't come quite fast eenough:-):-) > > > > Cheers > > > I understand that! I get non-paid overtime, so I feel your pain!! > > Don't get me wrong, as my pay isn't that bad, but it goes down very quickly > as you add hours :-( > Once you earn enough you get three extra days vacation-time... Which is supposed to be enough compensation for ones overtime... Didn't quite take three easy weeks to "earn up" that time, once I crossed over. Not really complaining, and it's not really unpaid (well...:-), but... Not that great either:/. Oh well, a luxury problem, I guess...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Apr 7 09:04:59 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 7 09:05:35 2008 Subject: Moving black hole test to Postfix In-Reply-To: <47F9AEB6.9000308@vanderkooij.org> References: <47F9AEB6.9000308@vanderkooij.org> Message-ID: <223f97700804070104v4fc2bf2bo56bdfbbfd052799d@mail.gmail.com> On 07/04/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > steinmb wrote: > | Hi > | Have been thinking about moving some of the blackhole testing to Postfix > | (SMTP level). In my head this is cheaper? My mail server is old so less > | scanning Mailscanner have to do the better. > | > | In /etc/postfix I changed smtpd_recipient_restrictions to: > | > | smtpd_recipient_restrictions = permit_sasl_authenticated, > | permit_mynetworks, reject_unauth_destination, > | reject_unknown_recipient_domain, reject_unverified_recip > | ient, reject_rbl_client zen.spamhaus.org, reject_rbl_client > bl.spamcop.net, > | reject_rbl_client autoblock.dnsbl > | > | Now what? Do I remove those I run on SMTP level from my > | /etc/Mailscanner/spam.lists.conf ? Doing those checks > twice makes no > sense. > | In spam.lists.conf I find lines like: > | > | spamhaus.org sbl.spamhaus.org. > | spamhaus-XBL xbl.spamhaus.org. > | spamhaus-PBL pbl.spamhaus.org. > | spamhaus-ZEN zen.spamhaus.org. > | SBL+XBL sbl-xbl.spamhaus.org. > > Keep in mind that SA runs them on all the Received: headers. So your > contact might be clean but it may have received them from a system that > is on every known list. You might want to take that into account handing > out points. > ... Which is good for SA, but ... Stein is looking at MS...:-). One shouldn't touch spam.lists.conf, only the Spam Lists settings in MailScanner.conf ... And of course, Stein, don't include the lists you have in PF in MS. As Hugo says, the ones that get past the initial check can benefit from getting checked in SA, so let that be as is for a while. And monitor your logs. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jlcostinha at halla.pt Mon Apr 7 09:04:54 2008 From: jlcostinha at halla.pt (Jorge Costinha) Date: Mon Apr 7 09:05:46 2008 Subject: Zip Attachments In-Reply-To: <47F69EAD.7000808@ecs.soton.ac.uk> References: <47F6542A.6090204@halla.pt> <47F69EAD.7000808@ecs.soton.ac.uk> Message-ID: <47F9D5A6.5030603@halla.pt> i want to zip the attachments everytime their size > 5000k and are coming From a specific email address. but it's not working... nothing is getting zip at all. thanks in advance, Jorge here's the MailScanner -v output: Running on Linux mx.halla.pt 2.6.22.14-72.fc6 #1 SMP Wed Nov 21 13:44:07 EST 2007 i686 i686 i386 GNU/Linux This is Fedora Core release 6 (Zod) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.65.3 Module versions are: 1.00 AnyDBM_File 1.18 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.18 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.03 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.30 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder missing ExtUtils::ParseXS missing Inline missing IO::String 1.04 IO::Zlib 2.23 IP::Country missing Mail::ClamAV 3.002000 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.19 Math::BigRat 0.2806 Module::Build 0.20 Net::CIDR::Lite 0.61 Net::DNS v0.003 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP missing Parse::RecDescent missing SAVI 2.64 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML Julian Field wrote: > Are you saying something doesn't work as expected? > You haven't actually said you have a problem, or what the problem is. > Plus some basic information such as the output of MailScanner -v would > help us to help you. > > Jorge Costinha wrote: >> i got >> >> Zip Attachment = %rules-dir%/filename.rules >> Attachments min total size to zip = 5000k >> >> where in filename.rules i got: >> >> From: yes >> FromOrTo: default no >> >> what am i missing? >> >> PS- i also have the Maximum Message Size = >> %rules-dir%/anotherfilename.rules. this is working as it should. >> >> thanks in advance. >> >> Jorge >> >> >> >> > > Jules > From glenn.steen at gmail.com Mon Apr 7 09:10:18 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 7 09:10:53 2008 Subject: a lot of mail delivery failed mail slips trough the filter In-Reply-To: <797363C57EE0884786F428AAABCD469201490BD9@sea0120sex2.nordic.x> References: <797363C57EE0884786F428AAABCD469201490BD9@sea0120sex2.nordic.x> Message-ID: <223f97700804070110t5d421443m9a82743e1964e397@mail.gmail.com> On 07/04/2008, Meurlin Robert wrote: > > > Hello, > i have seen recent week that a lot of spam that have these subject lines: > failure notice > Delivery Status Notification (Failure) > Delivery failure > WARNING. Mail Delayed > Returned mail: see transcript for detail > > > slipps trough the filter, is there any other way to stop them without > > header FRIEND_GREETINGS7 Subject =~ /Delivery Status Notification > (Failure)/i > describe FRIEND_GREETINGS7 blabla > > score FRIEND_GREETINGS7 100.0 > > > ? If they are truly sent from <> (a.k.a. MAILER-DAEMON:-), the Watermark feature of a fairly recent MailScanner can help a bit, or perhaps milter-null. If they're not really DSNs, only pretending... other measures are what you need. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.freegard at fsl.com Mon Apr 7 09:13:35 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Apr 7 09:15:31 2008 Subject: Moving black hole test to Postfix In-Reply-To: References: Message-ID: <47F9D7AF.7050504@fsl.com> Hi Stein, steinmb wrote: > Hi > Have been thinking about moving some of the blackhole testing to Postfix > (SMTP level). In my head this is cheaper? My mail server is old so less > scanning Mailscanner have to do the better. > > In /etc/postfix I changed smtpd_recipient_restrictions to: > > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination, > reject_unknown_recipient_domain, reject_unverified_recip > ient, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, > reject_rbl_client autoblock.dnsbl Looks good to my novice Postfix eyes. > Now what? Do I remove those I run on SMTP level from my > /etc/Mailscanner/spam.lists.conf ? Doing those checks twice makes no sense. > In spam.lists.conf I find lines like: > > spamhaus.org sbl.spamhaus.org. > spamhaus-XBL xbl.spamhaus.org. > spamhaus-PBL pbl.spamhaus.org. > spamhaus-ZEN zen.spamhaus.org. > SBL+XBL sbl-xbl.spamhaus.org. Whoa, yes - you want to remove those. You only ever want to query Spamhaus *once* as those lines cause each list to be queried around 2-3 times each (which is slow as MailScanner does these sequentially). For anyone else that has similar in their spam.lists.conf file - you really want just one entry: spamhaus-ZEN zen.spamhaus.org OR (if you don't want to mark dial-up/dynamic + ISP policy listed space as spam) spamhaus-SBL+XBL sbl-xbl.spamhaus.org As the SBL+XBL contains, the SBL and XBL lists (duh!) and Zen includes SBL+XBL+PBL, so you see that querying the lists separately just wastes time and packets. Cheers, Steve. From list-mailscanner at linguaphone.com Mon Apr 7 08:57:50 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Apr 7 09:18:06 2008 Subject: Moving black hole test to Postfix In-Reply-To: References: Message-ID: <1207555070.31630.1.camel@gblades-suse.linguaphone-intranet.co.uk> Thats exactly the same configuration I have :) Make sure you really do need 'reject_rbl_client autoblock.dnsbl' as that is what I use to reject mail based upon my mailwatch2rbl program. On Mon, 2008-04-07 at 00:49, steinmb wrote: > Hi > Have been thinking about moving some of the blackhole testing to Postfix > (SMTP level). In my head this is cheaper? My mail server is old so less > scanning Mailscanner have to do the better. > > In /etc/postfix I changed smtpd_recipient_restrictions to: > > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination, > reject_unknown_recipient_domain, reject_unverified_recip > ient, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, > reject_rbl_client autoblock.dnsbl > > Now what? Do I remove those I run on SMTP level from my > /etc/Mailscanner/spam.lists.conf ? Doing those checks twice makes no sense. > In spam.lists.conf I find lines like: > > spamhaus.org sbl.spamhaus.org. > spamhaus-XBL xbl.spamhaus.org. > spamhaus-PBL pbl.spamhaus.org. > spamhaus-ZEN zen.spamhaus.org. > SBL+XBL sbl-xbl.spamhaus.org. > > -- > Stein From martyn at invictawiz.com Mon Apr 7 09:37:36 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Mon Apr 7 09:38:56 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F65299.70006@ecs.soton.ac.uk> References: <47F3CD9F.7070406@pixelhammer.com> <47F3D7A5.5040509@pixelhammer.com> <47F4BCB8.7030000@invictawiz.com> <47F4CBF1.70708@pixelhammer.com> <47F64B31.6090706@invictawiz.com> <47F65299.70006@ecs.soton.ac.uk> Message-ID: <47F9DD50.1060401@invictawiz.com> Julian Field wrote: > > > Martyn Routley wrote: > > DAve wrote: > >> Martyn Routley wrote: > >>> DAve wrote: > >>>> DAve wrote: > >>>> > >>>> I moved the incoming dir to a tmpfs mount (mdmfs on freebsd) no > >>>> change in processing time. > >>>> > >>>> I am getting really stumped now. > >>>> > >>>> DAve > >>>> > >>>> > >>>> > >>> What is your hardware? > >>> We had random processing times when running 6.2 on one of our > >>> servers. (Single P4 dual core) > >>> I upgraded in place to 7.0 (using FreeBsd Update > >>> (http://www.freebsd.org/releases/7.0R/announce.html) and now the > >>> emails don't touch the sides. > >>> Getting Sophos to work was a bind though. > >>> > >> Interesting, do you know the upgrade helped? I am always leery of > >> "upgrade" as a solution unless I know why the upgrade is the solution. > >> > >> Server 1 > >> Intel(R) Xeon(TM) CPU 2.40GHz Quad Core > >> 2GB ram > >> Quatum Atlas SCSI drives, one for the system and one for the spool dir > >> > >> Server 2 > >> Intel(R) Xeon(TM) CPU 2.40GHz Quad Core > >> 2GB ram > >> Maxtor SATA drives, one for the system and one for the spool dir > >> > >> DAve > >> > > Good question. > > All that changed was the os version and the fact that I rebuilt all > > installed ports. > So, in short, you changed "everything" :-) > > The server went from a 5 minute av of 7+ to 3.5 or less and from > > having 30 + messages waiting to be processed to having MailScanner > > waiting for messages most of the time. > > MS config/version didn't change > > I don't discount the possibility that rebuilding all of the installed > > ports helped. > > Sounds like it's sorted out then, and not really MailScanner's fault > after all :-) :-) > > Jules > Did I imply that? If it seemed like I did, I humbly apologise. What I omitted from the earlier message was that there have been reports of "Dramatic" improvements in multi processor operation over previous versions (see the FreeBsd announcement referred to above.) -- Martyn Routley ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- From rapin at linuxmail.org Mon Apr 7 09:49:55 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Mon Apr 7 09:50:31 2008 Subject: why ClamAV not show identities Message-ID: <20080407084955.412F3CBE80@ws5-11.us4.outblaze.com> Dear all why clamav not show this detail. how to fix it ClamAV Status Version: ClamAV 0.92.1 Virus Identities: Database Timestamp: Thank. -------------------------------------------------- Linuxmail Rapin P. = -- Powered by Outblaze From gerard at seibercom.net Mon Apr 7 11:08:25 2008 From: gerard at seibercom.net (Gerard) Date: Mon Apr 7 11:09:26 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> <47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> Message-ID: <20080407060825.50bf671f@scorpio> On Sun, 06 Apr 2008 16:00:45 -0700 Scott Silva wrote: > on 4-6-2008 8:09 AM Julian Field spake the following: > > Ignore all previous requests for information. I've got enough of > > it, pretty much. > > The only thing I cannot handle is inserted OLE "Packages" that > > contain multiple files. If someone fancies creating one of those > > and sending it to me, I'll improve the Package parser to cope with > > it. > > > > But it now works with files inserted into Microsoft Office > > documents just fine. > > > > This will be in the next release. > > I guess it's a fairly major new feature, the ability to extract > > embedded files from Microsoft Office documents. > > :-) > > > > I think I'm going to have a rest now... > > > Poking another hole in the Microsoft armor was a big task. A well > deserved rest it will be!! The use of OLE makes the creation of highly detailed documents far easier and accurate. The scanning of said documents when emailed I would assume to be a plus. However, if the scanning action breaks the OLE bonds then then cure is far worst than the disease. I have been sending these type of documents to colleagues for years without incident. A few years ago Symantec did categorize some of them as a VIRUS; however, that was a false positive and they quickly revised their definition files to reflect that. By the way, I usually send these files encrypted via PGP. How will/does MailScanner work on that type of document? -- Gerard gerard@seibercom.net My favorite sandwich is peanut butter, baloney, cheddar cheese, lettuce and mayonnaise on toasted bread with catsup on the side. Senator Hubert Humphrey -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/063e7fb1/signature.bin From gerard at seibercom.net Mon Apr 7 11:08:25 2008 From: gerard at seibercom.net (Gerard) Date: Mon Apr 7 11:09:57 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> <47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> Message-ID: <20080407060825.50bf671f@scorpio> On Sun, 06 Apr 2008 16:00:45 -0700 Scott Silva wrote: > on 4-6-2008 8:09 AM Julian Field spake the following: > > Ignore all previous requests for information. I've got enough of > > it, pretty much. > > The only thing I cannot handle is inserted OLE "Packages" that > > contain multiple files. If someone fancies creating one of those > > and sending it to me, I'll improve the Package parser to cope with > > it. > > > > But it now works with files inserted into Microsoft Office > > documents just fine. > > > > This will be in the next release. > > I guess it's a fairly major new feature, the ability to extract > > embedded files from Microsoft Office documents. > > :-) > > > > I think I'm going to have a rest now... > > > Poking another hole in the Microsoft armor was a big task. A well > deserved rest it will be!! The use of OLE makes the creation of highly detailed documents far easier and accurate. The scanning of said documents when emailed I would assume to be a plus. However, if the scanning action breaks the OLE bonds then then cure is far worst than the disease. I have been sending these type of documents to colleagues for years without incident. A few years ago Symantec did categorize some of them as a VIRUS; however, that was a false positive and they quickly revised their definition files to reflect that. By the way, I usually send these files encrypted via PGP. How will/does MailScanner work on that type of document? -- Gerard gerard@seibercom.net My favorite sandwich is peanut butter, baloney, cheddar cheese, lettuce and mayonnaise on toasted bread with catsup on the side. Senator Hubert Humphrey -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/063e7fb1/signature-0001.bin From maillists at conactive.com Mon Apr 7 11:31:14 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 7 11:32:01 2008 Subject: why ClamAV not show identities In-Reply-To: <20080407084955.412F3CBE80@ws5-11.us4.outblaze.com> References: <20080407084955.412F3CBE80@ws5-11.us4.outblaze.com> Message-ID: Linuxmail R. wrote on Mon, 7 Apr 2008 15:49:55 +0700: > why clamav not show this detail. Because you and you need a database. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Mon Apr 7 11:43:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 11:44:06 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <20080407060825.50bf671f@scorpio> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> <47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> <20080407060825.50bf671f@scorpio> Message-ID: <47F9FAC3.5010605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerard wrote: > On Sun, 06 Apr 2008 16:00:45 -0700 > Scott Silva wrote: > > >> on 4-6-2008 8:09 AM Julian Field spake the following: >> >>> Ignore all previous requests for information. I've got enough of >>> it, pretty much. >>> The only thing I cannot handle is inserted OLE "Packages" that >>> contain multiple files. If someone fancies creating one of those >>> and sending it to me, I'll improve the Package parser to cope with >>> it. >>> >>> But it now works with files inserted into Microsoft Office >>> documents just fine. >>> >>> This will be in the next release. >>> I guess it's a fairly major new feature, the ability to extract >>> embedded files from Microsoft Office documents. >>> :-) >>> >>> I think I'm going to have a rest now... >>> >>> >> Poking another hole in the Microsoft armor was a big task. A well >> deserved rest it will be!! >> > > The use of OLE makes the creation of highly detailed documents far > easier and accurate. The scanning of said documents when emailed I > would assume to be a plus. However, if the scanning action breaks the > OLE bonds then then cure is far worst than the disease. > What do you mean, "breaks the OLE bonds"? I don't have a clue what you're talking about. > I have been sending these type of documents to colleagues for years > without incident. A few years ago Symantec did categorize some of them > as a VIRUS; however, that was a false positive and they quickly revised > their definition files to reflect that. > > By the way, I usually send these files encrypted via PGP. How will/does > MailScanner work on that type of document? > Obviously MailScanner cannot parse messages which have been encrypted with PGP. Whether such things are allowed is controlled by the relevant Encryption settings in MailScanner.conf. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH+frEEfZZRxQVtlQRAkJjAJ9oFUpeOJZ/4rMjiK5bMtwKUqQ85QCg8TeL 1RGq0guPfjtoPE2tk6fu3Jo= =O33p -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From telecaadmin at gmail.com Mon Apr 7 12:29:07 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Apr 7 12:29:48 2008 Subject: MS hangs with strange clamav database Message-ID: <47FA0583.1060509@gmail.com> Hi, Usually the clamav database looks like this: #> ls -l /var/clamav/ total 13152 -rw-r--r-- 1 clamav clamav 396261 Apr 7 12:39 daily.cvd -rw-r--r-- 1 clamav clamav 13050207 Apr 7 12:39 main.cvd -rw------- 1 clamav clamav 52 Apr 7 12:40 mirrors.dat But sometimes the daily.cvd and main.cvd get strangely converted to subdirectories with around 10 files in them - that's when MS starts to hang and not process any mail at all. Error is: Apr 7 12:34:10 SERVER MailScanner[24956]: None of the files matched by the "Monitors For ClamAV Updates" patterns exist! ... which of course is true because of my setting Monitors for ClamAV Updates = /var/clamav/*.cvd My question is twofold: 1) Has anybody seen a similar thing and why do the clamav files get strange? 2) What is the best value for "Monitors for ClamAV Updates" to prevent such a breakdown in case clamav gets strange again? Thanks and cheers, Ronny From dyioulos at firstbhph.com Mon Apr 7 12:53:56 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Apr 7 12:54:40 2008 Subject: MailScanner --lint errors Message-ID: <200804070753.57730.dyioulos@firstbhph.com> All, I'm now running mailscanner-4.68.8-1 on a CentOS 3 box, along with spamassassin-3.2.4-1.el3.rf. When I run MailScanner --lint, I get the following: Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database Use of uninitialized value in addition (+) at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 371. plugin: eval failed: Can't locate object method "log_lookups_timing" via package "Mail::SpamAssassin::AsyncLoop" at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 381. SpamAssassin reported no errors. I didn't get that with mailscanner-4.65.3-1, my last version before upgrading to the latest. My mail system seems to work fine, but I'd like to eliminate these errors if possible. Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Apr 7 12:54:50 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 7 12:55:24 2008 Subject: MS hangs with strange clamav database In-Reply-To: <47FA0583.1060509@gmail.com> References: <47FA0583.1060509@gmail.com> Message-ID: <223f97700804070454m89e2dc2s4e1079e19efef1f8@mail.gmail.com> On 07/04/2008, Ronny T. Lampert wrote: > Hi, > > Usually the clamav database looks like this: > > #> ls -l /var/clamav/ > total 13152 > -rw-r--r-- 1 clamav clamav 396261 Apr 7 12:39 daily.cvd > -rw-r--r-- 1 clamav clamav 13050207 Apr 7 12:39 main.cvd > -rw------- 1 clamav clamav 52 Apr 7 12:40 mirrors.dat > > > But sometimes the daily.cvd and main.cvd get strangely converted to > subdirectories with around 10 files in them - that's when MS starts to > hang and not process any mail at all. > > Error is: > > Apr 7 12:34:10 SERVER MailScanner[24956]: None of the files matched by > the "Monitors For ClamAV Updates" patterns exist! > > ... which of course is true because of my setting > > Monitors for ClamAV Updates = /var/clamav/*.cvd So you are using ClamAVModule... Then that one is wrong, and has been for quite some time now. If you search the archives you'll see that it need look something like: Monitors for ClamAV Updates = /var/clamav/*.inc/* /var/clamav/*.?db /var/clamav/*.cvd .... Assuming /var/clamav to be correct for your ClamAV signature DBs. The first one is for the incremental updates you are normally seeing, the second for any "extra" signatires you might have, the third one is for the "normal" monolithic DBs. > > My question is twofold: > > 1) Has anybody seen a similar thing and why do the clamav files get > strange? Yes. Incremental updates. > > 2) What is the best value for "Monitors for ClamAV Updates" to prevent > such a breakdown in case clamav gets strange again? "Best" is a relative tierm:-). The above is what I use... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Apr 7 12:56:17 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 7 12:56:53 2008 Subject: MS hangs with strange clamav database In-Reply-To: <223f97700804070454m89e2dc2s4e1079e19efef1f8@mail.gmail.com> References: <47FA0583.1060509@gmail.com> <223f97700804070454m89e2dc2s4e1079e19efef1f8@mail.gmail.com> Message-ID: <223f97700804070456j39092b34i93a4b07628ee041b@mail.gmail.com> On 07/04/2008, Glenn Steen wrote: > On 07/04/2008, Ronny T. Lampert wrote: > > Hi, > > > > Usually the clamav database looks like this: > > > > #> ls -l /var/clamav/ > > total 13152 > > -rw-r--r-- 1 clamav clamav 396261 Apr 7 12:39 daily.cvd > > -rw-r--r-- 1 clamav clamav 13050207 Apr 7 12:39 main.cvd > > -rw------- 1 clamav clamav 52 Apr 7 12:40 mirrors.dat > > > > > > But sometimes the daily.cvd and main.cvd get strangely converted to > > subdirectories with around 10 files in them - that's when MS starts to > > hang and not process any mail at all. > > > > Error is: > > > > Apr 7 12:34:10 SERVER MailScanner[24956]: None of the files matched by > > the "Monitors For ClamAV Updates" patterns exist! > > > > ... which of course is true because of my setting > > > > Monitors for ClamAV Updates = /var/clamav/*.cvd > > So you are using ClamAVModule... Then that one is wrong, and has been > for quite some time now. If you search the archives you'll see that it > need look something like: > > Monitors for ClamAV Updates = /var/clamav/*.inc/* /var/clamav/*.?db > /var/clamav/*.cvd Beware line wrapping... the above is (of course:-) meant to be on one line. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From thenrique at gmail.com Mon Apr 7 13:32:15 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Mon Apr 7 13:32:49 2008 Subject: File Type Check Problem In-Reply-To: <47F63D8D.3070105@ecs.soton.ac.uk> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> <47F548BE.8030804@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0E20@HOUPEX01.nfsmith.info> <47F63D8D.3070105@ecs.soton.ac.uk> Message-ID: Hy Jules, I have changed the rules in filetype.rules.conf to: deny - x-dosexec No DOS executables No DOS programs allowed But a simple mail with png attachment is considered DOS program: Reporte: MailScanner: No DOS programs allowed (powerphplist.png) When i run file command in the blocked attachment the result is: mail01 1ADE250F95.6ACCF # file -i powerphplist.png powerphplist.png: image/png mail01 1ADE250F95.6ACCF # file powerphplist.png powerphplist.png: PNG image data, 70 x 30, 8-bit colormap, non-interlaced I try to write a new rule: allow - text/plain - permited permited But the mail has blocked again. What is magical to work? On Fri, Apr 4, 2008 at 11:39 AM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Mike Kercher wrote: > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Julian Field > >> Sent: Thursday, April 03, 2008 3:21 PM > >> To: MailScanner discussion > >> Subject: Re: File Type Check Problem > >> > >> > >> > >> Mike Kercher wrote: > >> > >> > >>> I've been searching and haven't found a resolution for this yet. > >>> > >>> Periodically, we get emails with attachments coming through that are > >>> not being detected properly. MailScanner reports: > >>> > >>> MailScanner: No programs allowed (msg-10410-101.txt) > >>> > >>> > >>> > >> This is being caught by the filetype trap. > >> > >> > >>> If I go look at the quarantined email in MailWatch and download the > >>> attachment, it is a PDF. > >>> > >>> > >> That may be what the filename says, but what does the "file" command > >> report? > >> > >> > >>> There was talk of the file -i command switch. > >>> Is this something that needs to be set in MailScanner.conf? > >>> > >>> > >>> > >> No, just read the latest filetype.rules.conf and filename.rules.conf > >> files, the comments at the top of each file tell you how to use it. > >> There is also an example line in filetype.rules.conf for you to copy. > >> > >> > >> > >>> TIA > >>> > >>> Mike > >>> > >>> > >>> > >> Jules > >> > >> -- > >> > >> Jules, > >> > >> Running file against the message yields the following: > >> > >> [root@HOUPMS02 m334jSTE009852]# file message > >> message: smtp mail text > >> [root@HOUPMS02 m334jSTE009852]# file -i message > >> message: message/rfc822\011 > >> > >> Not quite sure what changing the filetype.rules.conf would do for me > >> here. > >> > >> > > No! I meat you to run the "file" command on the attachment, not the > > message! :-( Funnily enough, when you run it on the message it says it's > > a message :-) > > > > Jules > > > > -------- > > > > Sorry about that :) Here's the output of file run against the > > attachment itself: > > > > [root@HOUPMS01 ~]# file OSC81.pdf > > OSC81.pdf: PDF document, version 1.3 > > > > [root@HOUPMS01 ~]# file -i OSC81.pdf > > OSC81.pdf: application/pdf > > > Have just checked your original report, and it wasn't the attachment it > blocked, it was the main message body (hence the "txt" extension with > the unusual filename). Harder to stop that unless you switch from using > the "executable" trap in filetype.rules.conf to a replacement trap using > the MIME type reported by file -i instead (see comments at the start of > filetype.rules.conf). > > Mike > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH9j2OEfZZRxQVtlQRAmZiAJwPS5jjxhoukvmFSoj5JYyMGP8U+QCgzMdS > bHrfC2GyNSDz4ZOdqsl9zSw= > =knIJ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/fcf7cdbc/attachment.html From dave.list at pixelhammer.com Mon Apr 7 13:47:19 2008 From: dave.list at pixelhammer.com (DAve) Date: Mon Apr 7 13:48:05 2008 Subject: New MS install is slow to an extreme In-Reply-To: <47F9DD50.1060401@invictawiz.com> References: <47F3CD9F.7070406@pixelhammer.com> <47F3D7A5.5040509@pixelhammer.com> <47F4BCB8.7030000@invictawiz.com> <47F4CBF1.70708@pixelhammer.com> <47F64B31.6090706@invictawiz.com> <47F65299.70006@ecs.soton.ac.uk> <47F9DD50.1060401@invictawiz.com> Message-ID: <47FA17D7.8000309@pixelhammer.com> Martyn Routley wrote: > Julian Field wrote: >> >> >> Martyn Routley wrote: >> > DAve wrote: >> >> Martyn Routley wrote: >> >>> DAve wrote: >> >>>> DAve wrote: >> >>>> >> >>>> I moved the incoming dir to a tmpfs mount (mdmfs on freebsd) no >> >>>> change in processing time. >> >>>> >> >>>> I am getting really stumped now. >> >>>> >> >>>> DAve >> >>>> >> >>>> >> >>>> >> >>> What is your hardware? >> >>> We had random processing times when running 6.2 on one of our >> >>> servers. (Single P4 dual core) >> >>> I upgraded in place to 7.0 (using FreeBsd Update >> >>> (http://www.freebsd.org/releases/7.0R/announce.html) and now the >> >>> emails don't touch the sides. >> >>> Getting Sophos to work was a bind though. >> >>> >> >> Interesting, do you know the upgrade helped? I am always leery of >> >> "upgrade" as a solution unless I know why the upgrade is the solution. >> >> >> >> Server 1 >> >> Intel(R) Xeon(TM) CPU 2.40GHz Quad Core >> >> 2GB ram >> >> Quatum Atlas SCSI drives, one for the system and one for the spool dir >> >> >> >> Server 2 >> >> Intel(R) Xeon(TM) CPU 2.40GHz Quad Core >> >> 2GB ram >> >> Maxtor SATA drives, one for the system and one for the spool dir >> >> >> >> DAve >> >> >> > Good question. >> > All that changed was the os version and the fact that I rebuilt all >> > installed ports. >> So, in short, you changed "everything" :-) >> > The server went from a 5 minute av of 7+ to 3.5 or less and from >> > having 30 + messages waiting to be processed to having MailScanner >> > waiting for messages most of the time. >> > MS config/version didn't change >> > I don't discount the possibility that rebuilding all of the installed >> > ports helped. >> >> Sounds like it's sorted out then, and not really MailScanner's fault >> after all :-) :-) >> >> Jules >> > Did I imply that? If it seemed like I did, I humbly apologise. > What I omitted from the earlier message was that there have been reports > of "Dramatic" improvements in multi processor operation over previous > versions (see the FreeBsd announcement referred to above.) I didn't get that impression. My big issue was a normal run through of the change log didn't prepare me for how much of a difference the new MS made. I knew from the start, and I hope everyone got that, my issues were my own failure to tune/config/adjust something. Which in the end proved to be true. Once pointed in the right direction we smoothed out. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From telecaadmin at gmail.com Mon Apr 7 13:49:22 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Apr 7 13:49:57 2008 Subject: MS hangs with strange clamav database (SOLVED) In-Reply-To: <223f97700804070456j39092b34i93a4b07628ee041b@mail.gmail.com> References: <47FA0583.1060509@gmail.com> <223f97700804070454m89e2dc2s4e1079e19efef1f8@mail.gmail.com> <223f97700804070456j39092b34i93a4b07628ee041b@mail.gmail.com> Message-ID: <47FA1852.6040906@gmail.com> >> need look something like: >> >> Monitors for ClamAV Updates = /var/clamav/*.inc/* /var/clamav/*.?db >> /var/clamav/*.cvd I completely seem to have forgotten about the incrementals... shame on me. Don't know when that setting got wrong. But alas, I've changed it because it really does look sensible. Thanks Glen! From gmatt at nerc.ac.uk Mon Apr 7 14:01:39 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Apr 7 14:02:49 2008 Subject: Old free Bitdefender and hit rate In-Reply-To: References: Message-ID: <47FA1B33.3020001@nerc.ac.uk> Scott Silva wrote: > Just out of curiosity, has anyone that is still running the old free > version of bitdefender (BDC/Linux-Console v7.1 (build 2559))still been > getting virus hits with it? it still hits a handful for us - comparable with the hit rate for Sophos and both Sophos and Bitdefender often hit different positives. As someone else said - it is a resource hog... > > I haven't seen anything hit with it for 6 months or so, even though it > still updates and shows current. > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From shuttlebox at gmail.com Mon Apr 7 15:30:05 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 7 15:30:44 2008 Subject: Timestamp problem when running --debug-sa Message-ID: <625385e30804070730u38f2968cwf7412ee5c7bbc6d4@mail.gmail.com> I tried the new timestamp feature in --debug-sa introduced in 4.67 and it complained about awk not supporting strftime, I kind of expected that since Solaris comes with a legacy awk in /bin. I installed gawk and it's in my path as can be seen below: # which awk /bin/awk # which gawk /opt/csw/bin/gawk I then changed the two awk calls in SA.pm to gawk but still got this: # MailScanner --debug --debug-sa In Debugging mode, not forking... Trying to setlogsock(udp) sh: gawk: not found ***** If 'awk' (with support for the function strftime) was available on your $PATH then all the SpamAssassin debug output would have the current time added to the start of every line, making debugging far easier. ***** I assume MailScanner uses some short custom path even though it claims that it would work if I had gawk in my path which I do. If I hardcode the complete path to my gawk (opt/csw/bin/gawk) I get the correct result: # MailScanner --debug --debug-sa In Debugging mode, not forking... Trying to setlogsock(udp) 16:17:44 SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp On a single system this could simply be solved by symlinking old awk to new gawk but I would like a "clean" solution for my Solaris packages, I will of course have to add gawk as a dependency to MailScanner but should I just change the paths in SA.pm for my package (that will have to be done for every release) or should MS look for awk/gawk in more places or should we have a new config option for the location of awk? I'm fine with me changing the paths for every release, I have a totally automated build script, but I'm a little surprised that no one else has had problems. I guess most have GNU tools as the default... -- /peter From maillists at conactive.com Mon Apr 7 15:31:14 2008 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Apr 7 15:32:16 2008 Subject: MailScanner --lint errors In-Reply-To: <200804070753.57730.dyioulos@firstbhph.com> References: <200804070753.57730.dyioulos@firstbhph.com> Message-ID: Dimitri Yioulos wrote on Mon, 7 Apr 2008 07:53:56 -0400: > I didn't get that with mailscanner-4.65.3-1, my last version before upgrading > to the latest. sounds rather like a problem with SA. Did you also upgrade SA? You may be missing a now required Perl module. A timing package? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Mon Apr 7 15:46:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 15:47:30 2008 Subject: File Type Check Problem In-Reply-To: References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> <47F548BE.8030804@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0E20@HOUPEX01.nfsmith.info> <47F63D8D.3070105@ecs.soton.ac.uk> Message-ID: <47FA33D9.7010605@ecs.soton.ac.uk> Attached is a zip of a new SweepOther.pm (goes in /usr/lib/MailScanner/MailScanner) that will solve the problem for you. This will be in the next release. Sorry! Jules. Thiago Henrique wrote: > Hy Jules, > > I have changed the rules in filetype.rules.conf to: > deny - x-dosexec No DOS executables No DOS programs > allowed > > But a simple mail with png attachment is considered DOS program: > > Reporte: MailScanner: No DOS programs allowed (powerphplist.png) > > When i run file command in the blocked attachment the result is: > mail01 1ADE250F95.6ACCF # file -i powerphplist.png > powerphplist.png: image/png > > mail01 1ADE250F95.6ACCF # file powerphplist.png > powerphplist.png: PNG image data, 70 x 30, 8-bit colormap, non-interlaced > > > I try to write a new rule: > allow - text/plain - permited permited > > But the mail has blocked again. > > What is magical to work? > > On Fri, Apr 4, 2008 at 11:39 AM, Julian Field > > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Mike Kercher wrote: > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > > >> [mailto:mailscanner-bounces@lists.mailscanner.info > ] On Behalf Of > >> Julian Field > >> Sent: Thursday, April 03, 2008 3:21 PM > >> To: MailScanner discussion > >> Subject: Re: File Type Check Problem > >> > >> > >> > >> Mike Kercher wrote: > >> > >> > >>> I've been searching and haven't found a resolution for this yet. > >>> > >>> Periodically, we get emails with attachments coming through > that are > >>> not being detected properly. MailScanner reports: > >>> > >>> MailScanner: No programs allowed (msg-10410-101.txt) > >>> > >>> > >>> > >> This is being caught by the filetype trap. > >> > >> > >>> If I go look at the quarantined email in MailWatch and > download the > >>> attachment, it is a PDF. > >>> > >>> > >> That may be what the filename says, but what does the "file" > command > >> report? > >> > >> > >>> There was talk of the file -i command switch. > >>> Is this something that needs to be set in MailScanner.conf? > >>> > >>> > >>> > >> No, just read the latest filetype.rules.conf and > filename.rules.conf > >> files, the comments at the top of each file tell you how to use it. > >> There is also an example line in filetype.rules.conf for you to > copy. > >> > >> > >> > >>> TIA > >>> > >>> Mike > >>> > >>> > >>> > >> Jules > >> > >> -- > >> > >> Jules, > >> > >> Running file against the message yields the following: > >> > >> [root@HOUPMS02 m334jSTE009852]# file message > >> message: smtp mail text > >> [root@HOUPMS02 m334jSTE009852]# file -i message > >> message: message/rfc822\011 > >> > >> Not quite sure what changing the filetype.rules.conf would do > for me > >> here. > >> > >> > > No! I meat you to run the "file" command on the attachment, not the > > message! :-( Funnily enough, when you run it on the message it > says it's > > a message :-) > > > > Jules > > > > -------- > > > > Sorry about that :) Here's the output of file run against the > > attachment itself: > > > > [root@HOUPMS01 ~]# file OSC81.pdf > > OSC81.pdf: PDF document, version 1.3 > > > > [root@HOUPMS01 ~]# file -i OSC81.pdf > > OSC81.pdf: application/pdf > > > Have just checked your original report, and it wasn't the > attachment it > blocked, it was the main message body (hence the "txt" extension with > the unusual filename). Harder to stop that unless you switch from > using > the "executable" trap in filetype.rules.conf to a replacement trap > using > the MIME type reported by file -i instead (see comments at the > start of > filetype.rules.conf). > > Mike > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH9j2OEfZZRxQVtlQRAmZiAJwPS5jjxhoukvmFSoj5JYyMGP8U+QCgzMdS > bHrfC2GyNSDz4ZOdqsl9zSw= > =knIJ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: SweepOther.pm.zip Type: application/x-zip-compressed Size: 6325 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/ad7c827d/SweepOther.pm.bin From TGFurnish at herffjones.com Mon Apr 7 16:06:49 2008 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Mon Apr 7 16:07:26 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <47F8E791.10709@ecs.soton.ac.uk> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk><47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> Message-ID: <57573D714A832C43B9D80EAFBDA48D030A03EC28@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Sunday, April 06, 2008 11:09 AM > To: MailScanner discussion > Subject: Re: detect executables embedded inside MS Office documents? > > Ignore all previous requests for information. I've got enough > of it, pretty much. > The only thing I cannot handle is inserted OLE "Packages" > that contain multiple files. If someone fancies creating one > of those and sending it to me, I'll improve the Package > parser to cope with it. > > But it now works with files inserted into Microsoft Office > documents just fine. > > This will be in the next release. > I guess it's a fairly major new feature, the ability to > extract embedded files from Microsoft Office documents. > :-) > > I think I'm going to have a rest now... > > Jules. Wow! I didn't really expect much response on that request! Thank you very much! I look forward to testing, although I'll admit I'm also hoping the method itself never takes off in the malware world. -- Trever From MailScanner at ecs.soton.ac.uk Mon Apr 7 16:41:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 16:42:14 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D030A03EC28@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk><47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> <57573D714A832C43B9D80EAFBDA48D030A03EC28@inex3.herffjones.hj-int> Message-ID: <47FA40A1.7070108@ecs.soton.ac.uk> Furnish, Trever G wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: Sunday, April 06, 2008 11:09 AM >> To: MailScanner discussion >> Subject: Re: detect executables embedded inside MS Office documents? >> >> Ignore all previous requests for information. I've got enough >> of it, pretty much. >> The only thing I cannot handle is inserted OLE "Packages" >> that contain multiple files. If someone fancies creating one >> of those and sending it to me, I'll improve the Package >> parser to cope with it. >> >> But it now works with files inserted into Microsoft Office >> documents just fine. >> >> This will be in the next release. >> I guess it's a fairly major new feature, the ability to >> extract embedded files from Microsoft Office documents. >> :-) >> >> I think I'm going to have a rest now... >> >> Jules. >> > > > Wow! I didn't really expect much response on that request! Thank you > very much! I look forward to testing, although I'll admit I'm also > hoping the method itself never takes off in the malware world. > No problem, I thought it was a nice idea. Fortunately Microsoft have actually published the spec of the Office documents, so it's now possible for people to write parsers without having to reverse engineer everything. I still had to reverse engineer the "Microsoft Packager" format by hand, as files are embedded in a Microsoft Package before being put into the Office document. I have already released a beta with the code in it, so you can test it now. If you want to show your gratitude, please feel free to make a donation or buy me some stuff from my amazon.co.uk wishlist. Full directions are on the website. Cheers, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/2edaa79b/attachment.html From dyioulos at firstbhph.com Mon Apr 7 17:10:50 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Apr 7 17:11:32 2008 Subject: MailScanner --lint errors In-Reply-To: References: <200804070753.57730.dyioulos@firstbhph.com> Message-ID: <200804071210.51683.dyioulos@firstbhph.com> On Monday 07 April 2008 10:31 am, Kai Schaetzl wrote: > Dimitri Yioulos wrote on Mon, 7 Apr 2008 07:53:56 -0400: > > I didn't get that with mailscanner-4.65.3-1, my last version before > > upgrading to the latest. > > sounds rather like a problem with SA. Did you also upgrade SA? You may be > missing a now required Perl module. A timing package? > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com Kai, I'm running the latest (RPM) version of SA - 3.2.4. All of the perl SA modules look to be up-to-date, too. I took a look at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpqamAssassin/Dns.pm line 371, which read "$total_waiting_time += $waiting_time". Just for fun, I deleted the +, ran MS --lint, and the first error was gone. However, I'm not sure if the "+=" isn't a valid construct, and what the consequences of my change would be (and so may just put back the +). As to the second error, I see the line in Dns.pm, but have no idea what it does. Googling has turned up little. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From astephens at ptera.net Mon Apr 7 17:56:07 2008 From: astephens at ptera.net (Arthur Stephens) Date: Mon Apr 7 17:57:05 2008 Subject: user opt-out Message-ID: <47FA5227.60006@ptera.net> I am running Maillscanner 4.55.10-3 and PostFix 2.3.8-1.fc5 on Fedora Core 5 I get requests from our customers saying they do not want the mailscanner service. Is there some way to tell mailscanner to pass thru emails to certain destinations? -- Arthur Stephens Senior Sales Technician Ptera Wireless Internet Service PO Box 135 Liberty Lake, WA 99019 509-927-7837 http://www.ptera.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/a03d0358/attachment.html From Kevin_Miller at ci.juneau.ak.us Mon Apr 7 18:02:20 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Apr 7 18:02:58 2008 Subject: user opt-out In-Reply-To: <47FA5227.60006@ptera.net> References: <47FA5227.60006@ptera.net> Message-ID: Just whitelist all messages to those users. See the sample files in the /etc/MailScanner/rules directory for examples... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Arthur Stephens Sent: Monday, April 07, 2008 8:56 AM To: mailscanner@lists.mailscanner.info Subject: user opt-out I am running Maillscanner 4.55.10-3 and PostFix 2.3.8-1.fc5 on Fedora Core 5 I get requests from our customers saying they do not want the mailscanner service. Is there some way to tell mailscanner to pass thru emails to certain destinations? -- Arthur Stephens Senior Sales Technician Ptera Wireless Internet Service PO Box 135 Liberty Lake, WA 99019 509-927-7837 http://www.ptera.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/43ae9651/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 7 18:18:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 18:18:55 2008 Subject: MailScanner --lint errors In-Reply-To: <200804071210.51683.dyioulos@firstbhph.com> References: <200804070753.57730.dyioulos@firstbhph.com> <200804071210.51683.dyioulos@firstbhph.com> Message-ID: <47FA574F.9020708@ecs.soton.ac.uk> Dimitri Yioulos wrote: > On Monday 07 April 2008 10:31 am, Kai Schaetzl wrote: > >> Dimitri Yioulos wrote on Mon, 7 Apr 2008 07:53:56 -0400: >> >>> I didn't get that with mailscanner-4.65.3-1, my last version before >>> upgrading to the latest. >>> >> sounds rather like a problem with SA. Did you also upgrade SA? You may be >> missing a now required Perl module. A timing package? >> >> Kai >> >> -- >> Kai Sch?tzl, Berlin, Germany >> Get your web at Conactive Internet Services: http://www.conactive.com >> > > Kai, > > I'm running the latest (RPM) version of SA - 3.2.4. All of the perl SA > modules look to be up-to-date, too. > > I took a look at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpqamAssassin/Dns.pm > line 371, which read "$total_waiting_time += $waiting_time". Just for fun, I > deleted the +, ran MS --lint, and the first error was gone. However, I'm not > sure if the "+=" isn't a valid construct, and what the consequences of my > change would be (and so may just put back the +). > You can't just remove "+" signs like that, sorry! That line is a shorthand for $total_waiting_time = $total_waiting_time + $waiting_time; > As to the second error, I see the line in Dns.pm, but have no idea what it > does. Googling has turned up little. > > Dimitri > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From thenrique at gmail.com Mon Apr 7 18:21:34 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Mon Apr 7 18:22:09 2008 Subject: File Type Check Problem In-Reply-To: <47FA33D9.7010605@ecs.soton.ac.uk> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> <47F548BE.8030804@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0E20@HOUPEX01.nfsmith.info> <47F63D8D.3070105@ecs.soton.ac.uk> <47FA33D9.7010605@ecs.soton.ac.uk> Message-ID: Hy Jules, I have applied this patch in 2 servers, and the problem is solved, Thanks... On Mon, Apr 7, 2008 at 11:46 AM, Julian Field wrote: > Attached is a zip of a new SweepOther.pm (goes in > /usr/lib/MailScanner/MailScanner) that will solve the problem for you. This > will be in the next release. > Sorry! > > Jules. > > Thiago Henrique wrote: > > > Hy Jules, > > > > I have changed the rules in filetype.rules.conf to: > > deny - x-dosexec No DOS executables No DOS programs > > allowed > > > > But a simple mail with png attachment is considered DOS program: > > > > Reporte: MailScanner: No DOS programs allowed (powerphplist.png) > > > > When i run file command in the blocked attachment the result is: > > mail01 1ADE250F95.6ACCF # file -i powerphplist.png > > powerphplist.png: image/png > > > > mail01 1ADE250F95.6ACCF # file powerphplist.png > > powerphplist.png: PNG image data, 70 x 30, 8-bit colormap, > > non-interlaced > > > > > > I try to write a new rule: > > allow - text/plain - permited permited > > > > But the mail has blocked again. > > > > What is magical to work? > > > > On Fri, Apr 4, 2008 at 11:39 AM, Julian Field < > > MailScanner@ecs.soton.ac.uk > wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Mike Kercher wrote: > > >> -----Original Message----- > > >> From: mailscanner-bounces@lists.mailscanner.info > > > > >> [mailto:mailscanner-bounces@lists.mailscanner.info > > ] On Behalf Of > > >> Julian Field > > >> Sent: Thursday, April 03, 2008 3:21 PM > > >> To: MailScanner discussion > > >> Subject: Re: File Type Check Problem > > >> > > >> > > >> > > >> Mike Kercher wrote: > > >> > > >> > > >>> I've been searching and haven't found a resolution for this yet. > > >>> > > >>> Periodically, we get emails with attachments coming through > > that are > > >>> not being detected properly. MailScanner reports: > > >>> > > >>> MailScanner: No programs allowed (msg-10410-101.txt) > > >>> > > >>> > > >>> > > >> This is being caught by the filetype trap. > > >> > > >> > > >>> If I go look at the quarantined email in MailWatch and > > download the > > >>> attachment, it is a PDF. > > >>> > > >>> > > >> That may be what the filename says, but what does the "file" > > command > > >> report? > > >> > > >> > > >>> There was talk of the file -i command switch. > > >>> Is this something that needs to be set in MailScanner.conf? > > >>> > > >>> > > >>> > > >> No, just read the latest filetype.rules.conf and > > filename.rules.conf > > >> files, the comments at the top of each file tell you how to use > > it. > > >> There is also an example line in filetype.rules.conf for you to > > copy. > > >> > > >> > > >> > > >>> TIA > > >>> > > >>> Mike > > >>> > > >>> > > >>> > > >> Jules > > >> > > >> -- > > >> > > >> Jules, > > >> > > >> Running file against the message yields the following: > > >> > > >> [root@HOUPMS02 m334jSTE009852]# file message > > >> message: smtp mail text > > >> [root@HOUPMS02 m334jSTE009852]# file -i message > > >> message: message/rfc822\011 > > >> > > >> Not quite sure what changing the filetype.rules.conf would do > > for me > > >> here. > > >> > > >> > > > No! I meat you to run the "file" command on the attachment, not the > > > message! :-( Funnily enough, when you run it on the message it > > says it's > > > a message :-) > > > > > > Jules > > > > > > -------- > > > > > > Sorry about that :) Here's the output of file run against the > > > attachment itself: > > > > > > [root@HOUPMS01 ~]# file OSC81.pdf > > > OSC81.pdf: PDF document, version 1.3 > > > > > > [root@HOUPMS01 ~]# file -i OSC81.pdf > > > OSC81.pdf: application/pdf > > > > > Have just checked your original report, and it wasn't the > > attachment it > > blocked, it was the main message body (hence the "txt" extension with > > the unusual filename). Harder to stop that unless you switch from > > using > > the "executable" trap in filetype.rules.conf to a replacement trap > > using > > the MIME type reported by file -i instead (see comments at the > > start of > > filetype.rules.conf). > > > Mike > > > > > > > > > > Jules > > > > - -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your > > boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.8.2 (Build 3005) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFH9j2OEfZZRxQVtlQRAmZiAJwPS5jjxhoukvmFSoj5JYyMGP8U+QCgzMdS > > bHrfC2GyNSDz4ZOdqsl9zSw= > > =knIJ > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/662ddc76/attachment-0001.html From thenrique at gmail.com Mon Apr 7 18:21:34 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Mon Apr 7 18:22:41 2008 Subject: File Type Check Problem In-Reply-To: <47FA33D9.7010605@ecs.soton.ac.uk> References: <224FA7E11EA39E45843E11CEBBD3A36F8E0C23@HOUPEX01.nfsmith.info> <47F53C2D.5090207@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0D27@HOUPEX01.nfsmith.info> <47F548BE.8030804@ecs.soton.ac.uk> <224FA7E11EA39E45843E11CEBBD3A36F8E0E20@HOUPEX01.nfsmith.info> <47F63D8D.3070105@ecs.soton.ac.uk> <47FA33D9.7010605@ecs.soton.ac.uk> Message-ID: Hy Jules, I have applied this patch in 2 servers, and the problem is solved, Thanks... On Mon, Apr 7, 2008 at 11:46 AM, Julian Field wrote: > Attached is a zip of a new SweepOther.pm (goes in > /usr/lib/MailScanner/MailScanner) that will solve the problem for you. This > will be in the next release. > Sorry! > > Jules. > > Thiago Henrique wrote: > > > Hy Jules, > > > > I have changed the rules in filetype.rules.conf to: > > deny - x-dosexec No DOS executables No DOS programs > > allowed > > > > But a simple mail with png attachment is considered DOS program: > > > > Reporte: MailScanner: No DOS programs allowed (powerphplist.png) > > > > When i run file command in the blocked attachment the result is: > > mail01 1ADE250F95.6ACCF # file -i powerphplist.png > > powerphplist.png: image/png > > > > mail01 1ADE250F95.6ACCF # file powerphplist.png > > powerphplist.png: PNG image data, 70 x 30, 8-bit colormap, > > non-interlaced > > > > > > I try to write a new rule: > > allow - text/plain - permited permited > > > > But the mail has blocked again. > > > > What is magical to work? > > > > On Fri, Apr 4, 2008 at 11:39 AM, Julian Field < > > MailScanner@ecs.soton.ac.uk > wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Mike Kercher wrote: > > >> -----Original Message----- > > >> From: mailscanner-bounces@lists.mailscanner.info > > > > >> [mailto:mailscanner-bounces@lists.mailscanner.info > > ] On Behalf Of > > >> Julian Field > > >> Sent: Thursday, April 03, 2008 3:21 PM > > >> To: MailScanner discussion > > >> Subject: Re: File Type Check Problem > > >> > > >> > > >> > > >> Mike Kercher wrote: > > >> > > >> > > >>> I've been searching and haven't found a resolution for this yet. > > >>> > > >>> Periodically, we get emails with attachments coming through > > that are > > >>> not being detected properly. MailScanner reports: > > >>> > > >>> MailScanner: No programs allowed (msg-10410-101.txt) > > >>> > > >>> > > >>> > > >> This is being caught by the filetype trap. > > >> > > >> > > >>> If I go look at the quarantined email in MailWatch and > > download the > > >>> attachment, it is a PDF. > > >>> > > >>> > > >> That may be what the filename says, but what does the "file" > > command > > >> report? > > >> > > >> > > >>> There was talk of the file -i command switch. > > >>> Is this something that needs to be set in MailScanner.conf? > > >>> > > >>> > > >>> > > >> No, just read the latest filetype.rules.conf and > > filename.rules.conf > > >> files, the comments at the top of each file tell you how to use > > it. > > >> There is also an example line in filetype.rules.conf for you to > > copy. > > >> > > >> > > >> > > >>> TIA > > >>> > > >>> Mike > > >>> > > >>> > > >>> > > >> Jules > > >> > > >> -- > > >> > > >> Jules, > > >> > > >> Running file against the message yields the following: > > >> > > >> [root@HOUPMS02 m334jSTE009852]# file message > > >> message: smtp mail text > > >> [root@HOUPMS02 m334jSTE009852]# file -i message > > >> message: message/rfc822\011 > > >> > > >> Not quite sure what changing the filetype.rules.conf would do > > for me > > >> here. > > >> > > >> > > > No! I meat you to run the "file" command on the attachment, not the > > > message! :-( Funnily enough, when you run it on the message it > > says it's > > > a message :-) > > > > > > Jules > > > > > > -------- > > > > > > Sorry about that :) Here's the output of file run against the > > > attachment itself: > > > > > > [root@HOUPMS01 ~]# file OSC81.pdf > > > OSC81.pdf: PDF document, version 1.3 > > > > > > [root@HOUPMS01 ~]# file -i OSC81.pdf > > > OSC81.pdf: application/pdf > > > > > Have just checked your original report, and it wasn't the > > attachment it > > blocked, it was the main message body (hence the "txt" extension with > > the unusual filename). Harder to stop that unless you switch from > > using > > the "executable" trap in filetype.rules.conf to a replacement trap > > using > > the MIME type reported by file -i instead (see comments at the > > start of > > filetype.rules.conf). > > > Mike > > > > > > > > > > Jules > > > > - -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your > > boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.8.2 (Build 3005) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFH9j2OEfZZRxQVtlQRAmZiAJwPS5jjxhoukvmFSoj5JYyMGP8U+QCgzMdS > > bHrfC2GyNSDz4ZOdqsl9zSw= > > =knIJ > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/662ddc76/attachment-0002.html From MailScanner at ecs.soton.ac.uk Mon Apr 7 18:31:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 18:31:34 2008 Subject: user opt-out In-Reply-To: <47FA5227.60006@ptera.net> References: <47FA5227.60006@ptera.net> Message-ID: <47FA5A6D.5060909@ecs.soton.ac.uk> Please read about rulesets in the documentation. There are many explanations of it and many examples provided on the website, in the wiki, in the mailing list archives and in the book. Arthur Stephens wrote: > I am running Maillscanner 4.55.10-3 and PostFix 2.3.8-1.fc5 on Fedora > Core 5 > > > I get requests from our customers saying they do not want the > mailscanner service. > Is there some way to tell mailscanner to pass thru emails to certain > destinations? > -- > Arthur Stephens > Senior Sales Technician > Ptera Wireless Internet Service > PO Box 135 > Liberty Lake, WA 99019 > 509-927-7837 > http://www.ptera.net Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Mon Apr 7 18:47:14 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Apr 7 18:47:58 2008 Subject: MailScanner --lint errors In-Reply-To: <47FA574F.9020708@ecs.soton.ac.uk> References: <200804070753.57730.dyioulos@firstbhph.com> <200804071210.51683.dyioulos@firstbhph.com> <47FA574F.9020708@ecs.soton.ac.uk> Message-ID: <200804071347.15009.dyioulos@firstbhph.com> On Monday 07 April 2008 1:18 pm, Julian Field wrote: > Dimitri Yioulos wrote: > > On Monday 07 April 2008 10:31 am, Kai Schaetzl wrote: > >> Dimitri Yioulos wrote on Mon, 7 Apr 2008 07:53:56 -0400: > >>> I didn't get that with mailscanner-4.65.3-1, my last version before > >>> upgrading to the latest. > >> > >> sounds rather like a problem with SA. Did you also upgrade SA? You may > >> be missing a now required Perl module. A timing package? > >> > >> Kai > >> > >> -- > >> Kai Sch?tzl, Berlin, Germany > >> Get your web at Conactive Internet Services: http://www.conactive.com > > > > Kai, > > > > I'm running the latest (RPM) version of SA - 3.2.4. All of the perl SA > > modules look to be up-to-date, too. > > > > I took a look at > > /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpqamAssassin/Dns.pm line 371, > > which read "$total_waiting_time += $waiting_time". Just for fun, I > > deleted the +, ran MS --lint, and the first error was gone. However, I'm > > not sure if the "+=" isn't a valid construct, and what the consequences > > of my change would be (and so may just put back the +). > > You can't just remove "+" signs like that, sorry! > That line is a shorthand for > $total_waiting_time = $total_waiting_time + $waiting_time; > > > As to the second error, I see the line in Dns.pm, but have no idea what > > it does. Googling has turned up little. > > > > Dimitri > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Thanks, Jules. I figured as much. So that's what "+=" means. Can these errors be ignored as being tivial? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From vincent at zijnemail.nl Mon Apr 7 19:44:19 2008 From: vincent at zijnemail.nl (Vincent Verhagen) Date: Mon Apr 7 19:45:06 2008 Subject: Fire message action on specific SA rule hit? Message-ID: <47FA6B83.6040908@zijnemail.nl> Hi all, Is it possible to configure MailScanner so that it would use a specific message action if a certain SA rule scored? I'm looking to forward messages that hit rules that start with MYRULE_ to a certain address. If I had to do some programming for it, I guess I could manage that :) Thanks in advance, Vincent. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/3376f99f/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 7 20:00:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 20:01:25 2008 Subject: MailScanner --lint errors In-Reply-To: <200804071347.15009.dyioulos@firstbhph.com> References: <200804070753.57730.dyioulos@firstbhph.com> <200804071210.51683.dyioulos@firstbhph.com> <47FA574F.9020708@ecs.soton.ac.uk> <200804071347.15009.dyioulos@firstbhph.com> Message-ID: <47FA6F5C.30802@ecs.soton.ac.uk> Dimitri Yioulos wrote: > On Monday 07 April 2008 1:18 pm, Julian Field wrote: > >> Dimitri Yioulos wrote: >> >>> On Monday 07 April 2008 10:31 am, Kai Schaetzl wrote: >>> >>>> Dimitri Yioulos wrote on Mon, 7 Apr 2008 07:53:56 -0400: >>>> >>>>> I didn't get that with mailscanner-4.65.3-1, my last version before >>>>> upgrading to the latest. >>>>> >>>> sounds rather like a problem with SA. Did you also upgrade SA? You may >>>> be missing a now required Perl module. A timing package? >>>> >>>> Kai >>>> >>>> -- >>>> Kai Sch?tzl, Berlin, Germany >>>> Get your web at Conactive Internet Services: http://www.conactive.com >>>> >>> Kai, >>> >>> I'm running the latest (RPM) version of SA - 3.2.4. All of the perl SA >>> modules look to be up-to-date, too. >>> >>> I took a look at >>> /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpqamAssassin/Dns.pm line 371, >>> which read "$total_waiting_time += $waiting_time". Just for fun, I >>> deleted the +, ran MS --lint, and the first error was gone. However, I'm >>> not sure if the "+=" isn't a valid construct, and what the consequences >>> of my change would be (and so may just put back the +). >>> >> You can't just remove "+" signs like that, sorry! >> That line is a shorthand for >> $total_waiting_time = $total_waiting_time + $waiting_time; >> >> >>> As to the second error, I see the line in Dns.pm, but have no idea what >>> it does. Googling has turned up little. >>> >>> Dimitri >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> > > Thanks, Jules. I figured as much. So that's what "+=" means. Can these > errors be ignored as being tivial? > Depends what the errors were. Your previous message didn't include the error messages. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 7 20:01:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 20:01:43 2008 Subject: Fire message action on specific SA rule hit? In-Reply-To: <47FA6B83.6040908@zijnemail.nl> References: <47FA6B83.6040908@zijnemail.nl> Message-ID: <47FA6F82.2080209@ecs.soton.ac.uk> Read "SpamAssassin Rule Actions". The comments above it in MailScanner.conf will tell you how to use it. Vincent Verhagen wrote: > Hi all, > > Is it possible to configure MailScanner so that it would use a > specific message action if a certain SA rule scored? > I'm looking to forward messages that hit rules that start with MYRULE_ > to a certain address. > If I had to do some programming for it, I guess I could manage that :) > > Thanks in advance, > > Vincent. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Mon Apr 7 20:10:43 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Apr 7 20:11:28 2008 Subject: MailScanner --lint errors In-Reply-To: <47FA6F5C.30802@ecs.soton.ac.uk> References: <200804070753.57730.dyioulos@firstbhph.com> <200804071347.15009.dyioulos@firstbhph.com> <47FA6F5C.30802@ecs.soton.ac.uk> Message-ID: <200804071510.44272.dyioulos@firstbhph.com> On Monday 07 April 2008 3:00 pm, Julian Field wrote: > Dimitri Yioulos wrote: > > On Monday 07 April 2008 1:18 pm, Julian Field wrote: > >> Dimitri Yioulos wrote: > >>> On Monday 07 April 2008 10:31 am, Kai Schaetzl wrote: > >>>> Dimitri Yioulos wrote on Mon, 7 Apr 2008 07:53:56 -0400: > >>>>> I didn't get that with mailscanner-4.65.3-1, my last version before > >>>>> upgrading to the latest. > >>>> > >>>> sounds rather like a problem with SA. Did you also upgrade SA? You may > >>>> be missing a now required Perl module. A timing package? > >>>> > >>>> Kai > >>>> > >>>> -- > >>>> Kai Sch?tzl, Berlin, Germany > >>>> Get your web at Conactive Internet Services: http://www.conactive.com > >>> > >>> Kai, > >>> > >>> I'm running the latest (RPM) version of SA - 3.2.4. All of the perl SA > >>> modules look to be up-to-date, too. > >>> > >>> I took a look at > >>> /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpqamAssassin/Dns.pm line 371, > >>> which read "$total_waiting_time += $waiting_time". Just for fun, I > >>> deleted the +, ran MS --lint, and the first error was gone. However, > >>> I'm not sure if the "+=" isn't a valid construct, and what the > >>> consequences of my change would be (and so may just put back the +). > >> > >> You can't just remove "+" signs like that, sorry! > >> That line is a shorthand for > >> $total_waiting_time = $total_waiting_time + $waiting_time; > >> > >>> As to the second error, I see the line in Dns.pm, but have no idea what > >>> it does. Googling has turned up little. > >>> > >>> Dimitri > >> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > > > > Thanks, Jules. I figured as much. So that's what "+=" means. Can these > > errors be ignored as being tivial? > > Depends what the errors were. Your previous message didn't include the > error messages. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Sorry, they were edited out by a previous poster. MailScanner --lint returns: Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database Use of uninitialized value in addition (+) at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 371. plugin: eval failed: Can't locate object method "log_lookups_timing" via package "Mail::SpamAssassin::AsyncLoop" at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 381. SpamAssassin reported no errors. spamassassin --lint retuns no errors. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 7 20:56:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 20:56:58 2008 Subject: MailScanner --lint errors In-Reply-To: <200804071510.44272.dyioulos@firstbhph.com> References: <200804070753.57730.dyioulos@firstbhph.com> <200804071347.15009.dyioulos@firstbhph.com> <47FA6F5C.30802@ecs.soton.ac.uk> <200804071510.44272.dyioulos@firstbhph.com> Message-ID: <47FA7C5F.5000602@ecs.soton.ac.uk> Dimitri Yioulos wrote: > On Monday 07 April 2008 3:00 pm, Julian Field wrote: > >> Dimitri Yioulos wrote: >> >>> On Monday 07 April 2008 1:18 pm, Julian Field wrote: >>> >>>> Dimitri Yioulos wrote: >>>> >>>>> On Monday 07 April 2008 10:31 am, Kai Schaetzl wrote: >>>>> >>>>>> Dimitri Yioulos wrote on Mon, 7 Apr 2008 07:53:56 -0400: >>>>>> >>>>>>> I didn't get that with mailscanner-4.65.3-1, my last version before >>>>>>> upgrading to the latest. >>>>>>> >>>>>> sounds rather like a problem with SA. Did you also upgrade SA? You may >>>>>> be missing a now required Perl module. A timing package? >>>>>> >>>>>> Kai >>>>>> >>>>>> -- >>>>>> Kai Sch?tzl, Berlin, Germany >>>>>> Get your web at Conactive Internet Services: http://www.conactive.com >>>>>> >>>>> Kai, >>>>> >>>>> I'm running the latest (RPM) version of SA - 3.2.4. All of the perl SA >>>>> modules look to be up-to-date, too. >>>>> >>>>> I took a look at >>>>> /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpqamAssassin/Dns.pm line 371, >>>>> which read "$total_waiting_time += $waiting_time". Just for fun, I >>>>> deleted the +, ran MS --lint, and the first error was gone. However, >>>>> I'm not sure if the "+=" isn't a valid construct, and what the >>>>> consequences of my change would be (and so may just put back the +). >>>>> >>>> You can't just remove "+" signs like that, sorry! >>>> That line is a shorthand for >>>> $total_waiting_time = $total_waiting_time + $waiting_time; >>>> >>>> >>>>> As to the second error, I see the line in Dns.pm, but have no idea what >>>>> it does. Googling has turned up little. >>>>> >>>>> Dimitri >>>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>> Thanks, Jules. I figured as much. So that's what "+=" means. Can these >>> errors be ignored as being tivial? >>> >> Depends what the errors were. Your previous message didn't include the >> error messages. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> > > Sorry, they were edited out by a previous poster. MailScanner --lint returns: > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temporary working directory > is /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > Using SpamAssassin results cache > Connected to SpamAssassin cache database > Use of uninitialized value in addition (+) > at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 371. > That's pretty irrelevant, just a minor warning. > plugin: eval failed: Can't locate object method "log_lookups_timing" via > package "Mail::SpamAssassin::AsyncLoop" > at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 381. > SpamAssassin reported no errors. > This appears to imply a problem in the DNS lookups done by SpamAssassin. Do the DNS lookups done by SpamAssassin still appear to work okay? If so, ignore it. If not, then I would take that problem to the SpamAssassin mailing list, once you have made sure you are running the latest version of SpamAssassin ("MailScanner -v" will tell you what version it is). > spamassassin --lint retuns no errors. > What about "spamassassin --lint -D"? Does its output show any warnings about DNS lookups? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Mon Apr 7 21:53:57 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Apr 7 21:54:45 2008 Subject: Timestamp problem when running --debug-sa In-Reply-To: <625385e30804070730u38f2968cwf7412ee5c7bbc6d4@mail.gmail.com> References: <625385e30804070730u38f2968cwf7412ee5c7bbc6d4@mail.gmail.com> Message-ID: Hi, I played with this on Friday, by fiddling with check_mailscanner.sh and changing the PATH and AWK definitions there. My GNU gawk is in /usr/local/bin so I put that in the path first. I use Solaris 10 (sparc) too. I got debug mode to work with timestamps from gawk, but version 4.68.8 would just hang in the middle of a debug run with gawk in play. :( Haven't had time to chase it further. Yes, I would like this working for Solaris as well. Jeff Earickson Colby College On Mon, 7 Apr 2008, shuttlebox wrote: > Date: Mon, 7 Apr 2008 16:30:05 +0200 > From: shuttlebox > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Timestamp problem when running --debug-sa > > I tried the new timestamp feature in --debug-sa introduced in 4.67 and > it complained about awk not supporting strftime, I kind of expected > that since Solaris comes with a legacy awk in /bin. I installed gawk > and it's in my path as can be seen below: > > # which awk > /bin/awk > # which gawk > /opt/csw/bin/gawk > > I then changed the two awk calls in SA.pm to gawk but still got this: > > # MailScanner --debug --debug-sa > In Debugging mode, not forking... > Trying to setlogsock(udp) > sh: gawk: not found > > ***** > If 'awk' (with support for the function strftime) was > available on your $PATH then all the SpamAssassin debug > output would have the current time added to the start of > every line, making debugging far easier. > ***** > > I assume MailScanner uses some short custom path even though it claims > that it would work if I had gawk in my path which I do. If I hardcode > the complete path to my gawk (opt/csw/bin/gawk) I get the correct > result: > > # MailScanner --debug --debug-sa > In Debugging mode, not forking... > Trying to setlogsock(udp) > 16:17:44 SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > > On a single system this could simply be solved by symlinking old awk > to new gawk but I would like a "clean" solution for my Solaris > packages, I will of course have to add gawk as a dependency to > MailScanner but should I just change the paths in SA.pm for my package > (that will have to be done for every release) or should MS look for > awk/gawk in more places or should we have a new config option for the > location of awk? > > I'm fine with me changing the paths for every release, I have a > totally automated build script, but I'm a little surprised that no one > else has had problems. I guess most have GNU tools as the default... > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dyioulos at firstbhph.com Mon Apr 7 22:07:05 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Mon Apr 7 22:07:56 2008 Subject: MailScanner --lint errors In-Reply-To: <47FA7C5F.5000602@ecs.soton.ac.uk> References: <200804070753.57730.dyioulos@firstbhph.com> <200804071510.44272.dyioulos@firstbhph.com> <47FA7C5F.5000602@ecs.soton.ac.uk> Message-ID: <200804071707.06994.dyioulos@firstbhph.com> On Monday 07 April 2008 3:56 pm, Julian Field wrote: > Dimitri Yioulos wrote: > > On Monday 07 April 2008 3:00 pm, Julian Field wrote: > >> Dimitri Yioulos wrote: > >>> On Monday 07 April 2008 1:18 pm, Julian Field wrote: > >>>> Dimitri Yioulos wrote: > >>>>> On Monday 07 April 2008 10:31 am, Kai Schaetzl wrote: > >>>>>> Dimitri Yioulos wrote on Mon, 7 Apr 2008 07:53:56 -0400: > >>>>>>> I didn't get that with mailscanner-4.65.3-1, my last version before > >>>>>>> upgrading to the latest. > >>>>>> > >>>>>> sounds rather like a problem with SA. Did you also upgrade SA? You > >>>>>> may be missing a now required Perl module. A timing package? > >>>>>> > >>>>>> Kai > >>>>>> > >>>>>> -- > >>>>>> Kai Sch?tzl, Berlin, Germany > >>>>>> Get your web at Conactive Internet Services: > >>>>>> http://www.conactive.com > >>>>> > >>>>> Kai, > >>>>> > >>>>> I'm running the latest (RPM) version of SA - 3.2.4. All of the perl > >>>>> SA modules look to be up-to-date, too. > >>>>> > >>>>> I took a look at > >>>>> /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpqamAssassin/Dns.pm line 371, > >>>>> which read "$total_waiting_time += $waiting_time". Just for fun, I > >>>>> deleted the +, ran MS --lint, and the first error was gone. However, > >>>>> I'm not sure if the "+=" isn't a valid construct, and what the > >>>>> consequences of my change would be (and so may just put back the +). > >>>> > >>>> You can't just remove "+" signs like that, sorry! > >>>> That line is a shorthand for > >>>> $total_waiting_time = $total_waiting_time + $waiting_time; > >>>> > >>>>> As to the second error, I see the line in Dns.pm, but have no idea > >>>>> what it does. Googling has turned up little. > >>>>> > >>>>> Dimitri > >>>> > >>>> Jules > >>>> > >>>> -- > >>>> Julian Field MEng CITP CEng > >>>> www.MailScanner.info > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>> > >>> Thanks, Jules. I figured as much. So that's what "+=" means. Can > >>> these errors be ignored as being tivial? > >> > >> Depends what the errors were. Your previous message didn't include the > >> error messages. > >> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > > > > Sorry, they were edited out by a previous poster. MailScanner --lint > > returns: > > > > Checking for SpamAssassin errors (if you use it)... > > SpamAssassin temporary working directory > > is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > > Use of uninitialized value in addition (+) > > at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 371. > > That's pretty irrelevant, just a minor warning. > > > plugin: eval failed: Can't locate object method "log_lookups_timing" via > > package "Mail::SpamAssassin::AsyncLoop" > > at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 381. > > SpamAssassin reported no errors. > > This appears to imply a problem in the DNS lookups done by SpamAssassin. > Do the DNS lookups done by SpamAssassin still appear to work okay? If > so, ignore it. If not, then I would take that problem to the > SpamAssassin mailing list, once you have made sure you are running the > latest version of SpamAssassin ("MailScanner -v" will tell you what > version it is). > > > spamassassin --lint retuns no errors. > > What about "spamassassin --lint -D"? Does its output show any warnings > about DNS lookups? > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > Julian, Your points are well taken. I did run spamassassin -D --lint and got no errors. MailScanner -v output appears fine, and only the SAVI module is missing (and I don't need it, anyway). SA DNS lookups appear to be working fine. And, as I mentioned, our mail system, in general, appears to be working just fine, as it always has. That notwithstanding, I think I will take this to the SA mailing list. My thanks to you and Kai. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gwong at linktechit.com Mon Apr 7 22:29:51 2008 From: gwong at linktechit.com (Gregory Wong) Date: Mon Apr 7 22:30:32 2008 Subject: Excessive Swapping Message-ID: Hi everyone, I have a server that has 256MB of RAM. It is running Postfix, MS, MailScanner-MRTG on Ubuntu Server. I have noticed recently that it has been swapping a lot. total used free shared buffers cached Mem: 256 204 51 0 0 18 -/+ buffers/cache: 185 70 Swap: 511 152 359 I am looking to implement MailWatch but am concerned that the server doesn't have an adequate amount of memory. Is this excessive swapping normal? Should I be upgrading the RAM? Also, my company got hit on Saturday with nearly 1600 spam messages (which is unusual since we only get about 200-300 spam per day). Besides running MS and the default SA rules, what other things do you recommend I configure to help combat the spam? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080407/c96a1be7/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 7 22:52:10 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 7 22:52:52 2008 Subject: Excessive Swapping In-Reply-To: References: Message-ID: <47FA978A.4010501@ecs.soton.ac.uk> Gregory Wong wrote: > Hi everyone, > > I have a server that has 256MB of RAM. It is running Postfix, MS, > MailScanner-MRTG on Ubuntu Server. Ouch! > I have noticed recently that it has been swapping a lot. Funny, that... > > total used free shared buffers cached > Mem: 256 204 51 0 0 18 > -/+ buffers/cache: 185 70 > Swap: 511 152 359 > > I am looking to implement MailWatch but am concerned that the server > doesn?t have an adequate amount of memory. Is this excessive swapping > normal? Should I be upgrading the RAM? MailScanner wants about 1Gb of RAM per CPU. MailWatch will need another few hundred megs probably. > > Also, my company got hit on Saturday with nearly 1600 spam messages > (which is unusual since we only get about 200-300 spam per day). > Besides running MS and the default SA rules, what other things do you > recommend I configure to help combat the spam? Start by adding a couple of Gigs of RAM, as then you can reasonably run Razor, DCC and a pile of extra rulesets for SpamAssassin. Look through the mailing list archives (or the wiki) for a "HOWTO" I posted last July 2007. Get all that lot going and your spam rate will improve a lot. But you aren't going to be able to do anything until you spend a few dollars on some RAM. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Apr 7 22:58:17 2008 From: alex at nkpanama.com (Alex Neuman) Date: Mon Apr 7 22:59:14 2008 Subject: Excessive Swapping In-Reply-To: References: Message-ID: <7464B825-4FE5-47EC-998D-DB6C2C2EA360@nkpanama.com> It's too little. Besides, running MS + Postfix causes swapping! ;-P On Apr 7, 2008, at 4:29 PM, Gregory Wong wrote: > Hi everyone, > > I have a server that has 256MB of RAM. It is running Postfix, MS, > MailScanner-MRTG on Ubuntu Server. I have noticed recently that it > has been swapping a lot. > > total used free shared buffers > cached > Mem: 256 204 51 0 > 0 18 > -/+ buffers/cache: 185 70 > Swap: 511 152 359 > > I am looking to implement MailWatch but am concerned that the server > doesn?t have an adequate amount of memory. Is this excessive > swapping normal? Should I be upgrading the RAM? > > Also, my company got hit on Saturday with nearly 1600 spam messages > (which is unusual since we only get about 200-300 spam per day). > Besides running MS and the default SA rules, what other things do > you recommend I configure to help combat the spam? > > Thanks. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mi6 at orcon.net.nz Tue Apr 8 01:12:51 2008 From: mi6 at orcon.net.nz (Charlie) Date: Tue Apr 8 01:13:30 2008 Subject: Send error email to myself Message-ID: <04a001c8990d$4a4e01f0$0200a8c0@CharlieCompaq> Hi, I have been trying to find out how to get Mailscanner to send an email to myself whenever someone tries to send an email that gets caught/altered by the filename/filetype rules that I have set in filename.rules.conf and filetype.rules.conf. Thanks Charlie From MailScanner at ecs.soton.ac.uk Tue Apr 8 01:55:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 01:56:33 2008 Subject: Send error email to myself In-Reply-To: <04a001c8990d$4a4e01f0$0200a8c0@CharlieCompaq> References: <04a001c8990d$4a4e01f0$0200a8c0@CharlieCompaq> Message-ID: <47FAC290.8070202@ecs.soton.ac.uk> Have you checked out the entire "Send Notices" section of MailScanner.conf? Charlie wrote: > Hi, > I have been trying to find out how to get Mailscanner to send an email > to myself whenever someone tries to send an email that gets > caught/altered by the filename/filetype rules that I have set in > filename.rules.conf and filetype.rules.conf. > Thanks > Charlie Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mi6 at orcon.net.nz Tue Apr 8 02:40:47 2008 From: mi6 at orcon.net.nz (Charlie) Date: Tue Apr 8 02:41:20 2008 Subject: Send error email to myself Message-ID: <053a01c89919$92faef10$0200a8c0@CharlieCompaq> Yes - I only see the ability to receive emails when a virus is found. Nowhere can I find the setting that allows me to receive the emails that I mentioned. If you can see it then please do let me know. Thanks >Have you checked out the entire "Send Notices" section of MailScanner.conf? >Charlie wrote: > Hi, > I have been trying to find out how to get Mailscanner to send an email > to myself whenever someone tries to send an email that gets > caught/altered by the filename/filetype rules that I have set in > filename.rules.conf and filetype.rules.conf. > Thanks > Charlie >Jules From rapin at linuxmail.org Tue Apr 8 04:23:31 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Tue Apr 8 04:24:06 2008 Subject: how to fix Blacklist Message-ID: <20080408032331.91561CBE80@ws5-11.us4.outblaze.com> hi i config blacklist >From To *@* postmaster@mydomain.com why i yet receive all email to postmaster Thank you. for help. -------------------------------------------------- Linuxmail Rapin P. = -- Powered by Outblaze From rapin at linuxmail.org Tue Apr 8 04:33:38 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Tue Apr 8 04:33:47 2008 Subject: why ClamAV not show identities Message-ID: <20080408033338.16884233C9@ws5-3.us4.outblaze.com> Thank you and how i fix it. Rapin. > ----- Original Message ----- > From: "Kai Schaetzl" > To: mailscanner@lists.mailscanner.info > Subject: Re: why ClamAV not show identities > Date: Mon, 07 Apr 2008 12:31:14 +0200 > > > Linuxmail R. wrote on Mon, 7 Apr 2008 15:49:55 +0700: > > > why clamav not show this detail. > > Because you and you need a database. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------------------------------------------- Linuxmail Rapin P. = -- Powered by Outblaze From dominian at slackadelic.com Tue Apr 8 05:04:49 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Tue Apr 8 05:05:39 2008 Subject: how to fix Blacklist In-Reply-To: <20080408032331.91561CBE80@ws5-11.us4.outblaze.com> References: <20080408032331.91561CBE80@ws5-11.us4.outblaze.com> Message-ID: <47FAEEE1.9080506@slackadelic.com> Linuxmail R. wrote: > hi i config blacklist > >>From To > *@* postmaster@mydomain.com > > why i yet receive all email to postmaster > > Thank you. for help. > > -------------------------------------------------- > Linuxmail Rapin P. > > > = > > Er.. the RFC requires that you receive email to postmaster. -Matt From rapin at linuxmail.org Tue Apr 8 05:18:36 2008 From: rapin at linuxmail.org (Linuxmail R.) Date: Tue Apr 8 05:19:11 2008 Subject: how to fix Blacklist Message-ID: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> ok thx. but i receive spammail send to postmaster so much, how i fix it > ----- Original Message ----- > From: "Matt Hayes" > To: "MailScanner discussion" > Subject: Re: how to fix Blacklist > Date: Tue, 08 Apr 2008 00:04:49 -0400 > > > Linuxmail R. wrote: > > hi i config blacklist > >> From To > > *@* postmaster@mydomain.com > > > > why i yet receive all email to postmaster > > > > Thank you. for help. > > > > -------------------------------------------------- > > Linuxmail Rapin P. > > > > > > = > > > > > > Er.. the RFC requires that you receive email to postmaster. > > -Matt > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------------------------------------------- Linuxmail Rapin P. = -- Powered by Outblaze From dominian at slackadelic.com Tue Apr 8 05:56:37 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Tue Apr 8 05:57:21 2008 Subject: how to fix Blacklist In-Reply-To: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> References: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> Message-ID: <47FAFB05.2030400@slackadelic.com> Linuxmail R. wrote: > ok thx. but i receive spammail send to postmaster so much, how i fix it > *snip* *babblessomethingabouttopposting* Look at greylisting, greet pause, spam filtering.. its something that will happen.. its email... -Matt From hvdkooij at vanderkooij.org Tue Apr 8 06:01:01 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 8 06:01:48 2008 Subject: how to fix Blacklist In-Reply-To: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> References: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> Message-ID: <47FAFC0D.1000607@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linuxmail R. wrote: | ok thx. but i receive spammail send to postmaster so much, how i fix it Well. You have the messages. Look a them. Find criteria that are spammy and adjust your config to match them. None of us have seen those messages so we have no clue what to tell you. If you want advise them make your homework. Your assignments are: ~ - show current config ~ - show MTA, distro, ... ~ - Show sample collection of messages in full as scanned by MS. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH+vwLBvzDRVjxmYERAsnwAJ4jeKIiI7vYQHrXFVzSQbX7iNnL4ACfXH03 jFUFhl1IzPPxPtx5p08cKeM= =6PRH -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Apr 8 06:04:20 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 8 06:04:29 2008 Subject: why ClamAV not show identities In-Reply-To: <20080408033338.16884233C9@ws5-3.us4.outblaze.com> References: <20080408033338.16884233C9@ws5-3.us4.outblaze.com> Message-ID: <47FAFCD4.4000108@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linuxmail R. wrote: | Thank you and how i fix it. How much money are you willing to spend on someone holding your hand and doing things for you? Because I have some serious doubts you have the skills to find answers yourself and you need someone to do things for you. I suggest you contact Julian, describe your needs and pay whatever he wants to charge you. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH+vzSBvzDRVjxmYERAlqzAJ9uHgsYSxu169WlKtJ3xKlspW0KyQCgp+ix Ze9jBiA3hCeZ8JpLB4FcWi4= =xwWK -----END PGP SIGNATURE----- From vincent at zijnemail.nl Tue Apr 8 08:09:17 2008 From: vincent at zijnemail.nl (Vincent Verhagen) Date: Tue Apr 8 08:10:08 2008 Subject: Fire message action on specific SA rule hit? In-Reply-To: <47FA6F82.2080209@ecs.soton.ac.uk> References: <47FA6B83.6040908@zijnemail.nl> <47FA6F82.2080209@ecs.soton.ac.uk> Message-ID: <47FB1A1D.9000401@zijnemail.nl> Thanks Jules. I really should update my software more often... :) Julian Field wrote: > Read "SpamAssassin Rule Actions". The comments above it in > MailScanner.conf will tell you how to use it. > > Vincent Verhagen wrote: >> Hi all, >> >> Is it possible to configure MailScanner so that it would use a >> specific message action if a certain SA rule scored? >> I'm looking to forward messages that hit rules that start with >> MYRULE_ to a certain address. >> If I had to do some programming for it, I guess I could manage that :) >> >> Thanks in advance, >> >> Vincent. >> > > Jules > From wm at meta.net Tue Apr 8 10:26:59 2008 From: wm at meta.net (Michael Weis) Date: Tue Apr 8 10:28:59 2008 Subject: misuse MailScanner Message-ID: <47FB3A63.2040602@meta.net> Hello everyone, we are planing to create an email-account to which only mails with attachments will be send. I have the job to extract this attachments from the mail and handle them (save, print, archive) So far so good, but I have no idea how to get the attachments to a disk. I know mailscanner does this while scanning for viruses (right?). So how can I tell mailscanner to just save attachments from a certain user's emails ? (no problem if they were scanned before) I searched the mailing-list-archive but it seemed that nobody has to do this before. Greetings and thanks in advance Michael -- meta Trennwandanlagen, meta Stra?e, D-56579 Rengsdorf Rechtsform: GmbH & Co. KG, Amtsgericht Montabaur HRA 10582 Pers?nlich haftende Gesellschafterin: meta Trennwandanlagen Verwaltungsgesellschaft mbH Amtsgericht Montabaur HRB 10061, Sitz der Gesellschaft: D-56579 Rengsdorf Gesch?ftsf?hrer: Klaus Weidemann, Uwe Weidemann Ust-Id-Nr. DE 149513506 From edward.prendergast at netring.co.uk Tue Apr 8 11:08:41 2008 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Tue Apr 8 11:09:08 2008 Subject: MailScanner increasing score over threshold but message passed as clean? Message-ID: <030801c89960$868bd400$93a37c00$@prendergast@netring.co.uk> I've hiked up the score below: Treat Invalid Watermarks With No Sender as Spam = 3 But when this pushes the spam score over 5 with the addition of SpamAssassin hits (my spam threshold is 5, high scoring spam is 10) the message gets passed as clean. It appears that the score is getting added but ignored. These are the hits from SpamAssassin: cached not score=2.197 5 required 2.00 ANY_BOUNCE_MESSAGE Message is some kind of bounce message -2.60 BAYES_00 Bayesian spam probability is 0 to 1% 0.10 BOUNCE_MESSAGE MTA bounce message 2.70 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc. This is the total score (as reported in MailWatch): SpamAssassin Score: 5.20 Am I doing something wrong here or is this a bug? MailScanner -v output: Running on Linux server10.netring.co.uk 2.6.18-53.1.4.el5 #1 SMP Wed Nov 14 10:37:33 EST 2007 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux Server release 5.1 (Tikanga) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.66.4 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.07 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.18 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.13 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.36 Archive::Tar 0.21 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 0.17 Convert::TNEF 1.08 Data::Dump 1.814 DB_File 1.14 DBD::SQLite 1.56 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 0.44 Inline 1.08 IO::String 1.08 IO::Zlib 2.21 IP::Country 0.21 Mail::ClamAV 3.002004 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.19 Math::BigRat 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.62 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.56 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ From MailScanner at ecs.soton.ac.uk Tue Apr 8 11:44:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 11:45:34 2008 Subject: MailScanner increasing score over threshold but message passed as clean? In-Reply-To: <030801c89960$868bd400$93a37c00$@prendergast@netring.co.uk> References: <030801c89960$868bd400$93a37c00$@prendergast@netring.co.uk> Message-ID: <47FB4C9C.8040603@ecs.soton.ac.uk> In /usr/lib/MailScanner/MailScanner/Message.pm, at line 567, you should find a line that looks like this: my($mshspam, $mshhigh) = MailScanner::SA::SATest_spam($this, 0.0, $this->{sascore}+0.0); Immediately *after* this line, please add this line: print STDERR "mshspam = $mshspam\nmshhigh = $mshhigh\n"; Then run "MailScanner --debug" on some test messages that should push the spam score over your spam threshold of 5, and mshspam should equal 1. Please can you let me know what it outputs. Thanks! Edward Prendergast wrote: > I've hiked up the score below: > > Treat Invalid Watermarks With No Sender as Spam = 3 > > But when this pushes the spam score over 5 with the addition of SpamAssassin > hits (my spam threshold is 5, high scoring spam is 10) the message gets > passed as clean. It appears that the score is getting added but ignored. > > These are the hits from SpamAssassin: > cached not > score=2.197 > 5 required > 2.00 ANY_BOUNCE_MESSAGE Message is some kind of bounce message > -2.60 BAYES_00 Bayesian spam probability is 0 to 1% > 0.10 BOUNCE_MESSAGE MTA bounce message > 2.70 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc. > > This is the total score (as reported in MailWatch): > SpamAssassin Score: 5.20 > > Am I doing something wrong here or is this a bug? > > MailScanner -v output: > Running on > Linux server10.netring.co.uk 2.6.18-53.1.4.el5 #1 SMP Wed Nov 14 10:37:33 > EST 2007 i686 i686 i386 GNU/Linux > This is Red Hat Enterprise Linux Server release 5.1 (Tikanga) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.66.4 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.04 Carp > 1.119 Convert::BinHex > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.19 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 3.07 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.07 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.09 POSIX > 1.18 Scalar::Util > 1.78 Socket > 1.4 Sys::Hostname::Long > 0.13 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.36 Archive::Tar > 0.21 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 0.17 Convert::TNEF > 1.08 Data::Dump > 1.814 DB_File > 1.14 DBD::SQLite > 1.56 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.18 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 0.44 Inline > 1.08 IO::String > 1.08 IO::Zlib > 2.21 IP::Country > 0.21 Mail::ClamAV > 3.002004 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.19 Math::BigRat > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.62 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.56 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > > > ************ > The information in this email is confidential and may be legally privileged. > It is intended solely for the addressee. Access to this email by anyone else > is unauthorised. If you are not the intended recipient, any action taken or > omitted to be taken in reliance on it, any form of reproduction, > dissemination, copying, disclosure, modification, distribution and/or > publication of this E-mail message is strictly prohibited and may be > unlawful. If you have received this E-mail message in error, please notify > us immediately. Please also destroy and delete the message from your > computer. > ************ > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 8 12:14:44 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 8 12:15:21 2008 Subject: Send error email to myself In-Reply-To: <053a01c89919$92faef10$0200a8c0@CharlieCompaq> References: <053a01c89919$92faef10$0200a8c0@CharlieCompaq> Message-ID: <223f97700804080414k57eeb6aex5d49b2e349acb304@mail.gmail.com> On 08/04/2008, Charlie wrote: > Yes - I only see the ability to receive emails when a virus is found. > Nowhere can I find the setting that allows me to receive the emails that I > mentioned. If you can see it then please do let me know. > Thanks Perhaps you'd like to add yourself to "Send Notices To = ..."? Might be able to do something with a ruleset, I suppose, if you want soem kind of ... diversification:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Apr 8 12:25:10 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 8 12:25:46 2008 Subject: misuse MailScanner In-Reply-To: <47FB3A63.2040602@meta.net> References: <47FB3A63.2040602@meta.net> Message-ID: <223f97700804080425y7058a376v8b95b558e6ba3d27@mail.gmail.com> On 08/04/2008, Michael Weis wrote: > Hello everyone, > > we are planing to create an email-account to which > only mails with attachments will be send. > > I have the job to extract this attachments from > the mail and handle them > (save, print, archive) > > So far so good, but I have no idea > how to get the attachments to a disk. > > I know mailscanner does this while scanning > for viruses (right?). > > So how can I tell mailscanner to just save > attachments from a certain user's emails ? > (no problem if they were scanned before) > > I searched the mailing-list-archive > but it seemed that nobody has to do this > before. > You can use numerous tools and do this at several "levels"... Since the non-spam quarantine wouldn't contain the "decoded" attachment, you can't use that (a simple "store" for that user in a ruleset on Non Spam Actions), but rather would have to do something else ... a CustomFunction or perhaps the spiffy SpamAssassin rule actions... But simplest would perhaps be to use procmail at delivery and/or some tool like mmdecode/metamail or whatnot. Been a few years (... like ... 10...:-) since last I needed do anything like that... might be easier now:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Tue Apr 8 12:46:34 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Apr 8 12:47:12 2008 Subject: SA/MS Installer dependencies Message-ID: <47FB5B1A.1090907@alexb.ch> Jules, - Seems SA dependencies are added by the MS installer. why? This breaks possible SA updates and forces the admin into setup methods which *could* cause isssues in the future The one more noticeably missing are REQUIRED module missing: HTML::Parser optional module missing: LWP::UserAgent (for sa-update) optional module missing: HTTP::Date (for sa-update) I came across this when I wanted to update an older MailScanner box with the latest SA/Clam installer. Could you please keep SA's dependencies in SA's installer and not in MS's thanks Alex From shuttlebox at gmail.com Tue Apr 8 13:09:00 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Apr 8 13:09:34 2008 Subject: Beta 4.69.1 -- can find files embedded in MS Office docs In-Reply-To: <47F90C41.9060401@ecs.soton.ac.uk> References: <47F90C41.9060401@ecs.soton.ac.uk> Message-ID: <625385e30804080509q43762cbsc39c7a5d87cb9939@mail.gmail.com> On Sun, Apr 6, 2008 at 7:45 PM, Julian Field wrote: > Folks, > > I have just released the first beta of version 4.69. > > It has a few new features, the most obviously important of which is its > ability to extract files embedded within Microsoft Office documents, and > subject them to the same filename and filetype tests that the contents of > other archives have to pass. Could you add OLE::Storage_Lite to the required list when one does "MailScanner -v" since MailScanner doesn't start without it? -- /peter From dave.list at pixelhammer.com Tue Apr 8 13:13:48 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 13:14:37 2008 Subject: how to fix Blacklist In-Reply-To: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> References: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> Message-ID: <47FB617C.8040104@pixelhammer.com> Linuxmail R. wrote: > ok thx. but i receive spammail send to postmaster so much, how i fix it > You don't, or you shouldn't. All postmaster mail should come through. That is how you determine what isn't working and what is not. It is how people you block and greylist get in touch with you. If you run a mail server you should be reading your postmaster mail everyday. If you do not want to, then you should outsource your email to someone who will. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From mailscanner at lists.com.ar Tue Apr 8 13:14:55 2008 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Tue Apr 8 13:15:46 2008 Subject: misuse MailScanner In-Reply-To: <223f97700804080425y7058a376v8b95b558e6ba3d27@mail.gmail.com> References: <47FB3A63.2040602@meta.net> <223f97700804080425y7058a376v8b95b558e6ba3d27@mail.gmail.com> Message-ID: <1207656895.2995.13.camel@morticia.pert.com.ar> I don't think ms is the right tool for this. You don't have retries and you will not have a good error management inside MS. I would let the mail server manage the mails, and get the mails like every other user. Why don't you try for example getmail or fetchmail Or maybe in the storage part of your mail server. Saludos Leonardo Helman Pert Consultores Argentina On Tue, 2008-04-08 at 13:25 +0200, Glenn Steen wrote: > On 08/04/2008, Michael Weis wrote: > > Hello everyone, > > > > we are planing to create an email-account to which > > only mails with attachments will be send. > > > > I have the job to extract this attachments from > > the mail and handle them > > (save, print, archive) > > > > So far so good, but I have no idea > > how to get the attachments to a disk. > > > > I know mailscanner does this while scanning > > for viruses (right?). > > > > So how can I tell mailscanner to just save > > attachments from a certain user's emails ? > > (no problem if they were scanned before) > > > > I searched the mailing-list-archive > > but it seemed that nobody has to do this > > before. > > > > You can use numerous tools and do this at several "levels"... Since > the non-spam quarantine wouldn't contain the "decoded" attachment, you > can't use that (a simple "store" for that user in a ruleset on Non > Spam Actions), but rather would have to do something else ... a > CustomFunction or perhaps the spiffy SpamAssassin rule actions... But > simplest would perhaps be to use procmail at delivery and/or some tool > like mmdecode/metamail or whatnot. > Been a few years (... like ... 10...:-) since last I needed do > anything like that... might be easier now:-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Tue Apr 8 13:40:25 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Apr 8 13:41:00 2008 Subject: Timestamp problem when running --debug-sa In-Reply-To: References: <625385e30804070730u38f2968cwf7412ee5c7bbc6d4@mail.gmail.com> Message-ID: <625385e30804080540t600a254g62f7dada154d7b28@mail.gmail.com> On Mon, Apr 7, 2008 at 10:53 PM, Jeff A. Earickson wrote: > Hi, > > I played with this on Friday, by fiddling with check_mailscanner.sh > and changing the PATH and AWK definitions there. My GNU gawk is > in /usr/local/bin so I put that in the path first. I use Solaris > 10 (sparc) too. I changed the paths in SA.pm instead. > I got debug mode to work with timestamps from gawk, but version > 4.68.8 would just hang in the middle of a debug run with gawk > in play. :( Haven't had time to chase it further. What is the expected behavior of --debug-sa? I have never really used it. What it does for me it picks up messages already in mqueue.in and then stops at the below line: 14:26:36 [29919] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam It doesn't seem to be active after that though. I tried feeding another message to it with mailx but it didn't pick that up so I had to break it with ctrl-c. If I use only --debug (not both --debug and --debug-sa) it returns after processing the current mail. Is that what is to be expected? -- /peter From MailScanner at ecs.soton.ac.uk Tue Apr 8 13:51:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 13:52:03 2008 Subject: SA/MS Installer dependencies In-Reply-To: <47FB5B1A.1090907@alexb.ch> References: <47FB5B1A.1090907@alexb.ch> Message-ID: <47FB6A3D.4010304@ecs.soton.ac.uk> Alex Broens wrote: > Jules, > - Seems SA dependencies are added by the MS installer. > why? > This breaks possible SA updates and forces the admin into setup > methods which *could* cause isssues in the future > > The one more noticeably missing are > > > REQUIRED module missing: HTML::Parser This is in both packages, as both of them need it. > optional module missing: LWP::UserAgent (for sa-update) > optional module missing: HTTP::Date (for sa-update) > > I came across this when I wanted to update an older MailScanner box > with the latest SA/Clam installer. > > Could you please keep SA's dependencies in SA's installer and not in MS's What are you saying do you think is wrong? HTML::Parser is the only important one here, and is in both the MailScanner and ClamAV+SA distributions as both of them need it. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 8 13:52:24 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 13:52:40 2008 Subject: Beta 4.69.1 -- can find files embedded in MS Office docs In-Reply-To: <625385e30804080509q43762cbsc39c7a5d87cb9939@mail.gmail.com> References: <47F90C41.9060401@ecs.soton.ac.uk> <625385e30804080509q43762cbsc39c7a5d87cb9939@mail.gmail.com> Message-ID: <47FB6A88.4000608@ecs.soton.ac.uk> Fixed. shuttlebox wrote: > On Sun, Apr 6, 2008 at 7:45 PM, Julian Field > wrote: > >> Folks, >> >> I have just released the first beta of version 4.69. >> >> It has a few new features, the most obviously important of which is its >> ability to extract files embedded within Microsoft Office documents, and >> subject them to the same filename and filetype tests that the contents of >> other archives have to pass. >> > > Could you add OLE::Storage_Lite to the required list when one does > "MailScanner -v" since MailScanner doesn't start without it? > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 8 13:54:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 13:54:34 2008 Subject: Timestamp problem when running --debug-sa In-Reply-To: <625385e30804080540t600a254g62f7dada154d7b28@mail.gmail.com> References: <625385e30804070730u38f2968cwf7412ee5c7bbc6d4@mail.gmail.com> <625385e30804080540t600a254g62f7dada154d7b28@mail.gmail.com> Message-ID: <47FB6AF5.3040005@ecs.soton.ac.uk> shuttlebox wrote: > On Mon, Apr 7, 2008 at 10:53 PM, Jeff A. Earickson wrote: > >> Hi, >> >> I played with this on Friday, by fiddling with check_mailscanner.sh >> and changing the PATH and AWK definitions there. My GNU gawk is >> in /usr/local/bin so I put that in the path first. I use Solaris >> 10 (sparc) too. >> > > I changed the paths in SA.pm instead. > > >> I got debug mode to work with timestamps from gawk, but version >> 4.68.8 would just hang in the middle of a debug run with gawk >> in play. :( Haven't had time to chase it further. >> > > What is the expected behavior of --debug-sa? I have never really used > it. What it does for me it picks up messages already in mqueue.in and > then stops at the below line: > Use it with --debug and it will do exactly the same as --debug except it will also output all the SpamAssassin debug information, with a timestamp on the front of each line. > 14:26:36 [29919] dbg: learn: auto-learn? no: inside auto-learn > thresholds, not considered ham or spam > > It doesn't seem to be active after that though. It only makes sense to use it with --debug. I don't guarantee what will happen if you use it without --debug. > I tried feeding > another message to it with mailx but it didn't pick that up so I had > to break it with ctrl-c. If I use only --debug (not both --debug and > --debug-sa) it returns after processing the current mail. > > Is that what is to be expected? > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Tue Apr 8 14:17:55 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Apr 8 14:18:29 2008 Subject: Timestamp problem when running --debug-sa In-Reply-To: <47FB6AF5.3040005@ecs.soton.ac.uk> References: <625385e30804070730u38f2968cwf7412ee5c7bbc6d4@mail.gmail.com> <625385e30804080540t600a254g62f7dada154d7b28@mail.gmail.com> <47FB6AF5.3040005@ecs.soton.ac.uk> Message-ID: <625385e30804080617y4bddb94bmef9b31ce4109f4bc@mail.gmail.com> On Tue, Apr 8, 2008 at 2:54 PM, Julian Field wrote: > Use it with --debug and it will do exactly the same as --debug except it > will also output all the SpamAssassin debug information, with a timestamp on > the front of each line. > > It only makes sense to use it with --debug. I don't guarantee what will > happen if you use it without --debug. That's what I meant, I used "--debug --debug-sa", sorry for not being clear on that. -- /peter From ms-list at alexb.ch Tue Apr 8 14:34:12 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Apr 8 14:34:53 2008 Subject: SA/MS Installer dependencies In-Reply-To: <47FB6A3D.4010304@ecs.soton.ac.uk> References: <47FB5B1A.1090907@alexb.ch> <47FB6A3D.4010304@ecs.soton.ac.uk> Message-ID: <47FB7454.2090005@alexb.ch> On 4/8/2008 2:51 PM, Julian Field wrote: Alex Broens wrote: >> Jules, >> - Seems SA dependencies are added by the MS installer. >> why? >> This breaks possible SA updates and forces the admin into setup methods which *could* cause isssues in the future >> >> The one more noticeably missing are >> >> >> REQUIRED module missing: HTML::Parser >This is in both packages, as both of them need it. > optional module missing: LWP::UserAgent (for sa-update) > optional module missing: HTTP::Date (for sa-update) > > I came across this when I wanted to update an older MailScanner box with the latest SA/Clam installer. > >> Could you please keep SA's dependencies in SA's installer and not in MS's >What are you saying do you think is wrong? HTML::Parser is the only >important one here, and is in both the MailScanner and ClamAV+SA >distributions as both of them need it. I see them there... but as said. The installer borked with that msg. Thanks for (hopefully) adding the others required by sa-update: _______________________________ NOTE: the optional LWP::UserAgent module is not installed. NOTE: the optional HTTP::Date module is not installed. The "sa-update" script requires this module to make HTTP If-Modified-Since GET requests. optional module missing: HTTP::Date _______________________________ Alex From dave.list at pixelhammer.com Tue Apr 8 14:42:51 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 14:43:37 2008 Subject: New server request Message-ID: <47FB765B.6030402@pixelhammer.com> Currently we get hit with 200k to 300k connections a day that hit an RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of our mail and we Virus scan everything that comes in. We process 4gb of mail a day on two servers, total around 50k to 65k message we actually deliver. We process 16,908 whitelist and 14,348 blacklist entries from MailWatch. Mail delivery for our clients *INCLUDES* outbound scanning and filtering through my smtp servers (different hardware) and coming back in through my MailScanner servers. I can get that done in 5 minutes round trip time for a message. 90% of that time is spent in the MS server, queues, waiting for pickup, etc. I think that is pretty darned good. That is apparently not good enough. Every month or so I get told that mail delivery in incredibly slow and I need to look at the servers. I do, and every message I check takes around five minutes. I need a recommendation for the root'n toot'nist, rockem sockem, nuklear powered, rocket fuel fed servers money can buy. I want to push a batch of 30 messages through a full featured install of SA, Clamav, and local rulesets in less than 5 seconds. Tops. When my sales director hits send in his outlook, I want the message to deliver so fast his laptop jumps from his desk. I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb of ram. I am open to realistic suggestions, though humor is still welcome. I intend to submit a quote this week. Thanks, DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From alex at nkpanama.com Tue Apr 8 14:51:30 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 14:52:40 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> Are you using SA with sa-compile'd rules? Local caching DNS? /var/ spool/Mailscanner/incoming and /root/.spamassassin mounted as tmpfs? On Apr 8, 2008, at 8:42 AM, DAve wrote: > Currently we get hit with 200k to 300k connections a day that hit an > RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of > our mail and we Virus scan everything that comes in. We process 4gb > of mail a day on two servers, total around 50k to 65k message we > actually deliver. We process 16,908 whitelist and 14,348 blacklist > entries from MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and > filtering through my smtp servers (different hardware) and coming > back in through my MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% > of that time is spent in the MS server, queues, waiting for pickup, > etc. I think that is pretty darned good. > > That is apparently not good enough. Every month or so I get told > that mail delivery in incredibly slow and I need to look at the > servers. I do, and every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, > nuklear powered, rocket fuel fed servers money can buy. I want to > push a batch of 30 messages through a full featured install of SA, > Clamav, and local rulesets in less than 5 seconds. Tops. When my > sales director hits send in his outlook, I want the message to > deliver so fast his laptop jumps from his desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and > 16gb of ram. I am open to realistic suggestions, though humor is > still welcome. I intend to submit a quote this week. > > Thanks, > > DAve > > -- > In 50 years, our descendants will look back on the early years > of the internet, and much like we now look back on men with > rockets on their back and feathers glued to their arms, marvel > that we had the intelligence to wipe the drool from our chins. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mkercher at nfsmith.com Tue Apr 8 14:53:13 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Tue Apr 8 14:54:10 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F8E1225@HOUPEX01.nfsmith.info> When speaking of your disks, you say striped. Do you mean RAID5? I'd think the more spindles you can get into your RAID, the better your I/O will be. Mike -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve Sent: Tuesday, April 08, 2008 8:43 AM To: MailScanner discussion Subject: New server request Currently we get hit with 200k to 300k connections a day that hit an RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of our mail and we Virus scan everything that comes in. We process 4gb of mail a day on two servers, total around 50k to 65k message we actually deliver. We process 16,908 whitelist and 14,348 blacklist entries from MailWatch. Mail delivery for our clients *INCLUDES* outbound scanning and filtering through my smtp servers (different hardware) and coming back in through my MailScanner servers. I can get that done in 5 minutes round trip time for a message. 90% of that time is spent in the MS server, queues, waiting for pickup, etc. I think that is pretty darned good. That is apparently not good enough. Every month or so I get told that mail delivery in incredibly slow and I need to look at the servers. I do, and every message I check takes around five minutes. I need a recommendation for the root'n toot'nist, rockem sockem, nuklear powered, rocket fuel fed servers money can buy. I want to push a batch of 30 messages through a full featured install of SA, Clamav, and local rulesets in less than 5 seconds. Tops. When my sales director hits send in his outlook, I want the message to deliver so fast his laptop jumps from his desk. I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb of ram. I am open to realistic suggestions, though humor is still welcome. I intend to submit a quote this week. Thanks, DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dominian at slackadelic.com Tue Apr 8 14:56:48 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Tue Apr 8 14:57:37 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <47FB79A0.3030605@slackadelic.com> DAve wrote: > Currently we get hit with 200k to 300k connections a day that hit an > RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of our > mail and we Virus scan everything that comes in. We process 4gb of mail > a day on two servers, total around 50k to 65k message we actually > deliver. We process 16,908 whitelist and 14,348 blacklist entries from > MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and filtering > through my smtp servers (different hardware) and coming back in through > my MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% of > that time is spent in the MS server, queues, waiting for pickup, etc. I > think that is pretty darned good. > > That is apparently not good enough. Every month or so I get told that > mail delivery in incredibly slow and I need to look at the servers. I > do, and every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, nuklear > powered, rocket fuel fed servers money can buy. I want to push a batch > of 30 messages through a full featured install of SA, Clamav, and local > rulesets in less than 5 seconds. Tops. When my sales director hits send > in his outlook, I want the message to deliver so fast his laptop jumps > from his desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb > of ram. I am open to realistic suggestions, though humor is still > welcome. I intend to submit a quote this week. > > Thanks, > > DAve > Lets put a quote in for a Cray.. however.. we'd have to talk the landlord into allowing us to take over the entire half of the second floor above us here at corporate :) -Matt From MailScanner at ecs.soton.ac.uk Tue Apr 8 14:57:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 14:58:37 2008 Subject: SA/MS Installer dependencies In-Reply-To: <47FB7454.2090005@alexb.ch> References: <47FB5B1A.1090907@alexb.ch> <47FB6A3D.4010304@ecs.soton.ac.uk> <47FB7454.2090005@alexb.ch> Message-ID: <47FB79DE.7070907@ecs.soton.ac.uk> Alex Broens wrote: > On 4/8/2008 2:51 PM, Julian Field wrote: > > > Alex Broens wrote: > >> Jules, > >> - Seems SA dependencies are added by the MS installer. > >> why? > >> This breaks possible SA updates and forces the admin into setup > methods which *could* cause isssues in the future > >> > >> The one more noticeably missing are > >> > >> > >> REQUIRED module missing: HTML::Parser > >This is in both packages, as both of them need it. > > optional module missing: LWP::UserAgent (for sa-update) > > optional module missing: HTTP::Date (for sa-update) > > > > I came across this when I wanted to update an older MailScanner box > with the latest SA/Clam installer. > > > >> Could you please keep SA's dependencies in SA's installer and not > in MS's > > >What are you saying do you think is wrong? HTML::Parser is the only > >important one here, and is in both the MailScanner and ClamAV+SA > >distributions as both of them need it. > > I see them there... but as said. The installer borked with that msg. > > Thanks for (hopefully) adding the others required by sa-update: > > _______________________________ > NOTE: the optional LWP::UserAgent module is not installed. > NOTE: the optional HTTP::Date module is not installed. > > > The "sa-update" script requires this module to make HTTP > If-Modified-Since GET requests. > > optional module missing: HTTP::Date So what you would actually like me to do is add HTTP::Date to the SpamAssassin installation package? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue Apr 8 15:01:58 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 15:02:44 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <3306998A-42E4-4DEF-B074-F1C3D61B5540@nkpanama.com> Also, have you tried *not* scanning internal-to-internal mail (perhaps mail coming from:192.168. and to:yourdomain.com) for spam? On Apr 8, 2008, at 8:42 AM, DAve wrote: > Currently we get hit with 200k to 300k connections a day that hit an > RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of > our mail and we Virus scan everything that comes in. We process 4gb > of mail a day on two servers, total around 50k to 65k message we > actually deliver. We process 16,908 whitelist and 14,348 blacklist > entries from MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and > filtering through my smtp servers (different hardware) and coming > back in through my MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% > of that time is spent in the MS server, queues, waiting for pickup, > etc. I think that is pretty darned good. > > That is apparently not good enough. Every month or so I get told > that mail delivery in incredibly slow and I need to look at the > servers. I do, and every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, > nuklear powered, rocket fuel fed servers money can buy. I want to > push a batch of 30 messages through a full featured install of SA, > Clamav, and local rulesets in less than 5 seconds. Tops. When my > sales director hits send in his outlook, I want the message to > deliver so fast his laptop jumps from his desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and > 16gb of ram. I am open to realistic suggestions, though humor is > still welcome. I intend to submit a quote this week. > > Thanks, > > DAve > > -- > In 50 years, our descendants will look back on the early years > of the internet, and much like we now look back on men with > rockets on their back and feathers glued to their arms, marvel > that we had the intelligence to wipe the drool from our chins. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From root at doctor.nl2k.ab.ca Tue Apr 8 14:57:56 2008 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Apr 8 15:03:05 2008 Subject: A couple of notes Message-ID: <20080408135755.GA17313@doctor.nl2k.ab.ca> 1) http://www.nk.ca/blog . This is spam and phish section for your research. 2) The latest beta sent my CPUs up the wall. What did you do Julian? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 8 15:06:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 15:06:38 2008 Subject: New server request In-Reply-To: <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> References: <47FB765B.6030402@pixelhammer.com> <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> Message-ID: <47FB7BD8.1030604@ecs.soton.ac.uk> You can delete the /root/.spamassassin/bayes_seen quite frequently too, it will speed things up too. Alex Neuman wrote: > Are you using SA with sa-compile'd rules? Local caching DNS? > /var/spool/Mailscanner/incoming and /root/.spamassassin mounted as tmpfs? > > On Apr 8, 2008, at 8:42 AM, DAve wrote: >> Currently we get hit with 200k to 300k connections a day that hit an >> RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of >> our mail and we Virus scan everything that comes in. We process 4gb >> of mail a day on two servers, total around 50k to 65k message we >> actually deliver. We process 16,908 whitelist and 14,348 blacklist >> entries from MailWatch. >> >> Mail delivery for our clients *INCLUDES* outbound scanning and >> filtering through my smtp servers (different hardware) and coming >> back in through my MailScanner servers. >> >> I can get that done in 5 minutes round trip time for a message. 90% >> of that time is spent in the MS server, queues, waiting for pickup, >> etc. I think that is pretty darned good. >> >> That is apparently not good enough. Every month or so I get told that >> mail delivery in incredibly slow and I need to look at the servers. I >> do, and every message I check takes around five minutes. >> >> I need a recommendation for the root'n toot'nist, rockem sockem, >> nuklear powered, rocket fuel fed servers money can buy. I want to >> push a batch of 30 messages through a full featured install of SA, >> Clamav, and local rulesets in less than 5 seconds. Tops. When my >> sales director hits send in his outlook, I want the message to >> deliver so fast his laptop jumps from his desk. >> >> I think I need striped SAS disks with 15k spindles, four CPUs, and >> 16gb of ram. I am open to realistic suggestions, though humor is >> still welcome. I intend to submit a quote this week. >> >> Thanks, >> >> DAve >> >> -- >> In 50 years, our descendants will look back on the early years >> of the internet, and much like we now look back on men with >> rockets on their back and feathers glued to their arms, marvel >> that we had the intelligence to wipe the drool from our chins. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 8 15:11:16 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 8 15:12:18 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <223f97700804080711x4d3e1ae0g46d0577d7ac00aa7@mail.gmail.com> On 08/04/2008, DAve wrote: > Currently we get hit with 200k to 300k connections a day that hit an RBL. We > see 15k to 25k pipeline attempts. We spam scan almost 50% of our mail and we > Virus scan everything that comes in. We process 4gb of mail a day on two > servers, total around 50k to 65k message we actually deliver. We process > 16,908 whitelist and 14,348 blacklist entries from MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and filtering > through my smtp servers (different hardware) and coming back in through my > MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% of that > time is spent in the MS server, queues, waiting for pickup, etc. I think > that is pretty darned good. > > That is apparently not good enough. Every month or so I get told that mail > delivery in incredibly slow and I need to look at the servers. I do, and > every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, nuklear > powered, rocket fuel fed servers money can buy. I want to push a batch of 30 > messages through a full featured install of SA, Clamav, and local rulesets > in less than 5 seconds. Tops. When my sales director hits send in his > outlook, I want the message to deliver so fast his laptop jumps from his > desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb of > ram. I am open to realistic suggestions, though humor is still welcome. I > intend to submit a quote this week. > > Thanks, > > DAve > I'd look long and hard at where you're time is spent ATM... HW can only solve HW type problems:-). For instance.... Making sure you only use "feeded" BLs (meaning only query to local copy) would probably be ... good. Having your MailWatch database non-local to the machine... might tip you either way (cheaper to buy two boxes with semi-extreme HW, instead of one monster). I suppose you already do most of the "normal" tricks, like tmpfs, caching nameserver, perhaps noatime on selected filesystems etc? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Apr 8 15:11:16 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 8 15:12:27 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <223f97700804080711x4d3e1ae0g46d0577d7ac00aa7@mail.gmail.com> On 08/04/2008, DAve wrote: > Currently we get hit with 200k to 300k connections a day that hit an RBL. We > see 15k to 25k pipeline attempts. We spam scan almost 50% of our mail and we > Virus scan everything that comes in. We process 4gb of mail a day on two > servers, total around 50k to 65k message we actually deliver. We process > 16,908 whitelist and 14,348 blacklist entries from MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and filtering > through my smtp servers (different hardware) and coming back in through my > MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% of that > time is spent in the MS server, queues, waiting for pickup, etc. I think > that is pretty darned good. > > That is apparently not good enough. Every month or so I get told that mail > delivery in incredibly slow and I need to look at the servers. I do, and > every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, nuklear > powered, rocket fuel fed servers money can buy. I want to push a batch of 30 > messages through a full featured install of SA, Clamav, and local rulesets > in less than 5 seconds. Tops. When my sales director hits send in his > outlook, I want the message to deliver so fast his laptop jumps from his > desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb of > ram. I am open to realistic suggestions, though humor is still welcome. I > intend to submit a quote this week. > > Thanks, > > DAve > I'd look long and hard at where you're time is spent ATM... HW can only solve HW type problems:-). For instance.... Making sure you only use "feeded" BLs (meaning only query to local copy) would probably be ... good. Having your MailWatch database non-local to the machine... might tip you either way (cheaper to buy two boxes with semi-extreme HW, instead of one monster). I suppose you already do most of the "normal" tricks, like tmpfs, caching nameserver, perhaps noatime on selected filesystems etc? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Apr 8 15:13:40 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 15:14:23 2008 Subject: New server request In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F8E1225@HOUPEX01.nfsmith.info> References: <47FB765B.6030402@pixelhammer.com> <224FA7E11EA39E45843E11CEBBD3A36F8E1225@HOUPEX01.nfsmith.info> Message-ID: <47FB7D94.5050506@ecs.soton.ac.uk> Striped will be faster than RAID5. I would go striped, striped+mirrored (RAID10) on your root disk if at all possible. Mike Kercher wrote: > When speaking of your disks, you say striped. Do you mean RAID5? I'd > think the more spindles you can get into your RAID, the better your I/O > will be. > > Mike > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve > Sent: Tuesday, April 08, 2008 8:43 AM > To: MailScanner discussion > Subject: New server request > > Currently we get hit with 200k to 300k connections a day that hit an > RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of our > mail and we Virus scan everything that comes in. We process 4gb of mail > a day on two servers, total around 50k to 65k message we actually > deliver. We process 16,908 whitelist and 14,348 blacklist entries from > MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and filtering > through my smtp servers (different hardware) and coming back in through > my MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% of > that time is spent in the MS server, queues, waiting for pickup, etc. I > think that is pretty darned good. > > That is apparently not good enough. Every month or so I get told that > mail delivery in incredibly slow and I need to look at the servers. I > do, and every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, nuklear > powered, rocket fuel fed servers money can buy. I want to push a batch > of 30 messages through a full featured install of SA, Clamav, and local > rulesets in less than 5 seconds. Tops. When my sales director hits send > in his outlook, I want the message to deliver so fast his laptop jumps > from his desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb > of ram. I am open to realistic suggestions, though humor is still > welcome. I intend to submit a quote this week. > > Thanks, > > DAve > > -- > In 50 years, our descendants will look back on the early years of the > internet, and much like we now look back on men with rockets on their > back and feathers glued to their arms, marvel that we had the > intelligence to wipe the drool from our chins. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 8 15:14:12 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 8 15:14:51 2008 Subject: New server request In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F8E1225@HOUPEX01.nfsmith.info> References: <47FB765B.6030402@pixelhammer.com> <224FA7E11EA39E45843E11CEBBD3A36F8E1225@HOUPEX01.nfsmith.info> Message-ID: <223f97700804080714u7af3cc71q18162e1972479ca2@mail.gmail.com> On 08/04/2008, Mike Kercher wrote: > When speaking of your disks, you say striped. Do you mean RAID5? I'd > think the more spindles you can get into your RAID, the better your I/O > will be. > > > Mike I would think he means Raid0 or Raid1+0... In any case, a huge amount of write cache on the Raid-controller would likely be a good thing. Think "dedicated SAN" (which isn't SAN at all, just cost like it and behaves like DAS:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Tue Apr 8 15:21:53 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Apr 8 15:22:45 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0360B0E2@HC-MBX02.herefordshire.gov.uk> We're running CentOS 5.1 64-bit on a couple of 4GB quad-core Dell 2950s here as our MailScanner boxes. 120K connections to each box every day (100K or so of which are rejected at the sendmail level). All messages are both virus scanned (ClamAVModule and McAfee uvscan) and fed to SpamAssassin. Images in low-scoring emails are also FuzzyOCR'd. Local caching DNS, tmpfs, but no compiled SA rules. MailWatch says there are 16 MailScanner children currently running. Typical message time is 5 seconds, which, for a batch of 30 emails, would create a maximum latency of 2 1/2 minutes. If we reduced DNS timeouts this might improve (our internet feed is often maxed out with other traffic). If you want to reduce maximum message delay then you'd need to increase the number of MailScanner instances and reduce batch sizes. Hope this helps, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve Sent: 08 April 2008 14:43 To: MailScanner discussion Subject: New server request Currently we get hit with 200k to 300k connections a day that hit an RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of our mail and we Virus scan everything that comes in. We process 4gb of mail a day on two servers, total around 50k to 65k message we actually deliver. We process 16,908 whitelist and 14,348 blacklist entries from MailWatch. Mail delivery for our clients *INCLUDES* outbound scanning and filtering through my smtp servers (different hardware) and coming back in through my MailScanner servers. I can get that done in 5 minutes round trip time for a message. 90% of that time is spent in the MS server, queues, waiting for pickup, etc. I think that is pretty darned good. That is apparently not good enough. Every month or so I get told that mail delivery in incredibly slow and I need to look at the servers. I do, and every message I check takes around five minutes. I need a recommendation for the root'n toot'nist, rockem sockem, nuklear powered, rocket fuel fed servers money can buy. I want to push a batch of 30 messages through a full featured install of SA, Clamav, and local rulesets in less than 5 seconds. Tops. When my sales director hits send in his outlook, I want the message to deliver so fast his laptop jumps from his desk. I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb of ram. I am open to realistic suggestions, though humor is still welcome. I intend to submit a quote this week. Thanks, DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From richard.frovarp at sendit.nodak.edu Tue Apr 8 15:26:09 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Apr 8 15:26:45 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <47FB8081.4090208@sendit.nodak.edu> DAve wrote: > Currently we get hit with 200k to 300k connections a day that hit an > RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of > our mail and we Virus scan everything that comes in. We process 4gb of > mail a day on two servers, total around 50k to 65k message we actually > deliver. We process 16,908 whitelist and 14,348 blacklist entries from > MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and > filtering through my smtp servers (different hardware) and coming back > in through my MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% of > that time is spent in the MS server, queues, waiting for pickup, etc. > I think that is pretty darned good. > > That is apparently not good enough. Every month or so I get told that > mail delivery in incredibly slow and I need to look at the servers. I > do, and every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, > nuklear powered, rocket fuel fed servers money can buy. I want to push > a batch of 30 messages through a full featured install of SA, Clamav, > and local rulesets in less than 5 seconds. Tops. When my sales > director hits send in his outlook, I want the message to deliver so > fast his laptop jumps from his desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and > 16gb of ram. I am open to realistic suggestions, though humor is still > welcome. I intend to submit a quote this week. > > Thanks, > > DAve > I've got an old 2.66 GHz dual Xeon with 2 GB of RAM that pushes through mail relatively well. Standard RAID 1 SCSI disks. Right now it's doing batches of 2 in about 15 seconds. It handles about 4 GB of of traffic and scans about 46 K a day. I would expect a dual quad core with the requisite amount of RAM would be plenty. Network tests take a while anyway, and there isn't much you can do to speed that up. I am running greylist, greet pause, valid user lookup, and blacklists in sendmail to reduce the load. I also have two other machines that see similar load. Heck, I've got a VM that scans 28 K internal messages a day with only 1 GB of RAM and seeing 2 3.2 GHz virtual processors. That one is doing 2 message batches in the 6 to 8 second range, most 1 message batches are sub 4 seconds. Dual quad cores would probably be more than enough. -- Richard Frovarp EduTech System Administrator 1-701-231-5127 or 1-800-774-1091 From richard.frovarp at sendit.nodak.edu Tue Apr 8 15:32:26 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Apr 8 15:32:36 2008 Subject: Excessive Swapping In-Reply-To: References: Message-ID: <47FB81FA.5040307@sendit.nodak.edu> Gregory Wong wrote: > Hi everyone, > > I have a server that has 256MB of RAM. It is running Postfix, MS, > MailScanner-MRTG on Ubuntu Server. I have noticed recently that it has > been swapping a lot. > > total used free shared buffers cached > Mem: 256 204 51 0 0 18 > -/+ buffers/cache: 185 70 > Swap: 511 152 359 > > I am looking to implement MailWatch but am concerned that the server > doesn?t have an adequate amount of memory. Is this excessive swapping > normal? Should I be upgrading the RAM? > > Also, my company got hit on Saturday with nearly 1600 spam messages > (which is unusual since we only get about 200-300 spam per day). > Besides running MS and the default SA rules, what other things do you > recommend I configure to help combat the spam? > > Thanks. MailWatch might not be too bad, if you can move the DB and primary web interface off to another machine. Of course this is assuming you are only going to use MailWatch for quarantine management. Your problem is you are receiving more spam than normal, so you probably are processing larger batch sizes, which requires more ram per batch. I've seen this with one of my boxes that only has 1 GB of RAM. Three things you can do while waiting for more RAM in MailScanner.conf: Change Max Children to a small number Change Max Unscanned Messages Per Scan to a small number Change Max Unsafe Messages Per Scan to a small number It may take longer to process mail, but swapping will make things slow to a horrible crawl, which is worse. Max Children would probably only be 2 or 3, with messages per scan probably being something like 5 each. From edward.prendergast at netring.co.uk Tue Apr 8 15:33:56 2008 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Tue Apr 8 15:34:23 2008 Subject: MailScanner increasing score over threshold but message passed as clean? In-Reply-To: <47FB4C9C.8040603@ecs.soton.ac.uk> References: <030801c89960$868bd400$93a37c00$@prendergast@netring.co.uk> <47FB4C9C.8040603@ecs.soton.ac.uk> Message-ID: <03a501c89985$9485dcc0$bd919640$@prendergast@netring.co.uk> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Then run "MailScanner --debug" on some test messages that should push > the spam score over your spam threshold of 5, and mshspam should equal > 1. Please can you let me know what it outputs. A segment from the debug: max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' mshspam = 0 mshhigh = 0 max message size is '200k' The msh* messages didn't show up frequently - I had to debug 3 times to get these. Haven't seen you on the IRC channel for a while Jules, is all well? Thanks! ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ From MailScanner at ecs.soton.ac.uk Tue Apr 8 15:54:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 15:55:28 2008 Subject: A couple of notes In-Reply-To: <20080408135755.GA17313@doctor.nl2k.ab.ca> References: <20080408135755.GA17313@doctor.nl2k.ab.ca> Message-ID: <47FB8734.5050002@ecs.soton.ac.uk> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > 1) http://www.nk.ca/blog . This is spam and phish section for your research. > > 2) The latest beta sent my CPUs up the wall. What did you do Julian? > What has changed in your system performance? It should only affect messages with Office documents embedded in them. Was the change in the last beta, or was the previous stable the same as the new beta? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Tue Apr 8 16:01:53 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 16:02:40 2008 Subject: New server request In-Reply-To: <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> References: <47FB765B.6030402@pixelhammer.com> <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> Message-ID: <47FB88E1.10304@pixelhammer.com> Alex Neuman wrote: > Are you using SA with sa-compile'd rules? Local caching DNS? > /var/spool/Mailscanner/incoming and /root/.spamassassin mounted as tmpfs? > You betcha. DAve > On Apr 8, 2008, at 8:42 AM, DAve wrote: >> Currently we get hit with 200k to 300k connections a day that hit an >> RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of >> our mail and we Virus scan everything that comes in. We process 4gb of >> mail a day on two servers, total around 50k to 65k message we actually >> deliver. We process 16,908 whitelist and 14,348 blacklist entries from >> MailWatch. >> >> Mail delivery for our clients *INCLUDES* outbound scanning and >> filtering through my smtp servers (different hardware) and coming back >> in through my MailScanner servers. >> >> I can get that done in 5 minutes round trip time for a message. 90% of >> that time is spent in the MS server, queues, waiting for pickup, etc. >> I think that is pretty darned good. >> >> That is apparently not good enough. Every month or so I get told that >> mail delivery in incredibly slow and I need to look at the servers. I >> do, and every message I check takes around five minutes. >> >> I need a recommendation for the root'n toot'nist, rockem sockem, >> nuklear powered, rocket fuel fed servers money can buy. I want to push >> a batch of 30 messages through a full featured install of SA, Clamav, >> and local rulesets in less than 5 seconds. Tops. When my sales >> director hits send in his outlook, I want the message to deliver so >> fast his laptop jumps from his desk. >> >> I think I need striped SAS disks with 15k spindles, four CPUs, and >> 16gb of ram. I am open to realistic suggestions, though humor is still >> welcome. I intend to submit a quote this week. >> >> Thanks, >> >> DAve >> >> -- >> In 50 years, our descendants will look back on the early years >> of the internet, and much like we now look back on men with >> rockets on their back and feathers glued to their arms, marvel >> that we had the intelligence to wipe the drool from our chins. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From alex at nkpanama.com Tue Apr 8 16:01:43 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 16:02:45 2008 Subject: New server request In-Reply-To: <223f97700804080711x4d3e1ae0g46d0577d7ac00aa7@mail.gmail.com> References: <47FB765B.6030402@pixelhammer.com> <223f97700804080711x4d3e1ae0g46d0577d7ac00aa7@mail.gmail.com> Message-ID: <0FB7F0C0-2F74-4164-9D19-A5C8D457FFAD@nkpanama.com> noatime + nodiratime too! On Apr 8, 2008, at 9:11 AM, Glenn Steen wrote: > caching nameserver, perhaps noatime on selected filesystems etc? From dave.list at pixelhammer.com Tue Apr 8 16:04:11 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 16:04:31 2008 Subject: New server request In-Reply-To: <3306998A-42E4-4DEF-B074-F1C3D61B5540@nkpanama.com> References: <47FB765B.6030402@pixelhammer.com> <3306998A-42E4-4DEF-B074-F1C3D61B5540@nkpanama.com> Message-ID: <47FB896B.7050502@pixelhammer.com> Alex Neuman wrote: > Also, have you tried *not* scanning internal-to-internal mail (perhaps > mail coming from:192.168. and to:yourdomain.com) for spam? I short circuit for trusted networks. Is that not the same? DAve > > On Apr 8, 2008, at 8:42 AM, DAve wrote: >> Currently we get hit with 200k to 300k connections a day that hit an >> RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of >> our mail and we Virus scan everything that comes in. We process 4gb of >> mail a day on two servers, total around 50k to 65k message we actually >> deliver. We process 16,908 whitelist and 14,348 blacklist entries from >> MailWatch. >> >> Mail delivery for our clients *INCLUDES* outbound scanning and >> filtering through my smtp servers (different hardware) and coming back >> in through my MailScanner servers. >> >> I can get that done in 5 minutes round trip time for a message. 90% of >> that time is spent in the MS server, queues, waiting for pickup, etc. >> I think that is pretty darned good. >> >> That is apparently not good enough. Every month or so I get told that >> mail delivery in incredibly slow and I need to look at the servers. I >> do, and every message I check takes around five minutes. >> >> I need a recommendation for the root'n toot'nist, rockem sockem, >> nuklear powered, rocket fuel fed servers money can buy. I want to push >> a batch of 30 messages through a full featured install of SA, Clamav, >> and local rulesets in less than 5 seconds. Tops. When my sales >> director hits send in his outlook, I want the message to deliver so >> fast his laptop jumps from his desk. >> >> I think I need striped SAS disks with 15k spindles, four CPUs, and >> 16gb of ram. I am open to realistic suggestions, though humor is still >> welcome. I intend to submit a quote this week. >> >> Thanks, >> >> DAve >> >> -- >> In 50 years, our descendants will look back on the early years >> of the internet, and much like we now look back on men with >> rockets on their back and feathers glued to their arms, marvel >> that we had the intelligence to wipe the drool from our chins. >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From alex at nkpanama.com Tue Apr 8 16:04:28 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 16:05:01 2008 Subject: New server request In-Reply-To: <47FB7D94.5050506@ecs.soton.ac.uk> References: <47FB765B.6030402@pixelhammer.com> <224FA7E11EA39E45843E11CEBBD3A36F8E1225@HOUPEX01.nfsmith.info> <47FB7D94.5050506@ecs.soton.ac.uk> Message-ID: <1FD04BDF-12F7-444D-9952-4291E4B744AB@nkpanama.com> How about SSD's? At that size it'd probably be cost prohibitive, though... On Apr 8, 2008, at 9:13 AM, Julian Field wrote: > Striped will be faster than RAID5. I would go striped, striped > +mirrored (RAID10) on your root disk if at all possible. From dave.list at pixelhammer.com Tue Apr 8 16:09:09 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 16:09:54 2008 Subject: New server request In-Reply-To: <47FB7BD8.1030604@ecs.soton.ac.uk> References: <47FB765B.6030402@pixelhammer.com> <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> <47FB7BD8.1030604@ecs.soton.ac.uk> Message-ID: <47FB8A95.2090408@pixelhammer.com> Julian Field wrote: > You can delete the /root/.spamassassin/bayes_seen quite frequently too, > it will speed things up too. bash-2.05b# ls -lah /opt/MailScanner/bayes/ total 6082 drwx------ 2 root wheel 512B Apr 8 11:05 . drwxr-xr-x 8 root wheel 512B Mar 22 16:46 .. -rw-rw---- 1 root wheel 1.7K Apr 8 11:05 bayes.mutex -rw-rw---- 1 root wheel 91K Apr 8 11:06 bayes_journal -rw-rw---- 1 root wheel 2.5M Apr 8 11:05 bayes_seen -rw-rw---- 1 root wheel 4.9M Apr 8 11:05 bayes_toks It doesn't seem very large. I currently, and previously have, allowed MS to expire/cleanup the bayes system. Never had an issue. DAve > > Alex Neuman wrote: >> Are you using SA with sa-compile'd rules? Local caching DNS? >> /var/spool/Mailscanner/incoming and /root/.spamassassin mounted as tmpfs? >> >> On Apr 8, 2008, at 8:42 AM, DAve wrote: >>> Currently we get hit with 200k to 300k connections a day that hit an >>> RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of >>> our mail and we Virus scan everything that comes in. We process 4gb >>> of mail a day on two servers, total around 50k to 65k message we >>> actually deliver. We process 16,908 whitelist and 14,348 blacklist >>> entries from MailWatch. >>> >>> Mail delivery for our clients *INCLUDES* outbound scanning and >>> filtering through my smtp servers (different hardware) and coming >>> back in through my MailScanner servers. >>> >>> I can get that done in 5 minutes round trip time for a message. 90% >>> of that time is spent in the MS server, queues, waiting for pickup, >>> etc. I think that is pretty darned good. >>> >>> That is apparently not good enough. Every month or so I get told that >>> mail delivery in incredibly slow and I need to look at the servers. I >>> do, and every message I check takes around five minutes. >>> >>> I need a recommendation for the root'n toot'nist, rockem sockem, >>> nuklear powered, rocket fuel fed servers money can buy. I want to >>> push a batch of 30 messages through a full featured install of SA, >>> Clamav, and local rulesets in less than 5 seconds. Tops. When my >>> sales director hits send in his outlook, I want the message to >>> deliver so fast his laptop jumps from his desk. >>> >>> I think I need striped SAS disks with 15k spindles, four CPUs, and >>> 16gb of ram. I am open to realistic suggestions, though humor is >>> still welcome. I intend to submit a quote this week. >>> >>> Thanks, >>> >>> DAve >>> >>> -- >>> In 50 years, our descendants will look back on the early years >>> of the internet, and much like we now look back on men with >>> rockets on their back and feathers glued to their arms, marvel >>> that we had the intelligence to wipe the drool from our chins. >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >> > > Jules > -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From heath at agdog.com Tue Apr 8 16:18:35 2008 From: heath at agdog.com (Heath Carson) Date: Tue Apr 8 16:19:18 2008 Subject: MailScanner Digest, Vol 28, Issue 18 Message-ID: I'll be out of the office until April 14th, please contact support@agdog.com if it's an emergency. Thanks. -Heath From alex at nkpanama.com Tue Apr 8 16:19:06 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 16:20:10 2008 Subject: New server request In-Reply-To: <47FB7BD8.1030604@ecs.soton.ac.uk> References: <47FB765B.6030402@pixelhammer.com> <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> <47FB7BD8.1030604@ecs.soton.ac.uk> Message-ID: <70F2D897-4E7F-4F59-B2AD-5C1F897C281C@nkpanama.com> Can this by cronjobbed? On Apr 8, 2008, at 9:06 AM, Julian Field wrote: > You can delete the /root/.spamassassin/bayes_seen quite frequently > too, it will speed things up too. From ms-list at alexb.ch Tue Apr 8 16:20:48 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Apr 8 16:21:28 2008 Subject: SA installer oddities: Message-ID: <47FB8D50.6080703@alexb.ch> Jules Finsihed the install and BEFORE adding my own stuff to /etc/mail/spamassassin I checked the *.pre files for redundant loads: init.pre includes: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::Razor2 v310.pre includes: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL v320.pre includes: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::SPF loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::Razor2 [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry, already registered [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry, already registered [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered seems to me there a lot of redundant stuff being loaded and reloaded and reloaded - not sure at this point what you added and what's default (need to take SA source apart and check) May I suggest you don't modify the .pre files after install and point admins to check the stuff being loaded in the 3 .pre files and enable whatever specials they may need. The standard enabled SA plugins will produce a decent working SA withotu any pain. Thanks Alex From uxbod at splatnix.net Tue Apr 8 16:36:10 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Apr 8 16:37:27 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> Message-ID: <9283241.1441207668970459.JavaMail.root@office.splatnix.net> Remove all checking ? ;) 5 mins for something that does not have a guaranteed (RFC) delivery time anyway is damn good! Yes you could put in a SAN/iSCSI but as already been said make sure loads of cache. Why not put the OS etc on SSDs ? Man, you could keep going all day and spend loads of dosh, but what great fun :D I would run numerous tests throughout different loads on the system to truly ascertain where the issue is. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "DAve" wrote: > Currently we get hit with 200k to 300k connections a day that hit an > RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of > our > mail and we Virus scan everything that comes in. We process 4gb of > mail > a day on two servers, total around 50k to 65k message we actually > deliver. We process 16,908 whitelist and 14,348 blacklist entries from > > MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and > filtering > through my smtp servers (different hardware) and coming back in > through > my MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% of > > that time is spent in the MS server, queues, waiting for pickup, etc. > I > think that is pretty darned good. > > That is apparently not good enough. Every month or so I get told that > > mail delivery in incredibly slow and I need to look at the servers. I > > do, and every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, > nuklear > powered, rocket fuel fed servers money can buy. I want to push a batch > > of 30 messages through a full featured install of SA, Clamav, and > local > rulesets in less than 5 seconds. Tops. When my sales director hits > send > in his outlook, I want the message to deliver so fast his laptop jumps > > from his desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and > 16gb > of ram. I am open to realistic suggestions, though humor is still > welcome. I intend to submit a quote this week. > > Thanks, > > DAve -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Tue Apr 8 16:41:17 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 16:42:03 2008 Subject: New server request In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F8E1225@HOUPEX01.nfsmith.info> References: <47FB765B.6030402@pixelhammer.com> <224FA7E11EA39E45843E11CEBBD3A36F8E1225@HOUPEX01.nfsmith.info> Message-ID: <47FB921D.4000508@pixelhammer.com> Mike Kercher wrote: > When speaking of your disks, you say striped. Do you mean RAID5? I'd > think the more spindles you can get into your RAID, the better your I/O > will be. Raid 0+1 on my spool directory. DAve > > Mike > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve > Sent: Tuesday, April 08, 2008 8:43 AM > To: MailScanner discussion > Subject: New server request > > Currently we get hit with 200k to 300k connections a day that hit an > RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of our > mail and we Virus scan everything that comes in. We process 4gb of mail > a day on two servers, total around 50k to 65k message we actually > deliver. We process 16,908 whitelist and 14,348 blacklist entries from > MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and filtering > through my smtp servers (different hardware) and coming back in through > my MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% of > that time is spent in the MS server, queues, waiting for pickup, etc. I > think that is pretty darned good. > > That is apparently not good enough. Every month or so I get told that > mail delivery in incredibly slow and I need to look at the servers. I > do, and every message I check takes around five minutes. > > I need a recommendation for the root'n toot'nist, rockem sockem, nuklear > powered, rocket fuel fed servers money can buy. I want to push a batch > of 30 messages through a full featured install of SA, Clamav, and local > rulesets in less than 5 seconds. Tops. When my sales director hits send > in his outlook, I want the message to deliver so fast his laptop jumps > from his desk. > > I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb > of ram. I am open to realistic suggestions, though humor is still > welcome. I intend to submit a quote this week. > > Thanks, > > DAve > > -- > In 50 years, our descendants will look back on the early years of the > internet, and much like we now look back on men with rockets on their > back and feathers glued to their arms, marvel that we had the > intelligence to wipe the drool from our chins. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From ms-list at alexb.ch Tue Apr 8 16:42:04 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Apr 8 16:42:43 2008 Subject: SA/MS Installer dependencies In-Reply-To: <47FB79DE.7070907@ecs.soton.ac.uk> References: <47FB5B1A.1090907@alexb.ch> <47FB6A3D.4010304@ecs.soton.ac.uk> <47FB7454.2090005@alexb.ch> <47FB79DE.7070907@ecs.soton.ac.uk> Message-ID: <47FB924C.1020609@alexb.ch> On 4/8/2008 3:57 PM, Julian Field wrote: > > > Alex Broens wrote: >> On 4/8/2008 2:51 PM, Julian Field wrote: >> >> >> Alex Broens wrote: >> >> Jules, >> >> - Seems SA dependencies are added by the MS installer. >> >> why? >> >> This breaks possible SA updates and forces the admin into setup >> methods which *could* cause isssues in the future >> >> >> >> The one more noticeably missing are >> >> >> >> >> >> REQUIRED module missing: HTML::Parser >> >This is in both packages, as both of them need it. >> > optional module missing: LWP::UserAgent (for sa-update) >> > optional module missing: HTTP::Date (for sa-update) >> > >> > I came across this when I wanted to update an older MailScanner box >> with the latest SA/Clam installer. >> > >> >> Could you please keep SA's dependencies in SA's installer and not >> in MS's >> >> >What are you saying do you think is wrong? HTML::Parser is the only >> >important one here, and is in both the MailScanner and ClamAV+SA >> >distributions as both of them need it. >> >> I see them there... but as said. The installer borked with that msg. >> >> Thanks for (hopefully) adding the others required by sa-update: >> >> _______________________________ >> NOTE: the optional LWP::UserAgent module is not installed. >> NOTE: the optional HTTP::Date module is not installed. >> >> >> The "sa-update" script requires this module to make HTTP >> If-Modified-Since GET requests. >> >> optional module missing: HTTP::Date > So what you would actually like me to do is add HTTP::Date to the > SpamAssassin installation package? Yep, AND: If you & other admins agree, LWP::UserAgent and its *immediate* dependencies to be able to run sa-update out of the box. thanks Alex From dave.list at pixelhammer.com Tue Apr 8 16:44:45 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 16:45:34 2008 Subject: New server request In-Reply-To: <47FB79A0.3030605@slackadelic.com> References: <47FB765B.6030402@pixelhammer.com> <47FB79A0.3030605@slackadelic.com> Message-ID: <47FB92ED.4040504@pixelhammer.com> Matt Hayes wrote: > DAve wrote: >> I need a recommendation for the root'n toot'nist, rockem sockem, >> nuklear powered, rocket fuel fed servers money can buy. I want to push >> a batch of 30 messages through a full featured install of SA, Clamav, >> and local rulesets in less than 5 seconds. Tops. When my sales >> director hits send in his outlook, I want the message to deliver so >> fast his laptop jumps from his desk. >> >> I think I need striped SAS disks with 15k spindles, four CPUs, and >> 16gb of ram. I am open to realistic suggestions, though humor is still >> welcome. I intend to submit a quote this week. >> >> Thanks, >> >> DAve >> > > Lets put a quote in for a Cray.. however.. we'd have to talk the > landlord into allowing us to take over the entire half of the second > floor above us here at corporate :) > > -Matt I forget you read this list. You never saw this message, you know nothing of a quote, you never saw me here. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From dave.list at pixelhammer.com Tue Apr 8 16:54:40 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 16:55:00 2008 Subject: New server request In-Reply-To: <47FB8081.4090208@sendit.nodak.edu> References: <47FB765B.6030402@pixelhammer.com> <47FB8081.4090208@sendit.nodak.edu> Message-ID: <47FB9540.7090004@pixelhammer.com> Richard Frovarp wrote: > DAve wrote: >> Currently we get hit with 200k to 300k connections a day that hit an >> RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of >> our mail and we Virus scan everything that comes in. We process 4gb of >> mail a day on two servers, total around 50k to 65k message we actually >> deliver. We process 16,908 whitelist and 14,348 blacklist entries from >> MailWatch. >> >> Mail delivery for our clients *INCLUDES* outbound scanning and >> filtering through my smtp servers (different hardware) and coming back >> in through my MailScanner servers. >> >> I can get that done in 5 minutes round trip time for a message. 90% of >> that time is spent in the MS server, queues, waiting for pickup, etc. >> I think that is pretty darned good. >> >> That is apparently not good enough. Every month or so I get told that >> mail delivery in incredibly slow and I need to look at the servers. I >> do, and every message I check takes around five minutes. >> >> I need a recommendation for the root'n toot'nist, rockem sockem, >> nuklear powered, rocket fuel fed servers money can buy. I want to push >> a batch of 30 messages through a full featured install of SA, Clamav, >> and local rulesets in less than 5 seconds. Tops. When my sales >> director hits send in his outlook, I want the message to deliver so >> fast his laptop jumps from his desk. >> >> I think I need striped SAS disks with 15k spindles, four CPUs, and >> 16gb of ram. I am open to realistic suggestions, though humor is still >> welcome. I intend to submit a quote this week. >> >> Thanks, >> >> DAve >> > > I've got an old 2.66 GHz dual Xeon with 2 GB of RAM that pushes through > mail relatively well. Standard RAID 1 SCSI disks. Right now it's doing > batches of 2 in about 15 seconds. It handles about 4 GB of of traffic > and scans about 46 K a day. I would expect a dual quad core with the > requisite amount of RAM would be plenty. Network tests take a while > anyway, and there isn't much you can do to speed that up. I am running > greylist, greet pause, valid user lookup, and blacklists in sendmail to > reduce the load. I also have two other machines that see similar load. > Not much different that the servers we currently run. We do not run RAID at the moment. Except I have two servers were you have one. Batches of 2 take about 6 seconds, in the evening. During peak hours I get batches of 10 that require anywhere from 60 to 190 seconds. I can go from 7 messages waiting to 300 messages waiting in the blink of an eye. Though left to it's own, MS will chew through them just fine. We also run greylisting (with client's whitelisted), greetpause (with our own network whitelisted), RBL (in MTA), caching DNS, and milter-ahead to the pop toasters. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From dave.list at pixelhammer.com Tue Apr 8 17:19:42 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 17:20:27 2008 Subject: New server request In-Reply-To: <223f97700804080711x4d3e1ae0g46d0577d7ac00aa7@mail.gmail.com> References: <47FB765B.6030402@pixelhammer.com> <223f97700804080711x4d3e1ae0g46d0577d7ac00aa7@mail.gmail.com> Message-ID: <47FB9B1E.80702@pixelhammer.com> Glenn Steen wrote: > On 08/04/2008, DAve wrote: >> Currently we get hit with 200k to 300k connections a day that hit an RBL. We >> see 15k to 25k pipeline attempts. We spam scan almost 50% of our mail and we >> Virus scan everything that comes in. We process 4gb of mail a day on two >> servers, total around 50k to 65k message we actually deliver. We process >> 16,908 whitelist and 14,348 blacklist entries from MailWatch. >> >> Mail delivery for our clients *INCLUDES* outbound scanning and filtering >> through my smtp servers (different hardware) and coming back in through my >> MailScanner servers. >> >> I can get that done in 5 minutes round trip time for a message. 90% of that >> time is spent in the MS server, queues, waiting for pickup, etc. I think >> that is pretty darned good. >> >> That is apparently not good enough. Every month or so I get told that mail >> delivery in incredibly slow and I need to look at the servers. I do, and >> every message I check takes around five minutes. >> >> I need a recommendation for the root'n toot'nist, rockem sockem, nuklear >> powered, rocket fuel fed servers money can buy. I want to push a batch of 30 >> messages through a full featured install of SA, Clamav, and local rulesets >> in less than 5 seconds. Tops. When my sales director hits send in his >> outlook, I want the message to deliver so fast his laptop jumps from his >> desk. >> >> I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb of >> ram. I am open to realistic suggestions, though humor is still welcome. I >> intend to submit a quote this week. >> >> Thanks, >> >> DAve >> > I'd look long and hard at where you're time is spent ATM... HW can > only solve HW type problems:-). ATM? > > For instance.... Making sure you only use "feeded" BLs (meaning only > query to local copy) would probably be ... good. We cache DNS lookups heavily. > Having your MailWatch database non-local to the machine... might tip > you either way (cheaper to buy two boxes with semi-extreme HW, instead > of one monster). We currently do that as we have two MS servers reporting to a single MailWatch server. > > I suppose you already do most of the "normal" tricks, like tmpfs, > caching nameserver, perhaps noatime on selected filesystems etc? > Yep, all of the above. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From ssilva at sgvwater.com Tue Apr 8 17:26:20 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 8 17:26:30 2008 Subject: MailScanner ignoring some rules In-Reply-To: <223f97700804070046x244cdf03t7f15378ec77fcbe8@mail.gmail.com> References: <37937.201.41.210.20.1207154517.squirrel@www.tecnowaydigital.com.br> <47F53B57.1070307@ecs.soton.ac.uk> <8F1DE832AFD34082A4D0CB25E4E7D7E7@TWDNB03> <223f97700804040109p3a5d97a5w439ef4d77ba879b1@mail.gmail.com> <223f97700804041120q3eaf3f90j4a0cce865e66b12@mail.gmail.com> <223f97700804050057v7d8a662q5e20c63ff16c648a@mail.gmail.com> <223f97700804070046x244cdf03t7f15378ec77fcbe8@mail.gmail.com> Message-ID: on 4-7-2008 12:46 AM Glenn Steen spake the following: > On 07/04/2008, Scott Silva wrote: >> on 4-5-2008 12:57 AM Glenn Steen spake the following: >> >>> On 04/04/2008, Scott Silva wrote: >>> >>>> on 4-4-2008 11:20 AM Glenn Steen spake the following: >>>> >>>> >>>>> Sorry all, for the top post... a bit too tipsy to really safely (snip) >>>>> with even a virtual scissor...:-) >>>>> >>>>> >>>>> >>>> Happy Friday, Glenn!! >>>> >>>> >>> There'salways something to celebrate....:-) >>> This time it was "first day this week that I didn't need work >>> underpaid(!!!) overtime"... It's been a b*tch of a week. Again. So >>> friday just couldn't come quite fast eenough:-):-) >>> >>> Cheers >>> >> I understand that! I get non-paid overtime, so I feel your pain!! >> >> Don't get me wrong, as my pay isn't that bad, but it goes down very quickly >> as you add hours :-( >> > > Once you earn enough you get three extra days vacation-time... Which > is supposed to be enough compensation for ones overtime... Didn't > quite take three easy weeks to "earn up" that time, once I crossed > over. Not really complaining, and it's not really unpaid (well...:-), > but... Not that great either:/. > Oh well, a luxury problem, I guess...:-) > > Cheers We could be digging ditches for minimum wage, so I'll stop complaining! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080408/a9801640/signature.bin From alex at nkpanama.com Tue Apr 8 17:30:01 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 17:31:00 2008 Subject: New server request In-Reply-To: <47FB896B.7050502@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> <3306998A-42E4-4DEF-B074-F1C3D61B5540@nkpanama.com> <47FB896B.7050502@pixelhammer.com> Message-ID: <3DF41629-A83B-4038-988A-1441F2937121@nkpanama.com> Not exactly. As Pat Morita said: "Best block, no be there, ok?" - *Not* scanning is ever so slightly faster than "scanning but short- circuiting". On Apr 8, 2008, at 10:04 AM, DAve wrote: > I short circuit for trusted networks. Is that not the same? From ssilva at sgvwater.com Tue Apr 8 17:34:39 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 8 17:34:04 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <20080407060825.50bf671f@scorpio> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> <47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> <20080407060825.50bf671f@scorpio> Message-ID: on 4-7-2008 3:08 AM Gerard spake the following: > On Sun, 06 Apr 2008 16:00:45 -0700 > Scott Silva wrote: > >> on 4-6-2008 8:09 AM Julian Field spake the following: >>> Ignore all previous requests for information. I've got enough of >>> it, pretty much. >>> The only thing I cannot handle is inserted OLE "Packages" that >>> contain multiple files. If someone fancies creating one of those >>> and sending it to me, I'll improve the Package parser to cope with >>> it. >>> >>> But it now works with files inserted into Microsoft Office >>> documents just fine. >>> >>> This will be in the next release. >>> I guess it's a fairly major new feature, the ability to extract >>> embedded files from Microsoft Office documents. >>> :-) >>> >>> I think I'm going to have a rest now... >>> >> Poking another hole in the Microsoft armor was a big task. A well >> deserved rest it will be!! > > The use of OLE makes the creation of highly detailed documents far > easier and accurate. The scanning of said documents when emailed I > would assume to be a plus. However, if the scanning action breaks the > OLE bonds then then cure is far worst than the disease. MailScanner only scans a copy of the attachments to check their content. The original isn't harmed. > > I have been sending these type of documents to colleagues for years > without incident. A few years ago Symantec did categorize some of them > as a VIRUS; however, that was a false positive and they quickly revised > their definition files to reflect that. > > By the way, I usually send these files encrypted via PGP. How will/does > MailScanner work on that type of document? > > > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080408/4d0e7959/signature.bin From MailScanner at ecs.soton.ac.uk Tue Apr 8 17:52:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 17:53:16 2008 Subject: New server request In-Reply-To: <47FB8A95.2090408@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> <47FB7BD8.1030604@ecs.soton.ac.uk> <47FB8A95.2090408@pixelhammer.com> Message-ID: <47FBA2D5.4080309@ecs.soton.ac.uk> DAve wrote: > Julian Field wrote: >> You can delete the /root/.spamassassin/bayes_seen quite frequently >> too, it will speed things up too. > > bash-2.05b# ls -lah /opt/MailScanner/bayes/ > total 6082 > drwx------ 2 root wheel 512B Apr 8 11:05 . > drwxr-xr-x 8 root wheel 512B Mar 22 16:46 .. > -rw-rw---- 1 root wheel 1.7K Apr 8 11:05 bayes.mutex > -rw-rw---- 1 root wheel 91K Apr 8 11:06 bayes_journal > -rw-rw---- 1 root wheel 2.5M Apr 8 11:05 bayes_seen > -rw-rw---- 1 root wheel 4.9M Apr 8 11:05 bayes_toks > > It doesn't seem very large. I currently, and previously have, allowed > MS to expire/cleanup the bayes system. Never had an issue. Yes, that's nice and small. I've had mine blow up to hundreds of Mb and binding to it takes a while. I never unlearn a message so bayes_seen is pointless. > > DAve > >> >> Alex Neuman wrote: >>> Are you using SA with sa-compile'd rules? Local caching DNS? >>> /var/spool/Mailscanner/incoming and /root/.spamassassin mounted as >>> tmpfs? >>> >>> On Apr 8, 2008, at 8:42 AM, DAve wrote: >>>> Currently we get hit with 200k to 300k connections a day that hit >>>> an RBL. We see 15k to 25k pipeline attempts. We spam scan almost >>>> 50% of our mail and we Virus scan everything that comes in. We >>>> process 4gb of mail a day on two servers, total around 50k to 65k >>>> message we actually deliver. We process 16,908 whitelist and 14,348 >>>> blacklist entries from MailWatch. >>>> >>>> Mail delivery for our clients *INCLUDES* outbound scanning and >>>> filtering through my smtp servers (different hardware) and coming >>>> back in through my MailScanner servers. >>>> >>>> I can get that done in 5 minutes round trip time for a message. 90% >>>> of that time is spent in the MS server, queues, waiting for pickup, >>>> etc. I think that is pretty darned good. >>>> >>>> That is apparently not good enough. Every month or so I get told >>>> that mail delivery in incredibly slow and I need to look at the >>>> servers. I do, and every message I check takes around five minutes. >>>> >>>> I need a recommendation for the root'n toot'nist, rockem sockem, >>>> nuklear powered, rocket fuel fed servers money can buy. I want to >>>> push a batch of 30 messages through a full featured install of SA, >>>> Clamav, and local rulesets in less than 5 seconds. Tops. When my >>>> sales director hits send in his outlook, I want the message to >>>> deliver so fast his laptop jumps from his desk. >>>> >>>> I think I need striped SAS disks with 15k spindles, four CPUs, and >>>> 16gb of ram. I am open to realistic suggestions, though humor is >>>> still welcome. I intend to submit a quote this week. >>>> >>>> Thanks, >>>> >>>> DAve >>>> >>>> -- >>>> In 50 years, our descendants will look back on the early years >>>> of the internet, and much like we now look back on men with >>>> rockets on their back and feathers glued to their arms, marvel >>>> that we had the intelligence to wipe the drool from our chins. >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>> >> >> Jules >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 8 17:54:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 17:55:18 2008 Subject: MailScanner Digest, Vol 28, Issue 18 In-Reply-To: References: Message-ID: <47FBA363.5010100@ecs.soton.ac.uk> As your auto-responder is not set to ignore mailing list postings, and is replying to everything, I have had to suspend your mailing list membership. You can resume your normal mailing list activity when you return, or email me and I'll do it for you. Please use an auto-responder that is intelligent enough to ignore mailing lists. Heath Carson wrote: > I'll be out of the office until April 14th, please contact > support@agdog.com if it's an emergency. Thanks. > > -Heath > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dgottsc at emory.edu Tue Apr 8 18:01:08 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Tue Apr 8 18:01:48 2008 Subject: New server request In-Reply-To: <70F2D897-4E7F-4F59-B2AD-5C1F897C281C@nkpanama.com> References: <47FB765B.6030402@pixelhammer.com> <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> <47FB7BD8.1030604@ecs.soton.ac.uk> <70F2D897-4E7F-4F59-B2AD-5C1F897C281C@nkpanama.com> Message-ID: I don't see any reason why not. I just tested it on one of my MailScanner servers. David Gottschalk UTS Email Team david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: Tuesday, April 08, 2008 11:19 AM To: MailScanner discussion Subject: Re: New server request Can this by cronjobbed? On Apr 8, 2008, at 9:06 AM, Julian Field wrote: > You can delete the /root/.spamassassin/bayes_seen quite frequently > too, it will speed things up too. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From astephens at ptera.net Tue Apr 8 18:04:51 2008 From: astephens at ptera.net (Arthur Stephens) Date: Tue Apr 8 18:05:54 2008 Subject: user opt-out In-Reply-To: <47FA5A6D.5060909@ecs.soton.ac.uk> References: <47FA5227.60006@ptera.net> <47FA5A6D.5060909@ecs.soton.ac.uk> Message-ID: <47FBA5B3.9090601@ptera.net> Yes I have found that - but I could not find if that stops all processing including file names, file types, attachment checking, web bugs etc. Julian Field wrote: > Please read about rulesets in the documentation. There are many > explanations of it and many examples provided on the website, in the > wiki, in the mailing list archives and in the book. > > Arthur Stephens wrote: >> I am running Maillscanner 4.55.10-3 and PostFix 2.3.8-1.fc5 on Fedora >> Core 5 >> >> >> >> I get requests from our customers saying they do not want the >> mailscanner service. >> Is there some way to tell mailscanner to pass thru emails to certain >> destinations? >> -- >> Arthur Stephens >> Senior Sales Technician >> Ptera Wireless Internet Service >> PO Box 135 >> Liberty Lake, WA 99019 >> 509-927-7837 >> http://www.ptera.net > > Jules > -- Arthur Stephens Senior Sales Technician Ptera Wireless Internet Service PO Box 135 Liberty Lake, WA 99019 509-927-7837 http://www.ptera.net From ssilva at sgvwater.com Tue Apr 8 18:15:58 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 8 18:15:33 2008 Subject: MS hangs with strange clamav database (SOLVED) In-Reply-To: <47FA1852.6040906@gmail.com> References: <47FA0583.1060509@gmail.com> <223f97700804070454m89e2dc2s4e1079e19efef1f8@mail.gmail.com> <223f97700804070456j39092b34i93a4b07628ee041b@mail.gmail.com> <47FA1852.6040906@gmail.com> Message-ID: on 4-7-2008 5:49 AM Ronny T. Lampert spake the following: > > >> need look something like: > >> > >> Monitors for ClamAV Updates = /var/clamav/*.inc/* /var/clamav/*.?db > >> /var/clamav/*.cvd > > I completely seem to have forgotten about the incrementals... shame on me. > Don't know when that setting got wrong. But alas, I've changed it > because it really does look sensible. > > Thanks Glen! Make sure that it is the right directory for your system, as Julian's install package of clam seems to use the clamav default of /usr/local/share/clamav/ -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080408/3a9cef09/signature-0001.bin From MailScanner at ecs.soton.ac.uk Tue Apr 8 18:28:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 18:29:16 2008 Subject: New server request In-Reply-To: <70F2D897-4E7F-4F59-B2AD-5C1F897C281C@nkpanama.com> References: <47FB765B.6030402@pixelhammer.com> <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> <47FB7BD8.1030604@ecs.soton.ac.uk> <70F2D897-4E7F-4F59-B2AD-5C1F897C281C@nkpanama.com> Message-ID: <47FBAB36.5040208@ecs.soton.ac.uk> I don't see why not. Alex Neuman wrote: > Can this by cronjobbed? > > On Apr 8, 2008, at 9:06 AM, Julian Field wrote: >> You can delete the /root/.spamassassin/bayes_seen quite frequently >> too, it will speed things up too. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 8 18:29:42 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 18:29:59 2008 Subject: New server request In-Reply-To: <9283241.1441207668970459.JavaMail.root@office.splatnix.net> References: <9283241.1441207668970459.JavaMail.root@office.splatnix.net> Message-ID: <47FBAB86.3090608@ecs.soton.ac.uk> --[ UxBoD ]-- wrote: > Remove all checking ? ;) 5 mins for something that does not have a guaranteed (RFC) delivery time anyway is damn good! Yes you could put in a SAN/iSCSI but as already been said make sure loads of cache. Why not put the OS etc on SSDs ? Man, you could keep going all day and spend loads of dosh, but what great fun :D > > I would run numerous tests throughout different loads on the system to truly ascertain where the issue is. > Definitely. Work out exactly where to target the money. And in my view you'll get better value from 2 half-price servers than 1 very expensive one. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 8 18:35:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 18:35:35 2008 Subject: SA installer oddities: In-Reply-To: <47FB8D50.6080703@alexb.ch> References: <47FB8D50.6080703@alexb.ch> Message-ID: <47FBACD4.3020804@ecs.soton.ac.uk> Alex Broens wrote: > Jules > > Finsihed the install and BEFORE adding my own stuff to > /etc/mail/spamassassin I checked the *.pre files for redundant loads: > > init.pre > > includes: > > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > loadplugin Mail::SpamAssassin::Plugin::SPF > loadplugin Mail::SpamAssassin::Plugin::RelayCountry > loadplugin Mail::SpamAssassin::Plugin::Razor2 > > > v310.pre > > includes: > > loadplugin Mail::SpamAssassin::Plugin::RelayCountry > loadplugin Mail::SpamAssassin::Plugin::SPF > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > > > v320.pre > > includes: > > loadplugin Mail::SpamAssassin::Plugin::RelayCountry > loadplugin Mail::SpamAssassin::Plugin::SPF > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > loadplugin Mail::SpamAssassin::Plugin::Razor2 > > > > [13756] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry, already registered > [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, > already registered [13756] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL, already registered > > [13756] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry, already registered > [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, > already registered > [13756] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL, already registered > [13756] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2, already registered > > > seems to me there a lot of redundant stuff being loaded and reloaded > and reloaded - not sure at this point what you added and what's > default (need to take SA source apart and check) All this registering of plugins is done once when each MailScanner child starts up. It makes no difference to mail processing speed at all. > > May I suggest you don't modify the .pre files after install and point > admins to check the stuff being loaded in the 3 .pre files and enable > whatever specials they may need. > The standard enabled SA plugins will produce a decent working SA > withotu any pain. My ClamAV+SpamAssassin package automatically enables these plugins: Mail::SpamAssassin::Plugin::RelayCountry Mail::SpamAssassin::Plugin::SPF Mail::SpamAssassin::Plugin::URIDNSBL Mail::SpamAssassin::Plugin::Razor2 To make sure these get loaded regardless of what version of SpamAssassin you are using, it writes these into all of v320.pre, v310.pre and init.pre. Attempting to load them all 3 times probably adds a millisecond to the startup time of MailScanner, but I really don't care a hoot about that :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dominian at slackadelic.com Tue Apr 8 18:49:59 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Tue Apr 8 18:50:51 2008 Subject: New server request In-Reply-To: <47FB92ED.4040504@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> <47FB79A0.3030605@slackadelic.com> <47FB92ED.4040504@pixelhammer.com> Message-ID: <47FBB047.2050109@slackadelic.com> DAve wrote: > Matt Hayes wrote: >> DAve wrote: >>> I need a recommendation for the root'n toot'nist, rockem sockem, >>> nuklear powered, rocket fuel fed servers money can buy. I want to >>> push a batch of 30 messages through a full featured install of SA, >>> Clamav, and local rulesets in less than 5 seconds. Tops. When my >>> sales director hits send in his outlook, I want the message to >>> deliver so fast his laptop jumps from his desk. >>> >>> I think I need striped SAS disks with 15k spindles, four CPUs, and >>> 16gb of ram. I am open to realistic suggestions, though humor is >>> still welcome. I intend to submit a quote this week. >>> >>> Thanks, >>> >>> DAve >>> >> >> Lets put a quote in for a Cray.. however.. we'd have to talk the >> landlord into allowing us to take over the entire half of the second >> floor above us here at corporate :) >> >> -Matt > > I forget you read this list. You never saw this message, you know > nothing of a quote, you never saw me here. > > DAve > Who the hell are you? -Matt From mikes at hartwellcorp.com Tue Apr 8 19:08:19 2008 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Tue Apr 8 19:12:10 2008 Subject: Where to increase the RAZOR2_CF scores? Message-ID: <3BF93070B3D1B047BA7ABF612958950D02CF60C8@hcex.hartwellcorp.com> I was wondering how I would see all the rule names for Razor2 matches and which file would be the best place to add increased scores for them. Thanks. ;) From ssilva at sgvwater.com Tue Apr 8 19:12:36 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 8 19:13:27 2008 Subject: New server request In-Reply-To: <47FB92ED.4040504@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> <47FB79A0.3030605@slackadelic.com> <47FB92ED.4040504@pixelhammer.com> Message-ID: on 4-8-2008 8:44 AM DAve spake the following: > Matt Hayes wrote: >> DAve wrote: >>> I need a recommendation for the root'n toot'nist, rockem sockem, >>> nuklear powered, rocket fuel fed servers money can buy. I want to >>> push a batch of 30 messages through a full featured install of SA, >>> Clamav, and local rulesets in less than 5 seconds. Tops. When my >>> sales director hits send in his outlook, I want the message to >>> deliver so fast his laptop jumps from his desk. >>> >>> I think I need striped SAS disks with 15k spindles, four CPUs, and >>> 16gb of ram. I am open to realistic suggestions, though humor is >>> still welcome. I intend to submit a quote this week. >>> >>> Thanks, >>> >>> DAve >>> >> >> Lets put a quote in for a Cray.. however.. we'd have to talk the >> landlord into allowing us to take over the entire half of the second >> floor above us here at corporate :) >> >> -Matt > > I forget you read this list. You never saw this message, you know > nothing of a quote, you never saw me here. > Your Jedi e-mail admin powers don't work on this one! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080408/404e0984/signature.bin From MailScanner at ecs.soton.ac.uk Tue Apr 8 19:22:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 19:23:26 2008 Subject: SA/MS Installer dependencies In-Reply-To: <47FB924C.1020609@alexb.ch> References: <47FB5B1A.1090907@alexb.ch> <47FB6A3D.4010304@ecs.soton.ac.uk> <47FB7454.2090005@alexb.ch> <47FB79DE.7070907@ecs.soton.ac.uk> <47FB924C.1020609@alexb.ch> Message-ID: <47FBB7EE.3060805@ecs.soton.ac.uk> Alex Broens wrote: > On 4/8/2008 3:57 PM, Julian Field wrote: >> >> >> Alex Broens wrote: >>> On 4/8/2008 2:51 PM, Julian Field wrote: >>> >>> >>> Alex Broens wrote: >>> >> Jules, >>> >> - Seems SA dependencies are added by the MS installer. >>> >> why? >>> >> This breaks possible SA updates and forces the admin into setup >>> methods which *could* cause isssues in the future >>> >> >>> >> The one more noticeably missing are >>> >> >>> >> >>> >> REQUIRED module missing: HTML::Parser >>> >This is in both packages, as both of them need it. >>> > optional module missing: LWP::UserAgent (for sa-update) >>> > optional module missing: HTTP::Date (for sa-update) >>> > >>> > I came across this when I wanted to update an older MailScanner >>> box with the latest SA/Clam installer. >>> > >>> >> Could you please keep SA's dependencies in SA's installer and not >>> in MS's >>> >>> >What are you saying do you think is wrong? HTML::Parser is the only >>> >important one here, and is in both the MailScanner and ClamAV+SA >>> >distributions as both of them need it. >>> >>> I see them there... but as said. The installer borked with that msg. >>> >>> Thanks for (hopefully) adding the others required by sa-update: >>> >>> _______________________________ >>> NOTE: the optional LWP::UserAgent module is not installed. >>> NOTE: the optional HTTP::Date module is not installed. >>> >>> >>> The "sa-update" script requires this module to make HTTP >>> If-Modified-Since GET requests. >>> >>> optional module missing: HTTP::Date >> So what you would actually like me to do is add HTTP::Date to the >> SpamAssassin installation package? > > Yep, > AND: If you & other admins agree, LWP::UserAgent and its *immediate* > dependencies to be able to run sa-update out of the box. All done. I have added libnet and libwww-perl to the (long) list already there. They both appear to install unattended just fine, with the odd "-n" and "yes n" commands here and there :-) I have updated the copy of the ClamAV+SpamAssassin on the website. If you download it and get an old version, your web browser / proxy / cache is caching an out of date one somewhere, the version linked on the website is definitely the right version. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 8 19:36:05 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 19:36:24 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> <47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> <20080407060825.50bf671f@scorpio> Message-ID: <47FBBB15.1020007@ecs.soton.ac.uk> Scott Silva wrote: > on 4-7-2008 3:08 AM Gerard spake the following: >> On Sun, 06 Apr 2008 16:00:45 -0700 >> Scott Silva wrote: >> >>> on 4-6-2008 8:09 AM Julian Field spake the following: >>>> Ignore all previous requests for information. I've got enough of >>>> it, pretty much. >>>> The only thing I cannot handle is inserted OLE "Packages" that >>>> contain multiple files. If someone fancies creating one of those >>>> and sending it to me, I'll improve the Package parser to cope with >>>> it. >>>> >>>> But it now works with files inserted into Microsoft Office >>>> documents just fine. >>>> >>>> This will be in the next release. >>>> I guess it's a fairly major new feature, the ability to extract >>>> embedded files from Microsoft Office documents. >>>> :-) >>>> >>>> I think I'm going to have a rest now... >>>> >>> Poking another hole in the Microsoft armor was a big task. A well >>> deserved rest it will be!! >> >> The use of OLE makes the creation of highly detailed documents far >> easier and accurate. The scanning of said documents when emailed I >> would assume to be a plus. However, if the scanning action breaks the >> OLE bonds then then cure is far worst than the disease. > MailScanner only scans a copy of the attachments to check their > content. The original isn't harmed. He didn't really think that did he? How stoopid do people think I am? :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Neal at Morgan-Systems.com Tue Apr 8 19:47:26 2008 From: Neal at Morgan-Systems.com (Neal Morgan) Date: Tue Apr 8 19:48:36 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: <7D1CC61717004141A57CA6CA1C8087EC18A2E9@server-16.MorganSys.net> > I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb > of ram. I am open to realistic suggestions, though humor is still > welcome. I intend to submit a quote this week. > > Thanks, > > Dave Dave: If you're open to a suggestion different than one or two high powered servers: we use several virtual machines as "border servers". These handle just the inbound messages. Bots and bad guys seem to prefer to work through the MX records in reverse order, so we make the first MX record point to physical hardware and the latter MX records point to the virts. We're also using RBL at the MTA, graylisting, and local caching DNS. Our users connect to a server that is NOT in the MX list. The border servers relay only the accepted inbound messages to this guy - so its workload is substantially reduced. With things spread across multiple servers, most of our batches during the day are under ten messages - the longest one I've seen today was 76 seconds. Most batches are processed in 10 seconds or less. We've used both MS Virtual Server and VMWare for these. Both work OK - though VMWare seems better. So my suggestion is you consider spending your hardware budget on one or two Virt servers and spread the workload a bit. All the best, Neal Morgan From MailScanner at ecs.soton.ac.uk Tue Apr 8 19:57:11 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 19:58:01 2008 Subject: user opt-out In-Reply-To: <47FBA5B3.9090601@ptera.net> References: <47FA5227.60006@ptera.net> <47FA5A6D.5060909@ecs.soton.ac.uk> <47FBA5B3.9090601@ptera.net> Message-ID: <47FBC007.3030900@ecs.soton.ac.uk> Just about every configuration setting can have its own ruleset, and all of these can be different if you want, or the same, or any combination you choose. However, some are "big switches" that control whole chunks of the process, such as "Virus Scanning", "Dangerous Content Scanning" and "Spam Checks". The biggest switch of them all is "Scan Messages" which is probably the one you're looking for. Jules. Arthur Stephens wrote: > Yes I have found that - but I could not find if that stops all > processing including file names, file types, attachment checking, web > bugs etc. > > Julian Field wrote: >> Please read about rulesets in the documentation. There are many >> explanations of it and many examples provided on the website, in the >> wiki, in the mailing list archives and in the book. >> >> Arthur Stephens wrote: >>> I am running Maillscanner 4.55.10-3 and PostFix 2.3.8-1.fc5 on >>> Fedora Core 5 >>> >>> >>> >>> I get requests from our customers saying they do not want the >>> mailscanner service. >>> Is there some way to tell mailscanner to pass thru emails to certain >>> destinations? >>> -- >>> Arthur Stephens >>> Senior Sales Technician >>> Ptera Wireless Internet Service >>> PO Box 135 >>> Liberty Lake, WA 99019 >>> 509-927-7837 >>> http://www.ptera.net >> >> Jules >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.frovarp at sendit.nodak.edu Tue Apr 8 20:11:44 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Apr 8 20:12:19 2008 Subject: New server request In-Reply-To: <47FB9540.7090004@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> <47FB8081.4090208@sendit.nodak.edu> <47FB9540.7090004@pixelhammer.com> Message-ID: <47FBC370.4090906@sendit.nodak.edu> DAve wrote: > Richard Frovarp wrote: >> DAve wrote: >>> Currently we get hit with 200k to 300k connections a day that hit an >>> RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of >>> our mail and we Virus scan everything that comes in. We process 4gb >>> of mail a day on two servers, total around 50k to 65k message we >>> actually deliver. We process 16,908 whitelist and 14,348 blacklist >>> entries from MailWatch. >>> >>> Mail delivery for our clients *INCLUDES* outbound scanning and >>> filtering through my smtp servers (different hardware) and coming >>> back in through my MailScanner servers. >>> >>> I can get that done in 5 minutes round trip time for a message. 90% >>> of that time is spent in the MS server, queues, waiting for pickup, >>> etc. I think that is pretty darned good. >>> >>> That is apparently not good enough. Every month or so I get told >>> that mail delivery in incredibly slow and I need to look at the >>> servers. I do, and every message I check takes around five minutes. >>> >>> I need a recommendation for the root'n toot'nist, rockem sockem, >>> nuklear powered, rocket fuel fed servers money can buy. I want to >>> push a batch of 30 messages through a full featured install of SA, >>> Clamav, and local rulesets in less than 5 seconds. Tops. When my >>> sales director hits send in his outlook, I want the message to >>> deliver so fast his laptop jumps from his desk. >>> >>> I think I need striped SAS disks with 15k spindles, four CPUs, and >>> 16gb of ram. I am open to realistic suggestions, though humor is >>> still welcome. I intend to submit a quote this week. >>> >>> Thanks, >>> >>> DAve >>> >> >> I've got an old 2.66 GHz dual Xeon with 2 GB of RAM that pushes >> through mail relatively well. Standard RAID 1 SCSI disks. Right now >> it's doing batches of 2 in about 15 seconds. It handles about 4 GB of >> of traffic and scans about 46 K a day. I would expect a dual quad >> core with the requisite amount of RAM would be plenty. Network tests >> take a while anyway, and there isn't much you can do to speed that >> up. I am running greylist, greet pause, valid user lookup, and >> blacklists in sendmail to reduce the load. I also have two other >> machines that see similar load. >> > > Not much different that the servers we currently run. We do not run > RAID at the moment. Except I have two servers were you have one. > Batches of 2 take about 6 seconds, in the evening. During peak hours I > get batches of 10 that require anywhere from 60 to 190 seconds. I can > go from 7 messages waiting to 300 messages waiting in the blink of an > eye. Though left to it's own, MS will chew through them just fine. > > We also run greylisting (with client's whitelisted), greetpause (with > our own network whitelisted), RBL (in MTA), caching DNS, and > milter-ahead to the pop toasters. > > DAve > > Actually I have 3 public facing and 1 internal MailScanner boxes. Lower your batch sizes. How many of those 300 are really waiting? If you are doing batches of max of 10 with 10 children, that's 100 messages being processed at the moment. If you have max batch sizes of 30, that's all 300 being processed. Assuming that other aspects aren't affecting load, the batch performance would seem to be better with smaller numbers of messages. You may want to try lowering the batch sizes. Sometimes less is more. From root at doctor.nl2k.ab.ca Tue Apr 8 20:17:28 2008 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Apr 8 20:21:34 2008 Subject: A couple of notes In-Reply-To: <47FB8734.5050002@ecs.soton.ac.uk> References: <20080408135755.GA17313@doctor.nl2k.ab.ca> <47FB8734.5050002@ecs.soton.ac.uk> Message-ID: <20080408191728.GA23795@doctor.nl2k.ab.ca> On Tue, Apr 08, 2008 at 03:54:44PM +0100, Julian Field wrote: > > > Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem > wrote: >> 1) http://www.nk.ca/blog . This is spam and phish section for your research. >> >> 2) The latest beta sent my CPUs up the wall. What did you do Julian? >> > What has changed in your system performance? It should only affect messages > with Office documents embedded in them. Was the change in the last beta, or > was the previous stable the same as the new beta? > Stable to beta. > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Apr 8 20:23:48 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 8 20:24:46 2008 Subject: New server request In-Reply-To: <47FB765B.6030402@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> Message-ID: on 4-8-2008 6:42 AM DAve spake the following: > Currently we get hit with 200k to 300k connections a day that hit an > RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of our > mail and we Virus scan everything that comes in. We process 4gb of mail > a day on two servers, total around 50k to 65k message we actually > deliver. We process 16,908 whitelist and 14,348 blacklist entries from > MailWatch. > > Mail delivery for our clients *INCLUDES* outbound scanning and filtering > through my smtp servers (different hardware) and coming back in through > my MailScanner servers. > > I can get that done in 5 minutes round trip time for a message. 90% of > that time is spent in the MS server, queues, waiting for pickup, etc. I > think that is pretty darned good. > > That is apparently not good enough. Every month or so I get told that > mail delivery in incredibly slow and I need to look at the servers. I > do, and every message I check takes around five minutes. > Tell them to use the fax machine. Point to point delivery, and fairly reliable technology! ;-P I spend lots of time telling clueless upperlings the basics of how e-mail works. They may be wiz-bang at running multi-million dollar corporations, but technology is not their strong point. I tell them that is what they pay me for, so they don't have to know everything. But 5 minutes round trip is extremely good for your volume. Most MUA's don't even check that often. My bosses are very happy with 15 minutes, and usually only complain if they get timeouts. But if the complaints will get an increase in your hardware budget, then go for it. It won't make it slower. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080408/cbbf63ae/signature.bin From uxbod at splatnix.net Tue Apr 8 20:27:19 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Apr 8 20:28:09 2008 Subject: New server request In-Reply-To: <47FBAB86.3090608@ecs.soton.ac.uk> Message-ID: <11083949.1471207682839291.JavaMail.root@office.splatnix.net> plus removing a single point of failure. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Julian Field" wrote: --[ UxBoD ]-- wrote: > Remove all checking ? ;) 5 mins for something that does not have a guaranteed (RFC) delivery time anyway is damn good! Yes you could put in a SAN/iSCSI but as already been said make sure loads of cache. Why not put the OS etc on SSDs ? Man, you could keep going all day and spend loads of dosh, but what great fun :D > > I would run numerous tests throughout different loads on the system to truly ascertain where the issue is. > Definitely. Work out exactly where to target the money. And in my view you'll get better value from 2 half-price servers than 1 very expensive one. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 8 20:28:20 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 8 20:28:56 2008 Subject: MS hangs with strange clamav database (SOLVED) In-Reply-To: References: <47FA0583.1060509@gmail.com> <223f97700804070454m89e2dc2s4e1079e19efef1f8@mail.gmail.com> <223f97700804070456j39092b34i93a4b07628ee041b@mail.gmail.com> <47FA1852.6040906@gmail.com> Message-ID: <223f97700804081228j25a0a3cbt77129880b03010a9@mail.gmail.com> On 08/04/2008, Scott Silva wrote: > on 4-7-2008 5:49 AM Ronny T. Lampert spake the following: > > > > > >> need look something like: > > >> > > >> Monitors for ClamAV Updates = /var/clamav/*.inc/* /var/clamav/*.?db > > >> /var/clamav/*.cvd > > > > I completely seem to have forgotten about the incrementals... shame on me. > > Don't know when that setting got wrong. But alas, I've changed it > > because it really does look sensible. > > > > Thanks Glen! > > > Make sure that it is the right directory for your system, as Julian's > install package of clam seems to use the clamav default of > /usr/local/share/clamav/ Yeah... I modified mine (which is set for the default) to work with what Ronny showed us;)... but a very valid point. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Tue Apr 8 20:56:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 8 20:57:58 2008 Subject: Where to increase the RAZOR2_CF scores? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D02CF60C8@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D02CF60C8@hcex.hartwellcorp.com> Message-ID: on 4-8-2008 11:08 AM Michael St. Laurent spake the following: > I was wondering how I would see all the rule names for Razor2 matches > and which file would be the best place to add increased scores for them. > > Thanks. ;) http://spamassassin.apache.org/tests.html Look at the link for your version and you will see all the rules that are included. You can just add lines in your spam.assassin.prefs.conf for each one you want to modify in the form score -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080408/68207403/signature.bin From alex at nkpanama.com Tue Apr 8 21:11:15 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 21:12:37 2008 Subject: New server request In-Reply-To: References: <47FB765B.6030402@pixelhammer.com> <67E30A7B-ACBA-4158-A266-F3D8950992F8@nkpanama.com> <47FB7BD8.1030604@ecs.soton.ac.uk> <70F2D897-4E7F-4F59-B2AD-5C1F897C281C@nkpanama.com> Message-ID: <2E72D2BD-44D2-4C50-9263-28B350AC546E@nkpanama.com> Perhaps another one for the wiki? On Apr 8, 2008, at 12:01 PM, Gottschalk, David wrote: > I don't see any reason why not. > > I just tested it on one of my MailScanner servers. > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info > ] On Behalf Of Alex Neuman > Sent: Tuesday, April 08, 2008 11:19 AM > To: MailScanner discussion > Subject: Re: New server request > > Can this by cronjobbed? > From mikes at hartwellcorp.com Tue Apr 8 21:12:41 2008 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Tue Apr 8 21:13:26 2008 Subject: Where to increase the RAZOR2_CF scores? Message-ID: <3BF93070B3D1B047BA7ABF612958950D02CF60C9@hcex.hartwellcorp.com> I was wondering how I would see all the rule names for Razor2 matches and which file would be the best place to add increased scores for them. Thanks. ;) From alex at nkpanama.com Tue Apr 8 21:12:54 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 21:14:44 2008 Subject: New server request In-Reply-To: References: <47FB765B.6030402@pixelhammer.com> <47FB79A0.3030605@slackadelic.com> <47FB92ED.4040504@pixelhammer.com> Message-ID: <6AD517C7-93DA-4309-BF01-C2A9B7AD7E88@nkpanama.com> He must be a toydarian! Only credits work on him! On Apr 8, 2008, at 1:12 PM, Scott Silva wrote: > Your Jedi e-mail admin powers don't work on this one! From alex at nkpanama.com Tue Apr 8 21:12:29 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Apr 8 21:14:47 2008 Subject: New server request In-Reply-To: <47FBB047.2050109@slackadelic.com> References: <47FB765B.6030402@pixelhammer.com> <47FB79A0.3030605@slackadelic.com> <47FB92ED.4040504@pixelhammer.com> <47FBB047.2050109@slackadelic.com> Message-ID: <8659132F-F9B3-4587-8E0E-A0A902AD091E@nkpanama.com> These are *not* the mailing list messages you're looking for. You do not need to see the headers. You will pass the message on to the next hop untouched. On Apr 8, 2008, at 12:49 PM, Matt Hayes wrote: >> I forget you read this list. You never saw this message, you know >> nothing of a quote, you never saw me here. >> DAve > > Who the hell are you? > > -Matt From jaearick at colby.edu Tue Apr 8 21:14:14 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Apr 8 21:14:48 2008 Subject: speed change between 4.67.6 and 4.68.8? Message-ID: Julian, Has something changed between these two versions to signifcantly slow down MailScanner? I have been doing email tests with an "emergency broadcast" company, to send mass emails to all of our community (think Virginia Tech). The test I ran on Apr 8 used 4.67.6 and the test I ran on Apr 7 used 4.68.8, see attached files. The 4.68.8 thruput clearly took longer per batch. I have also noticed that the overall load on my system no longer jumps way up with 4.68.8 when I have a big slug of inbound email to process (unlike 4.67.6). While lower loads are good, version 4.68.8 seems to be "loafing" on big inputs, while 4.67.6 puts the CPUs to use and gets busy chewing thru the input queue. I don't mean to throw rocks, but something doesn't seem right with 4.68.8, IMHO. Anybody else noticed this behavior? My setup: Solaris 10, SA 3.2.4, DCC 1.3.78, razor, caching DNS on the server. Running on a Sparc V490, 4 CPUs, max children = 20. Jeff Earickson Colby College -------------- next part -------------- Apr 8 13:30:26 jasper MailScanner[6198]: [ID 702911 mail.info] Batch (30 messages) processed in 172.91 seconds Apr 8 13:30:27 jasper MailScanner[6013]: [ID 702911 mail.info] Batch (30 messages) processed in 172.84 seconds Apr 8 13:30:33 jasper MailScanner[6488]: [ID 702911 mail.info] Batch (30 messages) processed in 179.83 seconds Apr 8 13:30:38 jasper MailScanner[6808]: [ID 702911 mail.info] Batch (30 messages) processed in 182.02 seconds Apr 8 13:30:47 jasper MailScanner[6420]: [ID 702911 mail.info] Batch (30 messages) processed in 155.68 seconds Apr 8 13:30:55 jasper MailScanner[5930]: [ID 702911 mail.info] Batch (30 messages) processed in 166.43 seconds Apr 8 13:31:06 jasper MailScanner[9110]: [ID 702911 mail.info] Batch (30 messages) processed in 178.72 seconds Apr 8 13:31:37 jasper MailScanner[6450]: [ID 702911 mail.info] Batch (30 messages) processed in 182.87 seconds Apr 8 13:31:47 jasper MailScanner[6078]: [ID 702911 mail.info] Batch (30 messages) processed in 170.40 seconds Apr 8 13:31:51 jasper MailScanner[6159]: [ID 702911 mail.info] Batch (30 messages) processed in 196.27 seconds Apr 8 13:31:58 jasper MailScanner[5957]: [ID 702911 mail.info] Batch (30 messages) processed in 201.71 seconds Apr 8 13:32:00 jasper MailScanner[7164]: [ID 702911 mail.info] Batch (30 messages) processed in 227.63 seconds Apr 8 13:32:05 jasper MailScanner[6117]: [ID 702911 mail.info] Batch (30 messages) processed in 198.26 seconds Apr 8 13:32:12 jasper MailScanner[6092]: [ID 702911 mail.info] Batch (30 messages) processed in 237.58 seconds Apr 8 13:32:15 jasper MailScanner[6226]: [ID 702911 mail.info] Batch (30 messages) processed in 246.03 seconds Apr 8 13:32:39 jasper MailScanner[7850]: [ID 702911 mail.info] Batch (30 messages) processed in 239.06 seconds Apr 8 13:33:08 jasper MailScanner[9910]: [ID 702911 mail.info] Batch (30 messages) processed in 211.98 seconds Apr 8 13:33:17 jasper MailScanner[8355]: [ID 702911 mail.info] Batch (30 messages) processed in 223.31 seconds Apr 8 13:33:21 jasper MailScanner[6013]: [ID 702911 mail.info] Batch (30 messages) processed in 168.87 seconds Apr 8 13:33:37 jasper MailScanner[6198]: [ID 702911 mail.info] Batch (30 messages) processed in 185.15 seconds Apr 8 13:34:00 jasper MailScanner[8604]: [ID 702911 mail.info] Batch (30 messages) processed in 177.44 seconds Apr 8 13:34:04 jasper MailScanner[6808]: [ID 702911 mail.info] Batch (30 messages) processed in 201.16 seconds Apr 8 13:34:12 jasper MailScanner[6420]: [ID 702911 mail.info] Batch (30 messages) processed in 201.36 seconds Apr 8 13:34:17 jasper MailScanner[9110]: [ID 702911 mail.info] Batch (30 messages) processed in 186.50 seconds Apr 8 13:34:32 jasper MailScanner[6488]: [ID 702911 mail.info] Batch (30 messages) processed in 235.57 seconds Apr 8 13:34:38 jasper MailScanner[6543]: [ID 702911 mail.info] Batch (30 messages) processed in 230.90 seconds Apr 8 13:34:47 jasper MailScanner[5930]: [ID 702911 mail.info] Batch (30 messages) processed in 228.57 seconds Apr 8 13:34:58 jasper MailScanner[5957]: [ID 702911 mail.info] Batch (30 messages) processed in 176.29 seconds Apr 8 13:35:13 jasper MailScanner[6159]: [ID 702911 mail.info] Batch (30 messages) processed in 198.02 seconds Apr 8 13:35:20 jasper MailScanner[7164]: [ID 702911 mail.info] Batch (30 messages) processed in 197.09 seconds Apr 8 13:35:25 jasper MailScanner[6092]: [ID 702911 mail.info] Batch (30 messages) processed in 189.04 seconds Apr 8 13:35:31 jasper MailScanner[6117]: [ID 702911 mail.info] Batch (30 messages) processed in 202.47 seconds Apr 8 13:35:33 jasper MailScanner[6450]: [ID 702911 mail.info] Batch (30 messages) processed in 231.71 seconds Apr 8 13:35:40 jasper MailScanner[6078]: [ID 702911 mail.info] Batch (30 messages) processed in 230.60 seconds Apr 8 13:35:50 jasper MailScanner[7850]: [ID 702911 mail.info] Batch (30 messages) processed in 186.84 seconds Apr 8 13:36:04 jasper MailScanner[6226]: [ID 702911 mail.info] Batch (30 messages) processed in 225.05 seconds Apr 8 13:36:20 jasper MailScanner[9910]: [ID 702911 mail.info] Batch (30 messages) processed in 188.94 seconds Apr 8 13:36:26 jasper MailScanner[8355]: [ID 702911 mail.info] Batch (30 messages) processed in 186.42 seconds Apr 8 13:36:43 jasper MailScanner[6013]: [ID 702911 mail.info] Batch (30 messages) processed in 199.50 seconds Apr 8 13:36:54 jasper MailScanner[6198]: [ID 702911 mail.info] Batch (30 messages) processed in 193.67 seconds Apr 8 13:37:22 jasper MailScanner[8604]: [ID 702911 mail.info] Batch (30 messages) processed in 199.09 seconds Apr 8 13:37:29 jasper MailScanner[6808]: [ID 702911 mail.info] Batch (30 messages) processed in 201.50 seconds Apr 8 13:37:37 jasper MailScanner[9110]: [ID 702911 mail.info] Batch (30 messages) processed in 195.75 seconds Apr 8 13:37:41 jasper MailScanner[6488]: [ID 702911 mail.info] Batch (30 messages) processed in 186.63 seconds Apr 8 13:38:03 jasper MailScanner[6420]: [ID 702911 mail.info] Batch (30 messages) processed in 226.99 seconds Apr 8 13:38:10 jasper MailScanner[5930]: [ID 702911 mail.info] Batch (30 messages) processed in 197.36 seconds Apr 8 13:38:16 jasper MailScanner[7164]: [ID 702911 mail.info] Batch (30 messages) processed in 172.05 seconds Apr 8 13:38:20 jasper MailScanner[6543]: [ID 702911 mail.info] Batch (30 messages) processed in 218.76 seconds Apr 8 13:38:24 jasper MailScanner[6092]: [ID 702911 mail.info] Batch (30 messages) processed in 175.31 seconds Apr 8 13:38:29 jasper MailScanner[5957]: [ID 702911 mail.info] Batch (30 messages) processed in 207.13 seconds Apr 8 13:38:45 jasper MailScanner[6159]: [ID 702911 mail.info] Batch (30 messages) processed in 209.03 seconds Apr 8 13:39:07 jasper MailScanner[6117]: [ID 702911 mail.info] Batch (30 messages) processed in 212.38 seconds Apr 8 13:39:13 jasper MailScanner[6450]: [ID 702911 mail.info] Batch (30 messages) processed in 216.94 seconds Apr 8 13:39:18 jasper MailScanner[9910]: [ID 702911 mail.info] Batch (30 messages) processed in 173.70 seconds Apr 8 13:39:25 jasper MailScanner[6078]: [ID 702911 mail.info] Batch (30 messages) processed in 219.48 seconds Apr 8 13:39:28 jasper MailScanner[7850]: [ID 702911 mail.info] Batch (30 messages) processed in 214.33 seconds Apr 8 13:39:58 jasper MailScanner[8355]: [ID 702911 mail.info] Batch (30 messages) processed in 208.26 seconds Apr 8 13:40:13 jasper MailScanner[6198]: [ID 702911 mail.info] Batch (30 messages) processed in 194.37 seconds Apr 8 13:40:21 jasper MailScanner[6226]: [ID 702911 mail.info] Batch (30 messages) processed in 252.81 seconds Apr 8 13:40:21 jasper MailScanner[9910]: [ID 702911 mail.info] Batch (30 messages) processed in 58.18 seconds Apr 8 13:40:25 jasper MailScanner[6013]: [ID 702911 mail.info] Batch (30 messages) processed in 216.76 seconds Apr 8 13:40:50 jasper MailScanner[6488]: [ID 702911 mail.info] Batch (30 messages) processed in 182.70 seconds Apr 8 13:41:17 jasper MailScanner[6808]: [ID 702911 mail.info] Batch (30 messages) processed in 224.94 seconds Apr 8 13:41:21 jasper MailScanner[9110]: [ID 702911 mail.info] Batch (30 messages) processed in 219.85 seconds Apr 8 13:41:26 jasper MailScanner[5930]: [ID 702911 mail.info] Batch (30 messages) processed in 190.86 seconds Apr 8 13:41:37 jasper MailScanner[6543]: [ID 702911 mail.info] Batch (30 messages) processed in 192.91 seconds Apr 8 13:41:54 jasper MailScanner[7164]: [ID 702911 mail.info] Batch (30 messages) processed in 214.74 seconds Apr 8 13:41:57 jasper MailScanner[6092]: [ID 702911 mail.info] Batch (30 messages) processed in 208.97 seconds Apr 8 13:42:03 jasper MailScanner[5957]: [ID 702911 mail.info] Batch (30 messages) processed in 208.24 seconds Apr 8 13:42:09 jasper MailScanner[8604]: [ID 702911 mail.info] Batch (30 messages) processed in 283.57 seconds Apr 8 13:42:10 jasper MailScanner[6450]: [ID 702911 mail.info] Batch (30 messages) processed in 172.93 seconds Apr 8 13:42:16 jasper MailScanner[6159]: [ID 702911 mail.info] Batch (30 messages) processed in 206.75 seconds Apr 8 13:42:21 jasper MailScanner[6117]: [ID 702911 mail.info] Batch (30 messages) processed in 190.24 seconds Apr 8 13:42:23 jasper MailScanner[6420]: [ID 702911 mail.info] Batch (30 messages) processed in 255.94 seconds Apr 8 13:42:27 jasper MailScanner[8355]: [ID 702911 mail.info] Batch (30 messages) processed in 141.77 seconds Apr 8 13:42:32 jasper MailScanner[7850]: [ID 702911 mail.info] Batch (30 messages) processed in 175.86 seconds Apr 8 13:42:37 jasper MailScanner[6078]: [ID 702911 mail.info] Batch (30 messages) processed in 185.75 seconds Apr 8 13:43:15 jasper MailScanner[6198]: [ID 702911 mail.info] Batch (30 messages) processed in 176.80 seconds Apr 8 13:43:21 jasper MailScanner[9910]: [ID 702911 mail.info] Batch (30 messages) processed in 175.92 seconds Apr 8 13:43:28 jasper MailScanner[6013]: [ID 702911 mail.info] Batch (30 messages) processed in 179.02 seconds Apr 8 13:43:43 jasper MailScanner[6226]: [ID 702911 mail.info] Batch (30 messages) processed in 197.44 seconds Apr 8 13:44:05 jasper MailScanner[6488]: [ID 702911 mail.info] Batch (30 messages) processed in 187.31 seconds Apr 8 13:44:39 jasper MailScanner[5930]: [ID 702911 mail.info] Batch (30 messages) processed in 189.31 seconds Apr 8 13:44:44 jasper MailScanner[6808]: [ID 702911 mail.info] Batch (30 messages) processed in 201.34 seconds Apr 8 13:44:50 jasper MailScanner[9110]: [ID 702911 mail.info] Batch (30 messages) processed in 205.24 seconds Apr 8 13:44:58 jasper MailScanner[5957]: [ID 702911 mail.info] Batch (30 messages) processed in 169.77 seconds Apr 8 13:45:06 jasper MailScanner[6543]: [ID 702911 mail.info] Batch (30 messages) processed in 204.40 seconds Apr 8 13:45:17 jasper MailScanner[6078]: [ID 702911 mail.info] Batch (30 messages) processed in 156.63 seconds Apr 8 13:45:24 jasper MailScanner[6159]: [ID 702911 mail.info] Batch (30 messages) processed in 184.38 seconds Apr 8 13:45:28 jasper MailScanner[7850]: [ID 702911 mail.info] Batch (30 messages) processed in 171.89 seconds Apr 8 13:45:32 jasper MailScanner[6092]: [ID 702911 mail.info] Batch (30 messages) processed in 209.60 seconds Apr 8 13:45:38 jasper MailScanner[8604]: [ID 702911 mail.info] Batch (30 messages) processed in 201.65 seconds Apr 8 13:45:41 jasper MailScanner[6450]: [ID 702911 mail.info] Batch (30 messages) processed in 204.05 seconds Apr 8 13:45:46 jasper MailScanner[8355]: [ID 702911 mail.info] Batch (30 messages) processed in 192.59 seconds Apr 8 13:45:51 jasper MailScanner[6117]: [ID 702911 mail.info] Batch (30 messages) processed in 202.72 seconds Apr 8 13:45:55 jasper MailScanner[6420]: [ID 702911 mail.info] Batch (30 messages) processed in 203.84 seconds Apr 8 13:46:37 jasper MailScanner[7164]: [ID 702911 mail.info] Batch (30 messages) processed in 277.72 seconds Apr 8 13:46:50 jasper MailScanner[6013]: [ID 702911 mail.info] Batch (30 messages) processed in 197.08 seconds Apr 8 13:47:08 jasper MailScanner[6198]: [ID 702911 mail.info] Batch (30 messages) processed in 230.04 seconds Apr 8 13:47:18 jasper MailScanner[9910]: [ID 702911 mail.info] Batch (30 messages) processed in 232.60 seconds Apr 8 13:47:21 jasper MailScanner[6488]: [ID 702911 mail.info] Batch (30 messages) processed in 190.34 seconds Apr 8 13:47:57 jasper MailScanner[6808]: [ID 702911 mail.info] Batch (30 messages) processed in 188.34 seconds Apr 8 13:48:24 jasper MailScanner[6226]: [ID 702911 mail.info] Batch (30 messages) processed in 275.83 seconds Apr 8 13:48:33 jasper MailScanner[5957]: [ID 702911 mail.info] Batch (30 messages) processed in 209.00 seconds Apr 8 13:48:46 jasper MailScanner[6543]: [ID 702911 mail.info] Batch (30 messages) processed in 212.93 seconds Apr 8 13:49:03 jasper MailScanner[5930]: [ID 702911 mail.info] Batch (30 messages) processed in 259.13 seconds Apr 8 13:51:26 jasper MailScanner[6488]: [ID 702911 mail.info] Batch (30 messages) processed in 63.42 seconds Apr 8 13:51:28 jasper MailScanner[6198]: [ID 702911 mail.info] Batch (30 messages) processed in 64.47 seconds Apr 8 13:51:29 jasper MailScanner[6117]: [ID 702911 mail.info] Batch (30 messages) processed in 57.34 seconds Apr 8 13:51:34 jasper MailScanner[7164]: [ID 702911 mail.info] Batch (30 messages) processed in 57.13 seconds Apr 8 13:51:38 jasper MailScanner[7850]: [ID 702911 mail.info] Batch (30 messages) processed in 66.16 seconds Apr 8 13:52:04 jasper MailScanner[5957]: [ID 702911 mail.info] Batch (30 messages) processed in 97.04 seconds Apr 8 13:52:07 jasper MailScanner[8604]: [ID 702911 mail.info] Batch (30 messages) processed in 95.16 seconds -------------- next part -------------- Apr 7 15:29:03 jasper MailScanner[14884]: [ID 702911 mail.info] Batch (30 messages) processed in 406.26 seconds Apr 7 15:29:46 jasper MailScanner[18716]: [ID 702911 mail.info] Batch (30 messages) processed in 498.18 seconds Apr 7 15:30:12 jasper MailScanner[21939]: [ID 702911 mail.info] Batch (30 messages) processed in 432.05 seconds Apr 7 15:30:16 jasper MailScanner[21522]: [ID 702911 mail.info] Batch (30 messages) processed in 438.40 seconds Apr 7 15:30:59 jasper MailScanner[18363]: [ID 702911 mail.info] Batch (30 messages) processed in 477.96 seconds Apr 7 15:31:04 jasper MailScanner[16649]: [ID 702911 mail.info] Batch (30 messages) processed in 517.89 seconds Apr 7 15:31:08 jasper MailScanner[19345]: [ID 702911 mail.info] Batch (30 messages) processed in 480.50 seconds Apr 7 15:31:40 jasper MailScanner[19568]: [ID 702911 mail.info] Batch (30 messages) processed in 501.01 seconds Apr 7 15:32:18 jasper MailScanner[22511]: [ID 702911 mail.info] Batch (30 messages) processed in 515.79 seconds Apr 7 15:32:34 jasper MailScanner[18589]: [ID 702911 mail.info] Batch (30 messages) processed in 531.86 seconds Apr 7 15:33:03 jasper MailScanner[21787]: [ID 702911 mail.info] Batch (30 messages) processed in 525.57 seconds Apr 7 15:33:10 jasper MailScanner[20718]: [ID 702911 mail.info] Batch (30 messages) processed in 553.90 seconds Apr 7 15:34:04 jasper MailScanner[22123]: [ID 702911 mail.info] Batch (30 messages) processed in 583.01 seconds Apr 7 15:34:14 jasper MailScanner[21719]: [ID 702911 mail.info] Batch (30 messages) processed in 501.81 seconds Apr 7 15:34:21 jasper MailScanner[21017]: [ID 702911 mail.info] Batch (30 messages) processed in 420.41 seconds Apr 7 15:34:27 jasper MailScanner[19174]: [ID 702911 mail.info] Batch (30 messages) processed in 551.79 seconds Apr 7 15:34:46 jasper MailScanner[24091]: [ID 702911 mail.info] Batch (30 messages) processed in 492.34 seconds Apr 7 15:34:51 jasper MailScanner[21867]: [ID 702911 mail.info] Batch (30 messages) processed in 478.46 seconds Apr 7 15:35:01 jasper MailScanner[13010]: [ID 702911 mail.info] Batch (30 messages) processed in 522.01 seconds Apr 7 15:35:30 jasper MailScanner[14884]: [ID 702911 mail.info] Batch (30 messages) processed in 379.40 seconds Apr 7 15:35:36 jasper MailScanner[21634]: [ID 702911 mail.info] Batch (30 messages) processed in 421.56 seconds Apr 7 15:37:59 jasper MailScanner[16649]: [ID 702911 mail.info] Batch (30 messages) processed in 410.52 seconds Apr 7 15:38:01 jasper MailScanner[18716]: [ID 702911 mail.info] Batch (30 messages) processed in 485.48 seconds Apr 7 15:38:10 jasper MailScanner[21522]: [ID 702911 mail.info] Batch (30 messages) processed in 468.35 seconds Apr 7 15:38:25 jasper MailScanner[19345]: [ID 702911 mail.info] Batch (30 messages) processed in 429.24 seconds Apr 7 15:38:41 jasper MailScanner[18363]: [ID 702911 mail.info] Batch (30 messages) processed in 454.86 seconds Apr 7 15:38:53 jasper MailScanner[21787]: [ID 702911 mail.info] Batch (30 messages) processed in 342.04 seconds Apr 7 15:39:19 jasper MailScanner[21939]: [ID 702911 mail.info] Batch (30 messages) processed in 542.59 seconds Apr 7 15:39:37 jasper MailScanner[20718]: [ID 702911 mail.info] Batch (30 messages) processed in 379.76 seconds Apr 7 15:40:02 jasper MailScanner[18589]: [ID 702911 mail.info] Batch (30 messages) processed in 439.88 seconds Apr 7 15:40:16 jasper MailScanner[19568]: [ID 702911 mail.info] Batch (30 messages) processed in 506.69 seconds Apr 7 15:40:30 jasper MailScanner[22511]: [ID 702911 mail.info] Batch (30 messages) processed in 484.65 seconds Apr 7 15:41:48 jasper MailScanner[19174]: [ID 702911 mail.info] Batch (30 messages) processed in 432.88 seconds Apr 7 15:41:55 jasper MailScanner[21867]: [ID 702911 mail.info] Batch (30 messages) processed in 416.24 seconds Apr 7 15:42:07 jasper MailScanner[21017]: [ID 702911 mail.info] Batch (30 messages) processed in 459.95 seconds Apr 7 15:42:10 jasper MailScanner[24091]: [ID 702911 mail.info] Batch (30 messages) processed in 439.52 seconds Apr 7 15:42:35 jasper MailScanner[22123]: [ID 702911 mail.info] Batch (30 messages) processed in 503.25 seconds Apr 7 15:42:38 jasper MailScanner[13010]: [ID 702911 mail.info] Batch (30 messages) processed in 450.33 seconds Apr 7 15:42:56 jasper MailScanner[21719]: [ID 702911 mail.info] Batch (30 messages) processed in 517.10 seconds Apr 7 15:43:08 jasper MailScanner[14884]: [ID 702911 mail.info] Batch (30 messages) processed in 452.90 seconds Apr 7 15:43:28 jasper MailScanner[21634]: [ID 702911 mail.info] Batch (30 messages) processed in 464.40 seconds Apr 7 15:44:26 jasper MailScanner[16649]: [ID 702911 mail.info] Batch (30 messages) processed in 376.96 seconds Apr 7 15:44:54 jasper MailScanner[21787]: [ID 702911 mail.info] Batch (30 messages) processed in 356.83 seconds Apr 7 15:45:00 jasper MailScanner[21522]: [ID 702911 mail.info] Batch (30 messages) processed in 402.89 seconds Apr 7 15:45:04 jasper MailScanner[18716]: [ID 702911 mail.info] Batch (30 messages) processed in 414.55 seconds Apr 7 15:45:12 jasper MailScanner[18363]: [ID 702911 mail.info] Batch (30 messages) processed in 385.14 seconds Apr 7 15:45:48 jasper MailScanner[20718]: [ID 702911 mail.info] Batch (30 messages) processed in 364.29 seconds Apr 7 15:45:51 jasper MailScanner[22511]: [ID 702911 mail.info] Batch (30 messages) processed in 314.06 seconds Apr 7 15:46:29 jasper MailScanner[21939]: [ID 702911 mail.info] Batch (30 messages) processed in 423.13 seconds Apr 7 15:46:46 jasper MailScanner[19568]: [ID 702911 mail.info] Batch (30 messages) processed in 385.45 seconds Apr 7 15:46:50 jasper MailScanner[19174]: [ID 702911 mail.info] Batch (30 messages) processed in 295.46 seconds Apr 7 15:46:53 jasper MailScanner[18589]: [ID 702911 mail.info] Batch (30 messages) processed in 403.29 seconds Apr 7 15:47:24 jasper MailScanner[19345]: [ID 702911 mail.info] Batch (30 messages) processed in 531.53 seconds Apr 7 15:47:47 jasper MailScanner[21867]: [ID 702911 mail.info] Batch (30 messages) processed in 343.20 seconds Apr 7 15:48:44 jasper MailScanner[21719]: [ID 702911 mail.info] Batch (30 messages) processed in 340.74 seconds Apr 7 15:48:49 jasper MailScanner[22123]: [ID 702911 mail.info] Batch (30 messages) processed in 365.27 seconds Apr 7 15:49:26 jasper MailScanner[21017]: [ID 702911 mail.info] Batch (30 messages) processed in 429.22 seconds Apr 7 15:49:38 jasper MailScanner[24091]: [ID 702911 mail.info] Batch (30 messages) processed in 440.68 seconds Apr 7 15:49:59 jasper MailScanner[14884]: [ID 702911 mail.info] Batch (30 messages) processed in 401.45 seconds Apr 7 15:50:10 jasper MailScanner[21634]: [ID 702911 mail.info] Batch (30 messages) processed in 391.67 seconds Apr 7 15:50:43 jasper MailScanner[13010]: [ID 702911 mail.info] Batch (30 messages) processed in 474.70 seconds Apr 7 15:51:08 jasper MailScanner[21787]: [ID 702911 mail.info] Batch (30 messages) processed in 367.96 seconds Apr 7 15:51:24 jasper MailScanner[16649]: [ID 702911 mail.info] Batch (30 messages) processed in 407.22 seconds Apr 7 15:51:33 jasper MailScanner[18716]: [ID 702911 mail.info] Batch (30 messages) processed in 380.83 seconds Apr 7 15:51:48 jasper MailScanner[20718]: [ID 702911 mail.info] Batch (30 messages) processed in 356.76 seconds Apr 7 15:52:22 jasper MailScanner[21522]: [ID 702911 mail.info] Batch (30 messages) processed in 436.40 seconds Apr 7 15:52:53 jasper MailScanner[22511]: [ID 702911 mail.info] Batch (30 messages) processed in 409.90 seconds Apr 7 15:53:17 jasper MailScanner[21719]: [ID 702911 mail.info] Batch (30 messages) processed in 261.58 seconds Apr 7 15:53:23 jasper MailScanner[21939]: [ID 702911 mail.info] Batch (30 messages) processed in 403.23 seconds Apr 7 15:53:24 jasper MailScanner[18363]: [ID 702911 mail.info] Batch (30 messages) processed in 487.01 seconds Apr 7 15:53:42 jasper MailScanner[19345]: [ID 702911 mail.info] Batch (30 messages) processed in 368.80 seconds Apr 7 15:53:58 jasper MailScanner[21867]: [ID 702911 mail.info] Batch (30 messages) processed in 360.89 seconds Apr 7 15:54:07 jasper MailScanner[19174]: [ID 702911 mail.info] Batch (30 messages) processed in 418.81 seconds Apr 7 15:54:10 jasper MailScanner[19568]: [ID 702911 mail.info] Batch (30 messages) processed in 426.22 seconds Apr 7 15:54:54 jasper MailScanner[21017]: [ID 702911 mail.info] Batch (30 messages) processed in 318.61 seconds Apr 7 15:55:26 jasper MailScanner[14884]: [ID 702911 mail.info] Batch (30 messages) processed in 319.82 seconds Apr 7 15:55:40 jasper MailScanner[18589]: [ID 702911 mail.info] Batch (30 messages) processed in 508.76 seconds Apr 7 15:56:22 jasper MailScanner[22123]: [ID 702911 mail.info] Batch (30 messages) processed in 440.21 seconds Apr 7 15:56:52 jasper MailScanner[21634]: [ID 702911 mail.info] Batch (30 messages) processed in 389.47 seconds Apr 7 15:57:08 jasper MailScanner[24091]: [ID 702911 mail.info] Batch (30 messages) processed in 442.42 seconds Apr 7 15:57:15 jasper MailScanner[16649]: [ID 702911 mail.info] Batch (30 messages) processed in 340.86 seconds Apr 7 15:57:28 jasper MailScanner[21787]: [ID 702911 mail.info] Batch (30 messages) processed in 369.70 seconds Apr 7 15:58:24 jasper MailScanner[13010]: [ID 702911 mail.info] Batch (30 messages) processed in 454.02 seconds Apr 7 15:58:59 jasper MailScanner[21017]: [ID 702911 mail.info] Batch (30 messages) processed in 233.00 seconds Apr 7 15:59:10 jasper MailScanner[21522]: [ID 702911 mail.info] Batch (30 messages) processed in 399.33 seconds Apr 7 15:59:23 jasper MailScanner[18716]: [ID 702911 mail.info] Batch (30 messages) processed in 460.67 seconds Apr 7 15:59:34 jasper MailScanner[20718]: [ID 702911 mail.info] Batch (30 messages) processed in 455.83 seconds Apr 7 15:59:44 jasper MailScanner[21719]: [ID 702911 mail.info] Batch (30 messages) processed in 374.07 seconds Apr 7 16:00:11 jasper MailScanner[19174]: [ID 702911 mail.info] Batch (30 messages) processed in 353.71 seconds Apr 7 16:00:18 jasper MailScanner[21939]: [ID 702911 mail.info] Batch (30 messages) processed in 396.78 seconds Apr 7 16:00:42 jasper MailScanner[22511]: [ID 702911 mail.info] Batch (30 messages) processed in 458.97 seconds Apr 7 16:00:48 jasper MailScanner[19345]: [ID 702911 mail.info] Batch (30 messages) processed in 417.51 seconds Apr 7 16:00:58 jasper MailScanner[21867]: [ID 702911 mail.info] Batch (30 messages) processed in 412.17 seconds Apr 7 16:01:11 jasper MailScanner[19568]: [ID 702911 mail.info] Batch (30 messages) processed in 410.52 seconds Apr 7 16:01:26 jasper MailScanner[18363]: [ID 702911 mail.info] Batch (30 messages) processed in 464.23 seconds Apr 7 16:01:28 jasper MailScanner[22123]: [ID 702911 mail.info] Batch (30 messages) processed in 298.17 seconds Apr 7 16:01:45 jasper MailScanner[14884]: [ID 702911 mail.info] Batch (30 messages) processed in 370.22 seconds Apr 7 16:02:21 jasper MailScanner[18589]: [ID 702911 mail.info] Batch (30 messages) processed in 394.15 seconds Apr 7 16:02:59 jasper MailScanner[21634]: [ID 702911 mail.info] Batch (30 messages) processed in 361.03 seconds Apr 7 16:03:13 jasper MailScanner[13010]: [ID 702911 mail.info] Batch (30 messages) processed in 278.35 seconds Apr 7 16:03:19 jasper MailScanner[16649]: [ID 702911 mail.info] Batch (30 messages) processed in 351.52 seconds Apr 7 16:04:38 jasper MailScanner[24091]: [ID 702911 mail.info] Batch (30 messages) processed in 444.51 seconds Apr 7 16:04:52 jasper MailScanner[21787]: [ID 702911 mail.info] Batch (30 messages) processed in 435.22 seconds Apr 7 16:04:58 jasper MailScanner[21017]: [ID 702911 mail.info] Batch (30 messages) processed in 349.23 seconds Apr 7 16:05:07 jasper MailScanner[18716]: [ID 702911 mail.info] Batch (30 messages) processed in 335.79 seconds Apr 7 16:05:10 jasper MailScanner[19345]: [ID 702911 mail.info] Batch (30 messages) processed in 253.59 seconds Apr 7 16:05:24 jasper MailScanner[21719]: [ID 702911 mail.info] Batch (30 messages) processed in 328.35 seconds Apr 7 16:05:32 jasper MailScanner[21867]: [ID 702911 mail.info] Batch (30 messages) processed in 263.42 seconds Apr 7 16:06:13 jasper MailScanner[19568]: [ID 702911 mail.info] Batch (30 messages) processed in 293.91 seconds Apr 7 16:06:18 jasper MailScanner[22511]: [ID 702911 mail.info] Batch (30 messages) processed in 325.14 seconds Apr 7 16:06:20 jasper MailScanner[19174]: [ID 702911 mail.info] Batch (30 messages) processed in 358.11 seconds Apr 7 16:06:31 jasper MailScanner[14884]: [ID 702911 mail.info] Batch (30 messages) processed in 269.11 seconds Apr 7 16:06:49 jasper MailScanner[21522]: [ID 702911 mail.info] Batch (30 messages) processed in 449.93 seconds Apr 7 16:06:52 jasper MailScanner[20718]: [ID 702911 mail.info] Batch (30 messages) processed in 429.35 seconds Apr 7 16:06:56 jasper MailScanner[22123]: [ID 702911 mail.info] Batch (30 messages) processed in 297.49 seconds Apr 7 16:07:07 jasper MailScanner[18363]: [ID 702911 mail.info] Batch (30 messages) processed in 312.49 seconds Apr 7 16:08:24 jasper MailScanner[21939]: [ID 702911 mail.info] Batch (30 messages) processed in 473.68 seconds Apr 7 16:08:39 jasper MailScanner[18589]: [ID 702911 mail.info] Batch (30 messages) processed in 368.53 seconds Apr 7 16:08:47 jasper MailScanner[21634]: [ID 702911 mail.info] Batch (30 messages) processed in 333.77 seconds Apr 7 16:08:49 jasper MailScanner[13010]: [ID 702911 mail.info] Batch (30 messages) processed in 320.76 seconds Apr 7 16:10:00 jasper MailScanner[24091]: [ID 702911 mail.info] Batch (30 messages) processed in 311.35 seconds Apr 7 16:10:22 jasper MailScanner[16649]: [ID 702911 mail.info] Batch (30 messages) processed in 407.81 seconds Apr 7 16:10:58 jasper MailScanner[21787]: [ID 702911 mail.info] Batch (30 messages) processed in 359.59 seconds Apr 7 16:11:08 jasper MailScanner[19568]: [ID 702911 mail.info] Batch (30 messages) processed in 283.00 seconds Apr 7 16:11:26 jasper MailScanner[19345]: [ID 702911 mail.info] Batch (30 messages) processed in 364.17 seconds Apr 7 16:11:46 jasper MailScanner[21017]: [ID 702911 mail.info] Batch (30 messages) processed in 394.07 seconds Apr 7 16:11:53 jasper MailScanner[22511]: [ID 702911 mail.info] Batch (30 messages) processed in 321.38 seconds Apr 7 16:12:07 jasper MailScanner[18716]: [ID 702911 mail.info] Batch (30 messages) processed in 405.53 seconds Apr 7 16:12:31 jasper MailScanner[21719]: [ID 702911 mail.info] Batch (30 messages) processed in 419.40 seconds Apr 7 16:12:46 jasper MailScanner[21867]: [ID 702911 mail.info] Batch (30 messages) processed in 423.70 seconds Apr 7 16:13:07 jasper MailScanner[21939]: [ID 702911 mail.info] Batch (30 messages) processed in 272.54 seconds Apr 7 16:13:12 jasper MailScanner[21522]: [ID 702911 mail.info] Batch (30 messages) processed in 376.76 seconds Apr 7 16:13:19 jasper MailScanner[14884]: [ID 702911 mail.info] Batch (30 messages) processed in 401.06 seconds Apr 7 16:13:25 jasper MailScanner[19174]: [ID 702911 mail.info] Batch (30 messages) processed in 408.84 seconds Apr 7 16:13:58 jasper MailScanner[18363]: [ID 702911 mail.info] Batch (30 messages) processed in 388.26 seconds Apr 7 16:14:10 jasper MailScanner[20718]: [ID 702911 mail.info] Batch (30 messages) processed in 416.94 seconds Apr 7 16:14:26 jasper MailScanner[22123]: [ID 702911 mail.info] Batch (30 messages) processed in 425.60 seconds Apr 7 16:14:49 jasper MailScanner[13010]: [ID 702911 mail.info] Batch (30 messages) processed in 344.12 seconds Apr 7 16:14:53 jasper MailScanner[18589]: [ID 702911 mail.info] Batch (30 messages) processed in 362.72 seconds Apr 7 16:15:13 jasper MailScanner[16649]: [ID 702911 mail.info] Batch (30 messages) processed in 284.02 seconds Apr 7 16:15:22 jasper MailScanner[24091]: [ID 702911 mail.info] Batch (30 messages) processed in 307.45 seconds Apr 7 16:15:39 jasper MailScanner[21787]: [ID 702911 mail.info] Batch (30 messages) processed in 269.35 seconds Apr 7 16:16:25 jasper MailScanner[19568]: [ID 702911 mail.info] Batch (30 messages) processed in 303.84 seconds From MailScanner at ecs.soton.ac.uk Tue Apr 8 21:53:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 21:54:48 2008 Subject: A couple of notes In-Reply-To: <20080408191728.GA23795@doctor.nl2k.ab.ca> References: <20080408135755.GA17313@doctor.nl2k.ab.ca> <47FB8734.5050002@ecs.soton.ac.uk> <20080408191728.GA23795@doctor.nl2k.ab.ca> Message-ID: <47FBDB5F.5000301@ecs.soton.ac.uk> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > On Tue, Apr 08, 2008 at 03:54:44PM +0100, Julian Field wrote: > >> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem >> wrote: >> >>> 1) http://www.nk.ca/blog . This is spam and phish section for your research. >>> >>> 2) The latest beta sent my CPUs up the wall. What did you do Julian? >>> >>> >> What has changed in your system performance? It should only affect messages >> with Office documents embedded in them. Was the change in the last beta, or >> was the previous stable the same as the new beta? >> >> > > Stable to beta. > Well, you've got the Change Log. Take a look :) > >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Tue Apr 8 21:54:10 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 21:54:51 2008 Subject: New server request In-Reply-To: <47FBAB86.3090608@ecs.soton.ac.uk> References: <9283241.1441207668970459.JavaMail.root@office.splatnix.net> <47FBAB86.3090608@ecs.soton.ac.uk> Message-ID: <47FBDB72.2040809@pixelhammer.com> Julian Field wrote: > > > --[ UxBoD ]-- wrote: >> Remove all checking ? ;) 5 mins for something that does not have a >> guaranteed (RFC) delivery time anyway is damn good! Yes you could put >> in a SAN/iSCSI but as already been said make sure loads of cache. Why >> not put the OS etc on SSDs ? Man, you could keep going all day and >> spend loads of dosh, but what great fun :D >> >> I would run numerous tests throughout different loads on the system to >> truly ascertain where the issue is. >> > Definitely. Work out exactly where to target the money. And in my view > you'll get better value from 2 half-price servers than 1 very expensive > one. > > Jules > Yep, but they seems to like hardware solutions, so I like giving them hardware solutions ;^) In reality we are in good shape, we are processing at the same speed now as before, but at a higher load. My inclination is to test more but I don't want to turn off MailScanner to run in debug. So I need to get a schedule to upgrade to Julian's new version to I can actually run a debug child on a test queue during peak load. I am suspicious that the high load is SA, but I don't think there is much I can do tuning wise that has not already been done. I will make some changes to the disks/kernel/etc in the next few evenings and see where I end up. Still gonna turn in a quote for hot rod servers though. The current ones would make excellent web mirrors ;^) DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From dave.list at pixelhammer.com Tue Apr 8 21:56:03 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 21:56:50 2008 Subject: New server request In-Reply-To: <47FBC370.4090906@sendit.nodak.edu> References: <47FB765B.6030402@pixelhammer.com> <47FB8081.4090208@sendit.nodak.edu> <47FB9540.7090004@pixelhammer.com> <47FBC370.4090906@sendit.nodak.edu> Message-ID: <47FBDBE3.3080204@pixelhammer.com> Richard Frovarp wrote: > DAve wrote: >> Richard Frovarp wrote: >>> DAve wrote: >>>> Currently we get hit with 200k to 300k connections a day that hit an >>>> RBL. We see 15k to 25k pipeline attempts. We spam scan almost 50% of >>>> our mail and we Virus scan everything that comes in. We process 4gb >>>> of mail a day on two servers, total around 50k to 65k message we >>>> actually deliver. We process 16,908 whitelist and 14,348 blacklist >>>> entries from MailWatch. >>>> >>>> Mail delivery for our clients *INCLUDES* outbound scanning and >>>> filtering through my smtp servers (different hardware) and coming >>>> back in through my MailScanner servers. >>>> >>>> I can get that done in 5 minutes round trip time for a message. 90% >>>> of that time is spent in the MS server, queues, waiting for pickup, >>>> etc. I think that is pretty darned good. >>>> >>>> That is apparently not good enough. Every month or so I get told >>>> that mail delivery in incredibly slow and I need to look at the >>>> servers. I do, and every message I check takes around five minutes. >>>> >>>> I need a recommendation for the root'n toot'nist, rockem sockem, >>>> nuklear powered, rocket fuel fed servers money can buy. I want to >>>> push a batch of 30 messages through a full featured install of SA, >>>> Clamav, and local rulesets in less than 5 seconds. Tops. When my >>>> sales director hits send in his outlook, I want the message to >>>> deliver so fast his laptop jumps from his desk. >>>> >>>> I think I need striped SAS disks with 15k spindles, four CPUs, and >>>> 16gb of ram. I am open to realistic suggestions, though humor is >>>> still welcome. I intend to submit a quote this week. >>>> >>>> Thanks, >>>> >>>> DAve >>>> >>> >>> I've got an old 2.66 GHz dual Xeon with 2 GB of RAM that pushes >>> through mail relatively well. Standard RAID 1 SCSI disks. Right now >>> it's doing batches of 2 in about 15 seconds. It handles about 4 GB of >>> of traffic and scans about 46 K a day. I would expect a dual quad >>> core with the requisite amount of RAM would be plenty. Network tests >>> take a while anyway, and there isn't much you can do to speed that >>> up. I am running greylist, greet pause, valid user lookup, and >>> blacklists in sendmail to reduce the load. I also have two other >>> machines that see similar load. >>> >> >> Not much different that the servers we currently run. We do not run >> RAID at the moment. Except I have two servers were you have one. >> Batches of 2 take about 6 seconds, in the evening. During peak hours I >> get batches of 10 that require anywhere from 60 to 190 seconds. I can >> go from 7 messages waiting to 300 messages waiting in the blink of an >> eye. Though left to it's own, MS will chew through them just fine. >> >> We also run greylisting (with client's whitelisted), greetpause (with >> our own network whitelisted), RBL (in MTA), caching DNS, and >> milter-ahead to the pop toasters. >> >> DAve >> >> > Actually I have 3 public facing and 1 internal MailScanner boxes. Lower > your batch sizes. How many of those 300 are really waiting? If you are > doing batches of max of 10 with 10 children, that's 100 messages being > processed at the moment. If you have max batch sizes of 30, that's all > 300 being processed. > > Assuming that other aspects aren't affecting load, the batch performance > would seem to be better with smaller numbers of messages. You may want > to try lowering the batch sizes. Sometimes less is more. I thought so too, it seems at least with our mail, more children processing smaller batches is faster than large batches and fewer children. I currently run 15 children and batch size of 10 and doing well. DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From ssilva at sgvwater.com Tue Apr 8 21:59:01 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 8 22:00:08 2008 Subject: detect executables embedded inside MS Office documents? In-Reply-To: <47FBBB15.1020007@ecs.soton.ac.uk> References: <57573D714A832C43B9D80EAFBDA48D030A03EC01@inex3.herffjones.hj-int> <47F725C7.4070103@vanderkooij.org> <47F78BED.5020606@ecs.soton.ac.uk> <47F7A674.1040501@calorieking.com> <47F8E791.10709@ecs.soton.ac.uk> <20080407060825.50bf671f@scorpio> <47FBBB15.1020007@ecs.soton.ac.uk> Message-ID: on 4-8-2008 11:36 AM Julian Field spake the following: > > > Scott Silva wrote: >> on 4-7-2008 3:08 AM Gerard spake the following: >>> On Sun, 06 Apr 2008 16:00:45 -0700 >>> Scott Silva wrote: >>> >>>> on 4-6-2008 8:09 AM Julian Field spake the following: >>>>> Ignore all previous requests for information. I've got enough of >>>>> it, pretty much. >>>>> The only thing I cannot handle is inserted OLE "Packages" that >>>>> contain multiple files. If someone fancies creating one of those >>>>> and sending it to me, I'll improve the Package parser to cope with >>>>> it. >>>>> >>>>> But it now works with files inserted into Microsoft Office >>>>> documents just fine. >>>>> >>>>> This will be in the next release. >>>>> I guess it's a fairly major new feature, the ability to extract >>>>> embedded files from Microsoft Office documents. >>>>> :-) >>>>> >>>>> I think I'm going to have a rest now... >>>>> >>>> Poking another hole in the Microsoft armor was a big task. A well >>>> deserved rest it will be!! >>> >>> The use of OLE makes the creation of highly detailed documents far >>> easier and accurate. The scanning of said documents when emailed I >>> would assume to be a plus. However, if the scanning action breaks the >>> OLE bonds then then cure is far worst than the disease. >> MailScanner only scans a copy of the attachments to check their >> content. The original isn't harmed. > He didn't really think that did he? How stoopid do people think I am? :-) > > Jules > That is how I took it. No smileys, no other indication of being funny, no swapping jokes, etc... -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080408/f8fc1681/signature.bin From MailScanner at ecs.soton.ac.uk Tue Apr 8 22:02:35 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 8 22:02:51 2008 Subject: Where to increase the RAZOR2_CF scores? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D02CF60C8@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D02CF60C8@hcex.hartwellcorp.com> Message-ID: <47FBDD6B.1000602@ecs.soton.ac.uk> cd /usr/share/spamassassin grep RAZOR 50_scores.cf (or something similar) Then put the new scores in /etc/MailScanner/spam.assassin.prefs.conf and restart MailScanner. Michael St. Laurent wrote: > I was wondering how I would see all the rule names for Razor2 matches > and which file would be the best place to add increased scores for them. > > Thanks. ;) > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bpirie at rma.edu Tue Apr 8 22:20:33 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Apr 8 22:19:19 2008 Subject: New server request In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A2E9@server-16.MorganSys.net> References: <47FB765B.6030402@pixelhammer.com> <7D1CC61717004141A57CA6CA1C8087EC18A2E9@server-16.MorganSys.net> Message-ID: <47FBE1A1.9070704@rma.edu> Neal Morgan wrote: > > > We've used both MS Virtual Server and VMWare for these. Both work OK - > though VMWare seems better. > Works great with xen virtual servers here. Brendan From ms-list at alexb.ch Tue Apr 8 22:27:38 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Apr 8 22:28:22 2008 Subject: SA installer oddities: In-Reply-To: <47FBACD4.3020804@ecs.soton.ac.uk> References: <47FB8D50.6080703@alexb.ch> <47FBACD4.3020804@ecs.soton.ac.uk> Message-ID: <47FBE34A.9010403@alexb.ch> On 4/8/2008 7:35 PM, Julian Field wrote: > > > Alex Broens wrote: >> Jules >> >> Finsihed the install and BEFORE adding my own stuff to >> /etc/mail/spamassassin I checked the *.pre files for redundant loads: >> >> init.pre >> >> includes: >> >> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >> loadplugin Mail::SpamAssassin::Plugin::SPF >> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >> loadplugin Mail::SpamAssassin::Plugin::Razor2 >> >> >> v310.pre >> >> includes: >> >> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >> loadplugin Mail::SpamAssassin::Plugin::SPF >> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >> >> >> >> v320.pre >> >> includes: >> >> loadplugin Mail::SpamAssassin::Plugin::RelayCountry >> loadplugin Mail::SpamAssassin::Plugin::SPF >> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL >> loadplugin Mail::SpamAssassin::Plugin::Razor2 >> >> >> >> [13756] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry, already registered >> [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, >> already registered [13756] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >> >> [13756] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::RelayCountry, already registered >> [13756] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, >> already registered >> [13756] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::URIDNSBL, already registered >> [13756] dbg: plugin: did not register >> Mail::SpamAssassin::Plugin::Razor2, already registered >> >> >> seems to me there a lot of redundant stuff being loaded and reloaded >> and reloaded - not sure at this point what you added and what's >> default (need to take SA source apart and check) > All this registering of plugins is done once when each MailScanner child > starts up. It makes no difference to mail processing speed at all. >> >> May I suggest you don't modify the .pre files after install and point >> admins to check the stuff being loaded in the 3 .pre files and enable >> whatever specials they may need. >> The standard enabled SA plugins will produce a decent working SA >> withotu any pain. > My ClamAV+SpamAssassin package automatically enables these plugins: > Mail::SpamAssassin::Plugin::RelayCountry > Mail::SpamAssassin::Plugin::SPF > Mail::SpamAssassin::Plugin::URIDNSBL > Mail::SpamAssassin::Plugin::Razor2 > > To make sure these get loaded regardless of what version of SpamAssassin > you are using, it writes these into all of v320.pre, v310.pre and > init.pre. Attempting to load them all 3 times probably adds a > millisecond to the startup time of MailScanner, but I really don't care > a hoot about that :-) forcing loads on a possible older SA version which doesn't support certain plugins will cause lint errors and fail an sa-update or sa-compile. Mail::SpamAssassin::Plugin::URIDNSBL is in init.pre been there for ages -what can your installer fix if its already enabled by default? Mail::SpamAssassin::Plugin::RelayCountry is not enabled by default as it adds a certain overhead Razor2 is enabled BEFORE its installed - if you warn ppl they must install it, why not let them enable the plugin? you may say, mainly cosmetics, but when linting they just don't make the results look MS-like :-) From hvdkooij at vanderkooij.org Tue Apr 8 22:33:17 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 8 22:34:02 2008 Subject: MailScanner Digest, Vol 28, Issue 18 In-Reply-To: <47FBA363.5010100@ecs.soton.ac.uk> References: <47FBA363.5010100@ecs.soton.ac.uk> Message-ID: <47FBE49D.9060109@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | Please use an auto-responder that is intelligent enough to ignore | mailing lists. Hmm. That means that everyone reading this mailinglist from an exchange server is not entitled to any vacation. But anyone running exchange would allready know that exchange does not allow you to be away from the office too much anyway ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH++SbBvzDRVjxmYERAgnXAJ9OTynU9aznG5Vc6jCcuR2tAM/egwCgpLaD OHzg0k6/U+dkfh5gDT0gOag= =u5Bd -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Apr 8 22:37:18 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 8 22:37:29 2008 Subject: New server request In-Reply-To: References: <47FB765B.6030402@pixelhammer.com> Message-ID: <47FBE58E.3070700@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: | But if the complaints will get an increase in your hardware budget, then | go for it. It won't make it slower. Hmm. Perhaps a better paycheck may even refresh your memory where you left the sleep commands in the scripts. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH++WNBvzDRVjxmYERAilbAJwPQaloWAG1wIqos1k8fFoRMnugUgCfRiBM OCE4shaYhxf4ECcjle2HU1M= =iTym -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Apr 8 22:41:01 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 8 22:41:12 2008 Subject: Where to increase the RAZOR2_CF scores? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D02CF60C9@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D02CF60C9@hcex.hartwellcorp.com> Message-ID: <47FBE66D.9@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael St. Laurent wrote: | I was wondering how I would see all the rule names for Razor2 matches | and which file would be the best place to add increased scores for them. Could you fix the loop in your SMTP network FIRST? This is bound to get you into trouble sooner or later. Check out these headers: Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7]) by balin.waakhond.net (Postfix) with ESMTP id 4F19417E83BF for ; Tue, 8 Apr 2008 23:22:34 +0200 (CEST) Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m38LJOXw000373; Tue, 8 Apr 2008 22:19:32 +0100 X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $ Received: from hcfw1.hartwellcorp.com (guardian.hartwellcorp.com [216.237.48.18]) by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m38KCqva028641 for ; Tue, 8 Apr 2008 21:13:25 +0100 X-Hartwell-MailScanner-Watermark: 1208290368.35685@76WyA74NVfugdnG4EGswsQ Received: (from mail@localhost) by hcfw1.hartwellcorp.com (8.13.8/8.12.8) id m38KCmbW020237 for ; Tue, 8 Apr 2008 13:12:48 -0700 X-Authentication-Warning: hcfw1.hartwellcorp.com: mail set sender to using -f X-Authentication-Warning: hcfw1.hartwellcorp.com: Processed from queue /var/spool/mqueue.in/ Received: from hcex.hartwellcorp.com (EHLO hcex.hartwellcorp.com) (10.11.10.14) by hcfw1.hartwellcorp.com via smap (V2.1+anti-relay+anti-spam) id xma020233; Tue, 8 Apr 08 20:12:41 GMT X-MimeOLE: Produced By Microsoft Exchange V6.5 Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH++ZrBvzDRVjxmYERAhXGAKCxvTwu6ZcTE5Qc9BCxdPypbxKGswCffxqD RHI9GzlxJxf51eDm0GvSD0I= =oy69 -----END PGP SIGNATURE----- From dave.list at pixelhammer.com Tue Apr 8 22:47:32 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Apr 8 22:48:13 2008 Subject: New server request In-Reply-To: <8659132F-F9B3-4587-8E0E-A0A902AD091E@nkpanama.com> References: <47FB765B.6030402@pixelhammer.com> <47FB79A0.3030605@slackadelic.com> <47FB92ED.4040504@pixelhammer.com> <47FBB047.2050109@slackadelic.com> <8659132F-F9B3-4587-8E0E-A0A902AD091E@nkpanama.com> Message-ID: <47FBE7F4.9000409@pixelhammer.com> Alex Neuman wrote: > > These are *not* the mailing list messages you're looking for. > You do not need to see the headers. > You will pass the message on to the next hop untouched. > > > On Apr 8, 2008, at 12:49 PM, Matt Hayes wrote: >>> I forget you read this list. You never saw this message, you know >>> nothing of a quote, you never saw me here. >>> DAve >> >> Who the hell are you? >> >> -Matt > Scott Silva wrote: > Your Jedi e-mail admin powers don't work on this one! > I needed a good laugh ;^) -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From mikes at hartwellcorp.com Tue Apr 8 23:24:01 2008 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Tue Apr 8 23:24:49 2008 Subject: Where to increase the RAZOR2_CF scores? Message-ID: <3BF93070B3D1B047BA7ABF612958950D02CF60CF@hcex.hartwellcorp.com> Perfect! Thanks. ;) > cd /usr/share/spamassassin > grep RAZOR 50_scores.cf > (or something similar) > Then put the new scores in > /etc/MailScanner/spam.assassin.prefs.conf and > restart MailScanner. > > Michael St. Laurent wrote: > > I was wondering how I would see all the rule names for > Razor2 matches > > and which file would be the best place to add increased > scores for them. > > > > Thanks. ;) From TGFurnish at herffjones.com Wed Apr 9 00:48:55 2008 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Wed Apr 9 00:49:33 2008 Subject: New server request In-Reply-To: <47FBDBE3.3080204@pixelhammer.com> References: <47FB765B.6030402@pixelhammer.com> <47FB8081.4090208@sendit.nodak.edu> <47FB9540.7090004@pixelhammer.com><47FBC370.4090906@sendit.nodak.edu> <47FBDBE3.3080204@pixelhammer.com> Message-ID: <57573D714A832C43B9D80EAFBDA48D030A03EC5A@inex3.herffjones.hj-int> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve > Sent: Tuesday, April 08, 2008 4:56 PM > To: MailScanner discussion > Subject: Re: New server request > > Richard Frovarp wrote: > > DAve wrote: > >> Richard Frovarp wrote: > >>> DAve wrote: > >>>> Currently we get hit with 200k to 300k connections a day > >>>> that hit > >>>> an RBL. We see 15k to 25k pipeline attempts. We spam scan almost > >>>> 50% of our mail and we Virus scan everything that comes in. We > >>>> process 4gb of mail a day on two servers, total around > >>>> 50k to 65k > >>>> message we actually deliver. We process 16,908 whitelist > >>>> and 14,348 > >>>> blacklist entries from MailWatch. > >>>> > >>>> Mail delivery for our clients *INCLUDES* outbound scanning and > >>>> filtering through my smtp servers (different hardware) > >>>> and coming > >>>> back in through my MailScanner servers. > >>>> > >>>> I can get that done in 5 minutes round trip time for a > >>>> message. 90% > >>>> of that time is spent in the MS server, queues, waiting > >>>> for pickup, > >>>> etc. I think that is pretty darned good. Not really what you're looking for, but I run a small shell script that sends a daily report of the previous day's delay reading as logged by the sendmail process that handles mail in the queue after MailScanner processes messages. My set-up only handles mail coming in from the Internet to internal users, which makes the logic simpler. YMMV -- you'd definitely need to change the code at least a little to fit your environment, especially to distinguish between "inbound Internet mail" and others. It produces output like so: Output from script /sysadm/scripts/local/report_delay.sh running on host relay2.public.herff-jones.com under account root. This report shows the delay for message delivery as reported by sendmail (...are you running sendmail?). These are only messages that were already passed through by MS -- some 180K msgs are blocked each day by the same system. Count of messages delivered: 25185 Messages delivered in under a minute: 23723 Messages delivered in between 1 and 10 minutes: 1456 Messages delivered in between 10 and 20 minutes: 2 Messages delivered in between 20 and 30 minutes: 1 Messages delivered in between 30 and 40 minutes: 1 Messages delivered in between 40 and 50 minutes: 1 Messages delivered in between 50 and 60 minutes: 0 Messages delivered in between 1 and 2 hours: 0 Messages delivered in between 2 and 10 hours: 0 The report only comes to me so I haven't worried about fixing the outlying cases that appear to have taken nearly an hour -- they're not real problems. You could easily get more granular if you need to. Having the report helps me rest more easily -- I had no stats to back up my claim that there wasn't a problem the first time I had a conversation with someone claiming delivery was unreasonably slow. The "anything under three days is good per the RFC" argument didn't go over very well. :-) I'm embarrassed by some of the code -- hit me up off-list if you want the script, but I mostly thought the idea might be useful. :-) From jan-peter at koopmann.eu Wed Apr 9 07:14:58 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Wed Apr 9 07:16:47 2008 Subject: New server request In-Reply-To: References: <47FB765B.6030402@pixelhammer.com><7D1CC61717004141A57CA6CA1C8087EC18A2E9@server-16.MorganSys.net> Message-ID: > Works great with xen virtual servers here. I second that. Works like a charm on our Virtual Iron installations! From jan-peter at koopmann.eu Wed Apr 9 07:16:54 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Wed Apr 9 07:17:46 2008 Subject: MailScanner Digest, Vol 28, Issue 18 In-Reply-To: References: <47FBA363.5010100@ecs.soton.ac.uk> Message-ID: > Hmm. That means that everyone reading this mailinglist from an exchange > server is not entitled to any vacation. You just need an intelligent auto-responder in front of the exchange box. > But anyone running exchange > would allready know that exchange does not allow you to be away from > the > office too much anyway ;-) On the contrary. :-) From jan-peter at koopmann.eu Wed Apr 9 07:28:03 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Wed Apr 9 07:28:58 2008 Subject: how to fix Blacklist In-Reply-To: References: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> Message-ID: > If you run a mail server you should be reading your postmaster mail > everyday. If you do not want to, then you should outsource your email > to > someone who will. Well spoken but far from reality. Most people don't and it really is not necessary that much. If our system blocks you it will tell you why and how to contact us via phone, chat, web whatever you like. In the real world (at least the one I know) managers send mails, these mails bounce for whatever reason and now one or several of the following happens: - manager never recognizes the bounce (since it is spam or looks like it...) - manager recognizes the bounce as a potential problem (not reading the MTAs error message telling him exactly what the problem is) - manager runs off to his/her IT guy telling him that he has "a" problem (obviously not sending enough information for the admin to find what is going on) - admin is either understanding e-mail or calling his/her IT company. - if admin is understanding e-mail he is trying to read the bounce and to fix the problem _if_ the problem is on his machine. - if not, the admin will most likely tell his manager that the problem is on the other side and he should contact the intended recipient by phone or else - assuming he survives this recommendation and that the manager is not pleased, he/she will then try to contact the other side himself. - IF the admin is intelligent and optimistic enough (being an admin himself that most probably does not even know he himself has a postmaster account let alone where e-mail to this account would end up) he might try to write to the postmaster at the other side. At this point his/her manager is already standing right behind him urging him to fix the problem so the admin will not wait for a potential reply and call the admin on the other side. This seems to be about true for all my customers. Maybe you have other experiences. All this works well even if the mails to postmaster are blocked as well. :-) In the past 10 years I can only remember about 5-10 cases in which my personal mails to postmaster/abuse whatever actually triggered some sort of reaction. All of them involved ISPs or alike and none of them privately held companies. So yes in theory you are absolutely correct. In reality having a postmaster box that is not scanned and really accepts all the junk and then have a highly paid admin or service going through all the junk is RFC conform but not happening all that much, is it? Kind regards, JP From J.Ede at birchenallhowden.co.uk Wed Apr 9 07:55:38 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Apr 9 07:59:24 2008 Subject: New server request In-Reply-To: <47FBDB72.2040809@pixelhammer.com> References: <9283241.1441207668970459.JavaMail.root@office.splatnix.net> <47FBAB86.3090608@ecs.soton.ac.uk>,<47FBDB72.2040809@pixelhammer.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C406871CC04@server02.bhl.local> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of DAve [dave.list@pixelhammer.com] Sent: 08 April 2008 21:54 To: MailScanner discussion Subject: Re: New server request Julian Field wrote: > > > --[ UxBoD ]-- wrote: >> Remove all checking ? ;) 5 mins for something that does not have a >> guaranteed (RFC) delivery time anyway is damn good! Yes you could put >> in a SAN/iSCSI but as already been said make sure loads of cache. Why >> not put the OS etc on SSDs ? Man, you could keep going all day and >> spend loads of dosh, but what great fun :D >> >> I would run numerous tests throughout different loads on the system to >> truly ascertain where the issue is. >> > Definitely. Work out exactly where to target the money. And in my view > you'll get better value from 2 half-price servers than 1 very expensive > one. > > Jules > Yep, but they seems to like hardware solutions, so I like giving them hardware solutions ;^) In reality we are in good shape, we are processing at the same speed now as before, but at a higher load. My inclination is to test more but I don't want to turn off MailScanner to run in debug. So I need to get a schedule to upgrade to Julian's new version to I can actually run a debug child on a test queue during peak load. I am suspicious that the high load is SA, but I don't think there is much I can do tuning wise that has not already been done. I will make some changes to the disks/kernel/etc in the next few evenings and see where I end up. Still gonna turn in a quote for hot rod servers though. The current ones would make excellent web mirrors ;^) DAve Why not put log speed to yes in the config file and then just restart mailscanner. Then you can see where the messages are taking their time in the queue. Won't need to leave it on for that long to be able to work out what is taking the time.... I'm assuming you've also fed some of the test messages straight into spam assassin to see how long they take? Jason From arjan at anymore.nl Wed Apr 9 10:17:50 2008 From: arjan at anymore.nl (Arjan Schrijver) Date: Wed Apr 9 10:18:58 2008 Subject: Watermark checking doesn't work Message-ID: <47FC89BE.1090304@anymore.nl> Hi people, This watermarking feature sounds very good given all the spam backscatter I'm receiving the past weeks. So I set the following options in MailScanner.conf: Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = spam Check Watermarks To Skip Spam Checks = no Watermark Secret = (this is secret) Watermark Lifetime = 432000 Watermark Header = X-%org-name%-MailScanner-Watermark: Now, the watermark is being added to each mail fine. I get the header in every outgoing mail. When I send a mail to a nonexisting address, it gets interesting. The DSN is being returned as it should, including my original X-%org-name%-MailScanner-Watermark header. However, MailScanner doesn't think it is a legitimate watermark, or it can't find the sender address. I get this logline for the DSN: Apr 9 10:53:37 arenta MailScanner[32447]: Message 82BDF1E018B.CC35D from ######### has no (or invalid) watermark or sender address Is there more configuration I need to do, or is this feature simply still in development and it doesn't work? Kind regards, Arjan From iamapo at ml520.dyndns.org Wed Apr 9 10:30:55 2008 From: iamapo at ml520.dyndns.org (Michael Lai) Date: Wed Apr 9 10:30:55 2008 Subject: Mailscanner not work on Fedora 8 Message-ID: I try to install MailScanner on Fedora 8(Postfix run on it), but I got the error messages. I have no idea to resolve the problem. Please suggest. Thank you, Michael [root@www MailScanner-4.68.8-1]# ./install.sh Good. You have the patch command. Good, you have /usr/src/redhat in place. But you are running Fedora, so I am going to force the installation of the Perl modules that normally require it. Good, unpackaged files will not break the build process. Good, far-too-clever Perl requirements will be ignored. Good, Fedora 8 options will be ignored. Good, you appear to only have 1 copy of Perl installed. I think you are running on RedHat Linux, Mandriva Linux or SuSE Linux. Good, you appear to have the basic development tools installed. This script will pause for a few seconds after each major step, so do not worry if it appears to stop for a while. If you want it to stop so you can scroll back through the output then press Ctrl-S to stop the output and Ctrl-Q to start it again. If this fails due to dependency checks, and you wish to ignore these problems, you can run ./install.sh nodeps Setting Perl5 search path I think your system will build architecture-dependent modules for i386 Rebuilding all the Perl RPMs for your version of Perl Attempting to build and install perl-File-Spec-0.82-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-File-Spec-0.82- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-ExtUtils-MakeMaker-6.32-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.32- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Net-CIDR-0.11-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Net-CIDR-0.11-1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-IO-stringy-2.110-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-IO-stringy-2.110- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-MIME-Base64-3.07-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.07-1.i386.rpm. Maybe it did not build correctly? Attempting to build and install perl-TimeDate-1.16-3 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-TimeDate-1.16-3.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Pod-Escapes-1.04-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Pod-Escapes-1.04- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Pod-Simple-3.05-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Pod-Simple-3.05- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Test-Pod-1.26-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Test-Pod-1.26-1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-MailTools-2.02-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-MailTools-2.02- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-IO-1.2301-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-IO-1.2301-1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-File-Temp-0.19-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-File-Temp-0.19- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-HTML-Tagset-3.03-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-HTML-Tagset-3.03- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-HTML-Parser-3.56-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/i386/perl-HTML-Parser-3.56-1.i386.rpm. Maybe it did not build correctly? Attempting to build and install perl-Convert-BinHex-1.119-2 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Convert-BinHex-1.119- 2.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-MIME-tools-5.425-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-MIME-tools-5.425- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Convert-TNEF-0.17-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Convert-TNEF-0.17- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Compress-Zlib-1.41-1 Detected Compress-Zlib, building appropriately... --rebuild: unknown option Missing file /usr/src/redhat/RPMS/i386/perl-Compress-Zlib-1.41- 1.i386.rpm. Maybe it did not build correctly? Attempting to build and install perl-Archive-Zip-1.16-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Archive-Zip-1.16- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Scalar-List-Utils-1.19-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Scalar-List-Utils-1.19- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Storable-2.16-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Storable-2.16-1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-DBI-1.56-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-DBI-1.56-1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-DBD-SQLite-1.13-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-DBD-SQLite-1.13- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Getopt-Long-2.36-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Getopt-Long-2.36- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Time-HiRes-1.9707-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Time-HiRes-1.9707- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Filesys-Df-0.90-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Filesys-Df-0.90- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Test-Harness-2.64-1 Detected Compress-Zlib, building appropriately... --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Test-Harness-2.64- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Test-Simple-0.70-1 Detected Compress-Zlib, building appropriately... --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Test-Simple-0.70- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Math-BigInt-1.86-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Math-BigInt-1.86- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Math-BigRat-0.19-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Math-BigRat-0.19- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-bignum-0.21-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-bignum-0.21-1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Net-IP-1.25-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Net-IP-1.25-1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Sys-Hostname-Long-1.4-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Sys-Hostname-Long-1.4- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Sys-Syslog-0.18-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Sys-Syslog-0.18- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Digest-MD5-2.36-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Digest-MD5-2.36- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Digest-SHA1-2.11-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Digest-SHA1-2.11- 1.noarch.rpm. Maybe it did not build correctly? Attempting to build and install perl-Net-DNS-0.63-1 --rebuild: unknown option Missing file /usr/src/redhat/RPMS/noarch/perl-Net-DNS-0.63-1.noarch.rpm. Maybe it did not build correctly? Installing tnef decoder Preparing? ################################################## package tnef-1.4.3-1.i386 have installed Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script NOTE: again with the command "./install.sh nodeps" Preparing? ########################################### [100%] Package mailscanner-4.68.8-1.noarch have installed ---------------------------------------------------------- Please buy the MailScanner book from www.mailscanner.info! It is a very useful administration guide and introduction to MailScanner. All the proceeds go directly to making MailScanner a better supported package than it is today. [root@www MailScanner-4.68.8-1]# service MailScanner start Starting MailScanner daemons: incoming postfix: [ok] outgoing postfix: [ok] MailScanner: Can't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/site_perl/5.8.8/i386-linux- thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread- multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread- multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread- multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/ lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/s ite_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread- multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread- multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread- multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread- multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 / usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib /perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread- multi /usr/lib/perl5/5.8.8 . /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. [ok] [root@www MailScanner-4.68.8-1]# service MailScanner status Checking MailScanner daemons: MailScanner: [failed] [root@www MailScanner-4.68.8-1]# From rgreen at trayerproducts.com Wed Apr 9 12:07:51 2008 From: rgreen at trayerproducts.com (Rodney Green) Date: Wed Apr 9 12:08:21 2008 Subject: Where to increase the RAZOR2_CF scores? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D02CF60C9@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D02CF60C9@hcex.hartwellcorp.com> Message-ID: <47FCA387.6050805@trayerproducts.com> I believe the scores you are looking for are in /usr/share/spamassassin/50_scores.cf. You would want to actually change the scores in your MailScanner spam.assassin.prefs.conf file. You could find the score lines in the 50_scores.cf file and copy them to spam.assassin.prefs.conf and modify the scores there. spam.assassin.prefs.conf scores override 50_scores.cf. Hope that helps, Rod Michael St. Laurent wrote: > I was wondering how I would see all the rule names for Razor2 matches > and which file would be the best place to add increased scores for them. > > Thanks. ;) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Wed Apr 9 12:35:32 2008 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Apr 9 12:36:59 2008 Subject: Now that is odd! Message-ID: <20080409113531.GA9136@doctor.nl2k.ab.ca> Julian, just woke up this morning to see that my seconday Mail Server was running 52 MailScanner processes. Looks as if they did not quit after finishing. This is the 4.68 stable. This is the same box I tried to run 4.69.1 . Any known issues? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From telecaadmin at gmail.com Wed Apr 9 13:37:44 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Wed Apr 9 13:38:22 2008 Subject: MS hangs with strange clamav database (SOLVED) In-Reply-To: References: <47FA0583.1060509@gmail.com> <223f97700804070454m89e2dc2s4e1079e19efef1f8@mail.gmail.com> <223f97700804070456j39092b34i93a4b07628ee041b@mail.gmail.com> <47FA1852.6040906@gmail.com> Message-ID: <47FCB898.5070905@gmail.com> >> >> need look something like: >> >> >> >> Monitors for ClamAV Updates = /var/clamav/*.inc/* /var/clamav/*.?db >> >> /var/clamav/*.cvd >> >> I completely seem to have forgotten about the incrementals... shame on >> me. >> Don't know when that setting got wrong. But alas, I've changed it >> because it really does look sensible. >> >> Thanks Glen! > Make sure that it is the right directory for your system, as Julian's > install package of clam seems to use the clamav default of > /usr/local/share/clamav/ Yes it is (/var/clamav); I'm rolling my own optimized packages which I build from SRPMS for easy updating across all my servers. Cheers! From alex at skynet-srl.com Wed Apr 9 14:20:16 2008 From: alex at skynet-srl.com (Alex) Date: Wed Apr 9 14:21:19 2008 Subject: Mailscanner not work on Fedora 8 In-Reply-To: <200804091100.m39B03vE001875@safir.blacknight.ie> References: <200804091100.m39B03vE001875@safir.blacknight.ie> Message-ID: <47FCC290.30503@skynet-srl.com> > Oggetto: > Mailscanner not work on Fedora 8 > Da: > "Michael Lai" > Data: > Wed, 09 Apr 2008 17:30:55 +0800 > A: > mailscanner@lists.mailscanner.info > > A: > mailscanner@lists.mailscanner.info > > Content-Transfer-Encoding: > 8bit > Precedence: > list > Versione-MIME: > 1.0 > Rispondi-a: > MailScanner discussion > ID-Messaggio: > > Content-Type: > text/plain; charset="UTF-8" > Message: > 19 > > > I try to install MailScanner on Fedora 8(Postfix run on it), but I got > the error messages. I have no idea to resolve the problem. Please > suggest. > Thank you, > Michael > > [root@www MailScanner-4.68.8-1]# ./install.sh > > Good. You have the patch command. > > Good, you have /usr/src/redhat in place. > But you are running Fedora, so I am going to force the installation > of the Perl modules that normally require it. > > Good, unpackaged files will not break the build process. > Good, far-too-clever Perl requirements will be ignored. > Good, Fedora 8 options will be ignored. > > Good, you appear to only have 1 copy of Perl installed. > > I think you are running on RedHat Linux, Mandriva Linux or SuSE Linux. > Good, you appear to have the basic development tools installed. > > This script will pause for a few seconds after each major step, > so do not worry if it appears to stop for a while. > If you want it to stop so you can scroll back through the output > then press Ctrl-S to stop the output and Ctrl-Q to start it again. > > If this fails due to dependency checks, and you wish to ignore > these problems, you can run > ./install.sh nodeps > > Setting Perl5 search path > > I think your system will build architecture-dependent modules for i386 > > Rebuilding all the Perl RPMs for your version of Perl > > Attempting to build and install perl-File-Spec-0.82-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-File-Spec-0.82- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-ExtUtils-MakeMaker-6.32-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.32- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Net-CIDR-0.11-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Net-CIDR-0.11-1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-IO-stringy-2.110-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-IO-stringy-2.110- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-MIME-Base64-3.07-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.07-1.i386.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-TimeDate-1.16-3 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-TimeDate-1.16-3.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Pod-Escapes-1.04-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Pod-Escapes-1.04- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Pod-Simple-3.05-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Pod-Simple-3.05- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Test-Pod-1.26-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Test-Pod-1.26-1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-MailTools-2.02-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-MailTools-2.02- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-IO-1.2301-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-IO-1.2301-1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-File-Temp-0.19-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-File-Temp-0.19- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-HTML-Tagset-3.03-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-HTML-Tagset-3.03- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-HTML-Parser-3.56-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/i386/perl-HTML-Parser-3.56-1.i386.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Convert-BinHex-1.119-2 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Convert-BinHex-1.119- > 2.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-MIME-tools-5.425-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-MIME-tools-5.425- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Convert-TNEF-0.17-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Convert-TNEF-0.17- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Compress-Zlib-1.41-1 > Detected Compress-Zlib, building appropriately... > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/i386/perl-Compress-Zlib-1.41- > 1.i386.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Archive-Zip-1.16-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Archive-Zip-1.16- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Scalar-List-Utils-1.19-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Scalar-List-Utils-1.19- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Storable-2.16-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Storable-2.16-1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-DBI-1.56-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-DBI-1.56-1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-DBD-SQLite-1.13-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-DBD-SQLite-1.13- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Getopt-Long-2.36-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Getopt-Long-2.36- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Time-HiRes-1.9707-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Time-HiRes-1.9707- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Filesys-Df-0.90-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Filesys-Df-0.90- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Test-Harness-2.64-1 > Detected Compress-Zlib, building appropriately... > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Test-Harness-2.64- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Test-Simple-0.70-1 > Detected Compress-Zlib, building appropriately... > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Test-Simple-0.70- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Math-BigInt-1.86-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Math-BigInt-1.86- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Math-BigRat-0.19-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Math-BigRat-0.19- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-bignum-0.21-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-bignum-0.21-1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Net-IP-1.25-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Net-IP-1.25-1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Sys-Hostname-Long-1.4-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Sys-Hostname-Long-1.4- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Sys-Syslog-0.18-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Sys-Syslog-0.18- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Digest-MD5-2.36-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Digest-MD5-2.36- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Digest-SHA1-2.11-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Digest-SHA1-2.11- > 1.noarch.rpm. > Maybe it did not build correctly? > > Attempting to build and install perl-Net-DNS-0.63-1 > --rebuild: unknown option > > Missing file /usr/src/redhat/RPMS/noarch/perl-Net-DNS-0.63-1.noarch.rpm. > Maybe it did not build correctly? > > Installing tnef decoder > > Preparing? > ################################################## > package tnef-1.4.3-1.i386 have installed > > Now to install MailScanner itself. > > NOTE: If you get lots of errors here, run the install.sh script > NOTE: again with the command "./install.sh nodeps" > > Preparing? ########################################### > [100%] > Package mailscanner-4.68.8-1.noarch have installed > ---------------------------------------------------------- > Please buy the MailScanner book from www.mailscanner.info! > It is a very useful administration guide and introduction > to MailScanner. All the proceeds go directly to making > MailScanner a better supported package than it is today. > > [root@www MailScanner-4.68.8-1]# service MailScanner start > Starting MailScanner daemons: > incoming postfix: [ok] > outgoing postfix: [ok] > MailScanner: Can't locate Filesys/Df.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/site_perl/5.8.8/i386-linux- > thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread- > multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/ > lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/s > ite_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread- > multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread- > multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread- > multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread- > multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 / > usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib > /perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread- > multi /usr/lib/perl5/5.8.8 . /usr/lib/MailScanner) > at /usr/sbin/MailScanner line 66. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > [ok] > [root@www MailScanner-4.68.8-1]# service MailScanner status > Checking MailScanner daemons: > MailScanner: [failed] > [root@www MailScanner-4.68.8-1]# > > > > 99 on 100 you have to compile the Scalar-List-Utils-1.19 (grab it from CPAN) It seems it is broken in F7 and F8 (F9? who knows) After doing that install MS and be happy Hope this helps Ciaoooo Alessandro Bianchi -- *SkyNet SRL* P.zza XXV Aprile 14 - 28021 Borgomanero (NO) - ITALY Tel. +39 0322 836487/834765 - Fax.+39 0322.836608 info@skynet-srl.com -www.skynet-srl.com Le informazioni contenute in questo messaggio sono riservate e confidenziali ed ? vietata la diffusione in qualunque forma. Qualora Lei non fosse la persona a cui il presente messaggio ? destinato, La invitiamo ad eliminarlo e a non leggerlo, dandocene gentilmente comunicazione. Per qualsiasi informazione in merito si prega di contattare info@skynet-srl.com . ( Rif. D.L. 196/200 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/d4f3cd0f/attachment.html From gwong at linktechit.com Wed Apr 9 14:34:39 2008 From: gwong at linktechit.com (Gregory Wong) Date: Wed Apr 9 14:35:22 2008 Subject: SA-Update Problem Message-ID: I am having issues when I run SA-Update. I get the following error: Insecure dependency in open while running with -T switch at /usr/lib/perl/5.8/IO/File.pm line 188. I have searched and it looks like I am missing a perl module IO::File but when I try to install it in CPAN it says it cannot be found. Any suggestions? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/ea6834a9/attachment.html From wm at meta.net Wed Apr 9 14:47:29 2008 From: wm at meta.net (Michael Weis) Date: Wed Apr 9 14:49:56 2008 Subject: misuse MailScanner In-Reply-To: <223f97700804080425y7058a376v8b95b558e6ba3d27@mail.gmail.com> References: <47FB3A63.2040602@meta.net> <223f97700804080425y7058a376v8b95b558e6ba3d27@mail.gmail.com> Message-ID: <47FCC8F1.9020406@meta.net> Glenn Steen schrieb: > On 08/04/2008, Michael Weis wrote: > >> Hello everyone, >> >> we are planing to create an email-account to which >> only mails with attachments will be send. >> >> I have the job to extract this attachments from >> the mail and handle them >> (save, print, archive) >> >> So far so good, but I have no idea >> how to get the attachments to a disk. >> >> I know mailscanner does this while scanning >> for viruses (right?). >> >> So how can I tell mailscanner to just save >> attachments from a certain user's emails ? >> (no problem if they were scanned before) >> >> I searched the mailing-list-archive >> but it seemed that nobody has to do this >> before. >> >> > > You can use numerous tools and do this at several "levels"... Since > the non-spam quarantine wouldn't contain the "decoded" attachment, you > can't use that (a simple "store" for that user in a ruleset on Non > Spam Actions), but rather would have to do something else ... a > CustomFunction or perhaps the spiffy SpamAssassin rule actions... But > simplest would perhaps be to use procmail at delivery and/or some tool > like mmdecode/metamail or whatnot. > Been a few years (... like ... 10...:-) since last I needed do > anything like that... might be easier now:-). > > Cheers > Thanks for this quick reply Glenn, at first I want to apologize for my first mail, it has not a good subject; should be "let MailScanner save attachments" or so second I haven't told what I have done so far well: I configured fetchmail to fetch the mail from the account :-) next I configured procmail to process the mail with a python- script I downloaded from the internet. This script should extract the attachment from the mail. But the script has an error. I have to say that I'm just a "copy'n'past" programmer in python, so it was not possible for me to eleminate the error in the python-script So that took me over a day (procmail-receipts are awful). I had the idea to use MailScanner for the job after giving up on the procmail-way. MailScanner idea: All mail-attachments going to a certain user are stored in the quaratine-directory. To realize that MailScanner "just" has to not-delete the scanned messages. Is this a possible way? Greetings Michael -- meta Trennwandanlagen, meta Stra?e, D-56579 Rengsdorf Rechtsform: GmbH & Co. KG, Amtsgericht Montabaur HRA 10582 Pers?nlich haftende Gesellschafterin: meta Trennwandanlagen Verwaltungsgesellschaft mbH Amtsgericht Montabaur HRB 10061, Sitz der Gesellschaft: D-56579 Rengsdorf Gesch?ftsf?hrer: Klaus Weidemann, Uwe Weidemann Ust-Id-Nr. DE 149513506 From Amelein at dantumadeel.nl Wed Apr 9 15:11:52 2008 From: Amelein at dantumadeel.nl (Amelein@dantumadeel.nl) Date: Wed Apr 9 15:12:52 2008 Subject: Betr.: Re: misuse MailScanner In-Reply-To: <47FCC8F1.9020406@meta.net> References: <47FB3A63.2040602@meta.net> <223f97700804080425y7058a376v8b95b558e6ba3d27@mail.gmail.com> <47FCC8F1.9020406@meta.net> Message-ID: <47FCEAC8.BDBC.008E.3@Dantumadeel.nl> >>> Op 9-4-2008 om 3:47 is in bericht <47FCC8F1.9020406@meta.net> door Michael Weis geschreven: > > Glenn Steen schrieb: >> On 08/04/2008, Michael Weis wrote: >> >>> Hello everyone, >>> >>> we are planing to create an email-account to which >>> only mails with attachments will be send. >>> >>> I have the job to extract this attachments from >>> the mail and handle them >>> (save, print, archive) >>> >>> So far so good, but I have no idea >>> how to get the attachments to a disk. >>> >>> I know mailscanner does this while scanning >>> for viruses (right?). >>> >>> So how can I tell mailscanner to just save >>> attachments from a certain user's emails ? >>> (no problem if they were scanned before) >>> >>> I searched the mailing-list-archive >>> but it seemed that nobody has to do this >>> before. >>> >>> >> >> You can use numerous tools and do this at several "levels"... Since >> the non-spam quarantine wouldn't contain the "decoded" attachment, you >> can't use that (a simple "store" for that user in a ruleset on Non >> Spam Actions), but rather would have to do something else ... a >> CustomFunction or perhaps the spiffy SpamAssassin rule actions... But >> simplest would perhaps be to use procmail at delivery and/or some tool >> like mmdecode/metamail or whatnot. >> Been a few years (... like ... 10...:-) since last I needed do >> anything like that... might be easier now:-). >> >> Cheers >> > > Thanks for this quick reply Glenn, > > at first I want to apologize for my first mail, > it has not a good subject; should be "let MailScanner save attachments" > or so > > second I haven't told what I have done so far > well: > I configured fetchmail to fetch the mail from the account :-) > next I configured procmail to process the mail with a python- > script I downloaded from the internet. > This script should extract the attachment from the mail. > But the script has an error. > > I have to say that I'm just a "copy'n'past" programmer in python, > so it was not possible for me to eleminate the error in the python-script > > So that took me over a day (procmail-receipts are awful). > I had the idea to use MailScanner for the job after giving up on the > procmail-way. > > MailScanner idea: > All mail-attachments going to a certain user are stored in the > quaratine-directory. > To realize that MailScanner "just" has to not-delete the scanned messages. > > Is this a possible way? > > > Greetings > > Michael You could put a ruleset in the 'Non Spam Actions' to store anything for that certain address I think. Either that or try with archiving rules. - Arjan ************************************************************************** De inhoud van deze e-mail is uitsluitend bestemd voor de geadresseerde(n). Wanneer de e-mail ten onrechte bij u terecht is gekomen, wordt u verzocht contact op te nemen met de afzender. Gebruik van de inhoud van deze e-mail zonder toestemming van de afzender is niet toegestaan en onrechtmatig. Aan de inhoud van deze e-mail kunnen geen rechten worden ontleend. De gemeente Dantumadeel sluit iedere aansprakelijkheid uit die kan voortvloeien uit de inhoud van deze e-mail. DENK AAN ONS MILIEU VOORDAT U BESLUIT OM DEZE E-MAIL TE PRINTEN! ************************************************************************** From MailScanner at ecs.soton.ac.uk Wed Apr 9 15:17:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 9 15:18:09 2008 Subject: SA-Update Problem In-Reply-To: References: Message-ID: <47FCCFF0.3080906@ecs.soton.ac.uk> Tell CPAN to install "IO" and not "IO::File" and it should find that one. Gregory Wong wrote: > I am having issues when I run SA-Update. I get the following error: > > Insecure dependency in open while running with -T switch at > /usr/lib/perl/5.8/IO/File.pm line 188. > > I have searched and it looks like I am missing a perl module IO::File > but when I try to install it in CPAN it says it cannot be found. > > Any suggestions? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Wed Apr 9 15:33:54 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Apr 9 15:34:59 2008 Subject: SA-Update Problem In-Reply-To: References: Message-ID: <47FCD3D2.9030002@evi-inc.com> Gregory Wong wrote: > I am having issues when I run SA-Update. I get the following error: > > Insecure dependency in open while running with -T switch at > /usr/lib/perl/5.8/IO/File.pm line 188. > > I have searched and it looks like I am missing a perl module IO::File > but when I try to install it in CPAN it says it cannot be found. > > Any suggestions? Well, you're definitely not missing IO::File.. It was running in that module when then error occurred. It's got to be present to be running ;) Anyway, CPAN should work for IO::File, ie: this command line should work: perl -MCPAN -e 'install IO::File' However, your problem could be one of two problems. Either your IO::File is corrupted or your SpamAssassin is old and buggy.. Are you by chance running a fairly old SpamAssassin (ie: pre 3.2.0?) Some possibly related bugs: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5061 https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5216 Also in this post: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200702.mbox/%3c45CBAB37.8060409@dostech.ca%3e Daryl O'Shea implies that this exact error message is a known issue in SA pre 3.1.0. From gborders at balanceconsult.com Wed Apr 9 17:16:55 2008 From: gborders at balanceconsult.com (Greg Borders) Date: Wed Apr 9 17:18:09 2008 Subject: misuse MailScanner In-Reply-To: <47FB3A63.2040602@meta.net> References: <47FB3A63.2040602@meta.net> Message-ID: <47FCEBF7.2070205@balanceconsult.com> Michael Weis wrote: > Hello everyone, > > we are planing to create an email-account to which > only mails with attachments will be send. > > I have the job to extract this attachments from > the mail and handle them > (save, print, archive) > > So far so good, but I have no idea > how to get the attachments to a disk. > > I know mailscanner does this while scanning > for viruses (right?). > > So how can I tell mailscanner to just save > attachments from a certain user's emails ? > (no problem if they were scanned before) > > I searched the mailing-list-archive > but it seemed that nobody has to do this > before. > > > Greetings and thanks in advance > > > Michael > I have used a combination of a procmail recipe and the oh so sweet tool *ripmime* (http://www.pldaniels.com/ripmime/) to auto extract attachments from mail in a sendmail environment. (should work with other MTAs.) With a simple bash script triggered by the procmail recipe, you can easily 'rip out' attachments and do what ever to it (save, print, archive) within the script, with no need to monkey around with your mailscanner setup whatsoever. Hope this helps! Greg. -- This email message and any document accompanying it may contain information intended only for the person(s) named. Any use, distribution, copying or disclosure by another person is strictly prohibited. NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: DISCLOSURE UNDER TREASURY CIRCULAR 230: Any tax advice included in this written or electronic communication was not intended or written to be used, and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer by any governmental taxing authority or agency. This written or electronic communication does not represent legal advice. Persons in need of a legal opinion should seek competent counsel. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/1a15980c/attachment.html From glenn.steen at gmail.com Wed Apr 9 18:35:38 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 9 18:36:14 2008 Subject: misuse MailScanner In-Reply-To: <47FCEBF7.2070205@balanceconsult.com> References: <47FB3A63.2040602@meta.net> <47FCEBF7.2070205@balanceconsult.com> Message-ID: <223f97700804091035h207cce08w32ac47e09d859ca6@mail.gmail.com> On 09/04/2008, Greg Borders wrote: > > Michael Weis wrote: > Hello everyone, > > we are planing to create an email-account to which > only mails with attachments will be send. > > I have the job to extract this attachments from > the mail and handle them > (save, print, archive) > > So far so good, but I have no idea > how to get the attachments to a disk. > > I know mailscanner does this while scanning > for viruses (right?). > > So how can I tell mailscanner to just save > attachments from a certain user's emails ? > (no problem if they were scanned before) > > I searched the mailing-list-archive > but it seemed that nobody has to do this > before. > > > Greetings and thanks in advance > > > Michael > > I have used a combination of a procmail recipe and the oh so sweet tool > ripmime (http://www.pldaniels.com/ripmime/) to auto extract > attachments from mail in a sendmail environment. (should work with other > MTAs.) With a simple bash script triggered by the procmail recipe, you can > easily 'rip out' attachments and do what ever to it (save, print, archive) > within the script, with no need to monkey around with your mailscanner setup > whatsoever. > > Hope this helps! > Greg. > Ah, thanks Greg.... I had a faint recollection that there had been a thread like this before, and that someone (you, likely) suggested a more ... modern tool:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Rich.West at wesmo.com Wed Apr 9 18:44:00 2008 From: Rich.West at wesmo.com (Rich West) Date: Wed Apr 9 18:46:06 2008 Subject: MailScanner + Sendmail = "user unknown" Message-ID: <47FD0060.3020302@wesmo.com> I've inherited a MailScanner setup that is pretty questionable (from a security standpoint), and I'm rebuilding the box from scratch. I've gotten everything installed (CentOS, clamav, SA, MailScanner, Sendmail) to have the system act as a relay to an exchange backend. Oddly, it does not seem to be picking up the messages that are being left in /var/spool/mqueue.in. I see the messages being deposited there, but they don't seem to be acted upon. Is there, perhaps, setting that I might have missed/glossed over that is obvious? -Rich From mikes at hartwellcorp.com Wed Apr 9 18:52:52 2008 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Wed Apr 9 18:54:21 2008 Subject: Where to increase the RAZOR2_CF scores? Message-ID: <3BF93070B3D1B047BA7ABF612958950D02CF60D5@hcex.hartwellcorp.com> There's no loop in there Hugo. There's a Proxy for SMTP connections involved in the transaction but there is no loop. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Hugo van der Kooij > Sent: Tuesday, April 08, 2008 2:41 PM > To: MailScanner discussion > Subject: Re: Where to increase the RAZOR2_CF scores? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Michael St. Laurent wrote: > | I was wondering how I would see all the rule names for > Razor2 matches > | and which file would be the best place to add increased > scores for them. > > Could you fix the loop in your SMTP network FIRST? This is > bound to get > you into trouble sooner or later. > > Check out these headers: > > Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7]) > by balin.waakhond.net (Postfix) with ESMTP id 4F19417E83BF > for ; Tue, 8 Apr 2008 > 23:22:34 +0200 (CEST) > Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1]) > by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id > m38LJOXw000373; > Tue, 8 Apr 2008 22:19:32 +0100 > X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 > bwarsaw Exp $ > Received: from hcfw1.hartwellcorp.com (guardian.hartwellcorp.com > [216.237.48.18]) > by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id > m38KCqva028641 > for ; Tue, 8 Apr > 2008 21:13:25 +0100 > X-Hartwell-MailScanner-Watermark: > 1208290368.35685@76WyA74NVfugdnG4EGswsQ > Received: (from mail@localhost) > by hcfw1.hartwellcorp.com (8.13.8/8.12.8) id m38KCmbW020237 > for ; Tue, 8 Apr > 2008 13:12:48 -0700 > X-Authentication-Warning: hcfw1.hartwellcorp.com: mail set sender to > using -f > X-Authentication-Warning: hcfw1.hartwellcorp.com: Processed from queue > /var/spool/mqueue.in/ > Received: from hcex.hartwellcorp.com (EHLO hcex.hartwellcorp.com) > (10.11.10.14) by hcfw1.hartwellcorp.com via smap > (V2.1+anti-relay+anti-spam) id xma020233; Tue, 8 Apr 08 > 20:12:41 GMT > X-MimeOLE: Produced By Microsoft Exchange V6.5 > > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFH++ZrBvzDRVjxmYERAhXGAKCxvTwu6ZcTE5Qc9BCxdPypbxKGswCffxqD > RHI9GzlxJxf51eDm0GvSD0I= > =oy69 > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Wed Apr 9 19:17:51 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 9 19:18:28 2008 Subject: MailScanner + Sendmail = "user unknown" In-Reply-To: <47FD0060.3020302@wesmo.com> References: <47FD0060.3020302@wesmo.com> Message-ID: <223f97700804091117m725ff4bekd5d5a883afc98569@mail.gmail.com> On 09/04/2008, Rich West wrote: > I've inherited a MailScanner setup that is pretty questionable (from a > security standpoint), and I'm rebuilding the box from scratch. I've > gotten everything installed (CentOS, clamav, SA, MailScanner, Sendmail) > to have the system act as a relay to an exchange backend. > > Oddly, it does not seem to be picking up the messages that are being > left in /var/spool/mqueue.in. I see the messages being deposited there, > but they don't seem to be acted upon. Is there, perhaps, setting that I > might have missed/glossed over that is obvious? > > -Rich Versions? Have you run "MailScanner --lint" and/or "MailScanner --debug"? What does "ps -ef" tell you? Is MailScanner running, and what does it claim it is doing? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brose at med.wayne.edu Wed Apr 9 19:19:21 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Apr 9 19:20:03 2008 Subject: Whitelist/Blacklists and BATV In-Reply-To: <47FB6A88.4000608@ecs.soton.ac.uk> References: <47F90C41.9060401@ecs.soton.ac.uk><625385e30804080509q43762cbsc39c7a5d87cb9939@mail.gmail.com> <47FB6A88.4000608@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A761804C7@MED-CORE03-MS1.med.wayne.edu> I'm staring to see BATV use increasing. Has anyone thought about how this effects whitelists, mta acls, etc? It looks like such things are broken because if an end-user whitelists joe@foo.com and BATV has the mail from as prvs=joe=1312@foo.com, then that whitelisting has no effect. And since the BATV signature changes, they can't whitelist that even if they new what batv signed address was for that sender. Any thought about how to resolve this? I was thinking of stripping out the batv stuff to get the senders address for matching but I see different kinds of prvs= addresses out there. Some have prvs=xxxxx=joe@foo.com and others have prvs=joe=xxxx@foo.com Bobby From mkercher at nfsmith.com Wed Apr 9 19:26:20 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Wed Apr 9 19:27:20 2008 Subject: MailScanner + Sendmail = "user unknown" In-Reply-To: <47FD0060.3020302@wesmo.com> References: <47FD0060.3020302@wesmo.com> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rich West Sent: Wednesday, April 09, 2008 12:44 PM To: mailscanner@lists.mailscanner.info Subject: MailScanner + Sendmail = "user unknown" I've inherited a MailScanner setup that is pretty questionable (from a security standpoint), and I'm rebuilding the box from scratch. I've gotten everything installed (CentOS, clamav, SA, MailScanner, Sendmail) to have the system act as a relay to an exchange backend. Oddly, it does not seem to be picking up the messages that are being left in /var/spool/mqueue.in. I see the messages being deposited there, but they don't seem to be acted upon. Is there, perhaps, setting that I might have missed/glossed over that is obvious? -Rich -- Did you: service sendmail stop chkconfig sendmail off chkconfig MailScanner on service MailScanner start Mike From izghitu at gmail.com Wed Apr 9 19:35:03 2008 From: izghitu at gmail.com (George) Date: Wed Apr 9 19:35:37 2008 Subject: Spamassassin not detecting spam Message-ID: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> Hi, I am new to MailScanner so please excuse me if this is a stupid help request. I have CentOS 5 with the latest MailScanner, the latest ClamAV, the latest SpamAssassin, the latest Postfix and the latest MailWatch. I set everything up using the docs from www.mailscanner.info I set up the SARE spamassassin rules. The issue is that all messages that are scanned by MS/SA get a 0 spam score. The SA lint show that all the rules/filters are parsed but in the end the spam score is almost always 0 Am I doing anything wrong? Where should I look at? Is this the right place to ask for help? Thanks From test at remedial-teacher.nl Wed Apr 9 19:57:38 2008 From: test at remedial-teacher.nl (Test) Date: Wed Apr 9 20:00:27 2008 Subject: Spamassassin not detecting spam In-Reply-To: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> References: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> Message-ID: <20080409205617.A8E0.EE63E960@remedial-teacher.nl> did you try the sample spam mails ? (/usr/share/doc/spamassassin-3.2.4/sample-spam.txt) -- Test From MailScanner at ecs.soton.ac.uk Wed Apr 9 20:01:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 9 20:01:45 2008 Subject: Spamassassin not detecting spam In-Reply-To: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> References: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> Message-ID: <47FD126E.2010205@ecs.soton.ac.uk> George wrote: > Hi, > > I am new to MailScanner so please excuse me if this is a stupid help request. > > I have CentOS 5 with the latest MailScanner, the latest ClamAV, the > latest SpamAssassin, the latest Postfix and the latest MailWatch. > > I set everything up using the docs from www.mailscanner.info > > I set up the SARE spamassassin rules. > > The issue is that all messages that are scanned by MS/SA get a 0 spam score. > > The SA lint show that all the rules/filters are parsed but in the end > the spam score is almost always 0 > spamassassin -t < sample-spam.txt will take the sample-spam.txt (shipped as part of the SpamAssassin distribution) and process it through your SpamAssassin setup and print a report on the end of it that shows what rules it hits and what its score is. Do that, and see what it says; do come back and tell us what it says. If it says 0 then you've got a SpamAssassin problem and really need to ask on the SpamAssassin list. If it gets 1000 points, then SpamAssassin is basically working, and the problem lies elsewhere. If so, then tell us what settings in MailScanner.conf you changed ("MailScanner --changed" will help you there). To start with, you don't actually need to change any settings in that file at all, except for the ones the "Installing MailScanner with Postfix" told you to. So I hope you didn't go through it randomly changing stuff :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From vernon at comp-wiz.com Wed Apr 9 21:24:11 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Wed Apr 9 21:24:51 2008 Subject: Mail Within my own domain name is being labeled as Spam Message-ID: <026c01c89a7f$abdef960$039cec20$@com> I have recent removed and reinstalled MailScanner and since that time I have noticed that mail for email addresses that exist on my own server are being labeled as spam. Anyone have any ideas? Vernon Webb (201) 703-1232 web designs & web hosting by comp-wiz.com, inc. Information in this transmission is privileged & confidential. It is intended for the use of the individual or entity named above. Any review, dissemination, disclosure, alteration, printing, circulation or transmission of this email or it's attachments is prohibited and unlawful. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/e878e5b4/attachment-0001.html From Rich.West at wesmo.com Wed Apr 9 21:47:45 2008 From: Rich.West at wesmo.com (Rich West) Date: Wed Apr 9 21:49:47 2008 Subject: MailScanner + Sendmail = stuck mail? In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> References: <47FD0060.3020302@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> Message-ID: <47FD2B71.5020908@wesmo.com> Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rich > West > Sent: Wednesday, April 09, 2008 12:44 PM > To: mailscanner@lists.mailscanner.info > Subject: MailScanner + Sendmail = "user unknown" > > I've inherited a MailScanner setup that is pretty questionable (from a > security standpoint), and I'm rebuilding the box from scratch. I've > gotten everything installed (CentOS, clamav, SA, MailScanner, Sendmail) > to have the system act as a relay to an exchange backend. > > Oddly, it does not seem to be picking up the messages that are being > left in /var/spool/mqueue.in. I see the messages being deposited there, > but they don't seem to be acted upon. Is there, perhaps, setting that I > might have missed/glossed over that is obvious? > > -Rich > > > -- > > Did you: > > service sendmail stop > chkconfig sendmail off > chkconfig MailScanner on > service MailScanner start Yes, I let MailScanner control the sendmail process. I guess I am wondering if there is anything special that needs to be done with the sendmail.cf or submit.cf.. it sendmail just supposed to be configured as a nullclient? If I configure it as a null client, the message gets delivered immediately and seems to bypass MailScanner all together.. However, when I configure it with a smart host (vs doing a null client), it gets delivered to the /var/spool/mqueue.in directory and doesn't go any where from there.. -Rich From mkettler at evi-inc.com Wed Apr 9 22:02:12 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Apr 9 22:03:10 2008 Subject: Mail Within my own domain name is being labeled as Spam In-Reply-To: <026c01c89a7f$abdef960$039cec20$@com> References: <026c01c89a7f$abdef960$039cec20$@com> Message-ID: <47FD2ED4.7060401@evi-inc.com> Vernon Webb wrote: > I have recent removed and reinstalled MailScanner and since that time I > have noticed that mail for email addresses that exist on my own server > are being labeled as spam. Anyone have any ideas? > Got a SpamCheck header from one of the messages? That should tell us what's going on, but without that it's anyone's guess... ie the one that looks similar to this: X-EVI-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.349, required 5, FORGED_RCVD_HELO 0.14, HTML_MESSAGE 0.00, HTML_TEXT_AFTER_BODY 0.12, INFO_GREYLIST_NOTDELAYED -0.00, L_S_WORDGEN 0.10, SPF_PASS -0.00) From vernon at comp-wiz.com Wed Apr 9 22:21:25 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Wed Apr 9 22:22:03 2008 Subject: Mail Within my own domain name is being labeled as Spam Message-ID: <02df01c89a87$aa7b02f0$ff7108d0$@com> Actually let me make a correction. The problem seems to be when someone responds to an email that it is labeled as SPAM but on the same domain. From: Vernon Webb [mailto:vernon@comp-wiz.com] Sent: Wednesday, April 09, 2008 4:24 PM To: MailScanner discussion Subject: Mail Within my own domain name is being labeled as Spam I have recent removed and reinstalled MailScanner and since that time I have noticed that mail for email addresses that exist on my own server are being labeled as spam. Anyone have any ideas? Vernon Webb (201) 703-1232 web designs & web hosting by comp-wiz.com, inc. Information in this transmission is privileged & confidential. It is intended for the use of the individual or entity named above. Any review, dissemination, disclosure, alteration, printing, circulation or transmission of this email or it's attachments is prohibited and unlawful. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/e5dff626/attachment.html From mikea at mikea.ath.cx Wed Apr 9 22:21:37 2008 From: mikea at mikea.ath.cx (mikea) Date: Wed Apr 9 22:22:14 2008 Subject: New server request In-Reply-To: <57573D714A832C43B9D80EAFBDA48D030A03EC5A@inex3.herffjones.hj-int> References: <47FB765B.6030402@pixelhammer.com> <47FB8081.4090208@sendit.nodak.edu> <47FBDBE3.3080204@pixelhammer.com> <57573D714A832C43B9D80EAFBDA48D030A03EC5A@inex3.herffjones.hj-int> Message-ID: <20080409212137.GD72084@mikea.ath.cx> On Tue, Apr 08, 2008 at 07:48:55PM -0400, Furnish, Trever G wrote: > Not really what you're looking for, but I run a small shell script that > sends a daily report of the previous day's delay reading as logged by > the sendmail process that handles mail in the queue after MailScanner > processes messages. My set-up only handles mail coming in from the > Internet to internal users, which makes the logic simpler. YMMV -- > you'd definitely need to change the code at least a little to fit your > environment, especially to distinguish between "inbound Internet mail" > and others. > > It produces output like so: > > Output from script /sysadm/scripts/local/report_delay.sh running on host > relay2.public.herff-jones.com under account root. > > This report shows the delay for message delivery as reported by sendmail > (...are you running sendmail?). These are only messages that were > already passed through by MS -- some 180K msgs are blocked each day by > the same system. [skip delay-length report] > The report only comes to me so I haven't worried about fixing the > outlying cases that appear to have taken nearly an hour -- they're not > real problems. > > You could easily get more granular if you need to. Having the report > helps me rest more easily -- I had no stats to back up my claim that > there wasn't a problem the first time I had a conversation with someone > claiming delivery was unreasonably slow. The "anything under three days > is good per the RFC" argument didn't go over very well. :-) > > I'm embarrassed by some of the code -- hit me up off-list if you want > the script, but I mostly thought the idea might be useful. :-) I've independently flanged up a similar script, which provides reports for me and (when people start complaining about delays) management. It has proven very useful to me for tweaking things, and to management for mollifying users. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From octaviomaiden at yahoo.com Wed Apr 9 22:25:43 2008 From: octaviomaiden at yahoo.com (Octavio) Date: Wed Apr 9 22:26:18 2008 Subject: Maximum Attachment Size In-Reply-To: <026c01c89a7f$abdef960$039cec20$@com> Message-ID: <964446.71032.qm@web38903.mail.mud.yahoo.com> Hi I try to use the parameter Max Attachment Size but it seems doesnt works, there is something wrong? here is what I use ###MailScanner.conf Maximum Attachment Size = /etc/MailScanner/rules/max.attachment.size ###/etc/MailScanner/rules/max.attachment.size To: userlocal@domainlocal.com 100 FromOrTo: default -1 I configure those parameters and test with a 500k mail attach and it is allowed without restrictions there is something else I have to do? thanks ____________________________________________________________________________________ ?Capacidad ilimitada de almacenamiento en tu correo! No te preocupes m?s por el espacio de tu cuenta con Correo Yahoo!: http://correo.espanol.yahoo.com/ From ishukor at gmail.com Wed Apr 9 22:27:19 2008 From: ishukor at gmail.com (ishukor) Date: Wed Apr 9 22:28:03 2008 Subject: MailScanner with DomainKey Message-ID: How to implement MailScanner with domainkey, DKIM, DKIMproxy or it does`nt support it yet. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080410/bbaf86af/attachment.html From izghitu at gmail.com Wed Apr 9 22:33:58 2008 From: izghitu at gmail.com (George) Date: Wed Apr 9 22:34:32 2008 Subject: Spamassassin not detecting spam In-Reply-To: <47FD126E.2010205@ecs.soton.ac.uk> References: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> <47FD126E.2010205@ecs.soton.ac.uk> Message-ID: <948a6d890804091433v5ed1a419ra588c40a1e5b0bdb@mail.gmail.com> Hi, Thanks for your replies. Here's what I get when running that command: [root@cpm-group Mail-SpamAssassin-3.2.4]# spamassassin -t < ./sample-spam.txt Subroutine FuzzyOcr::O_CREAT redefined at /usr/lib/perl5/5.8.8/Exporter.pm line 65. at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/POSIX.pm line 19 Subroutine FuzzyOcr::O_EXCL redefined at /usr/lib/perl5/5.8.8/Exporter.pm line 65. at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/POSIX.pm line 19 Subroutine FuzzyOcr::O_RDWR redefined at /usr/lib/perl5/5.8.8/Exporter.pm line 65. at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/POSIX.pm line 19 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on cpm-group.com Subject: Test spam mail (GTUBE) Message-ID: Date: Wed, 23 Jul 2003 23:30:00 +0200 From: Sender To: Recipient Precedence: junk MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit This is the GTUBE, the Generic Test for Unsolicited Bulk Email If your spam filter supports it, the GTUBE provides a test by which you can verify that the filter is installed correctly and is detecting incoming spam. You can send yourself a test mail containing the following string of characters (in upper case and with no white spaces and line breaks): XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X You should send this test mail from an account outside of your network. (no report template found) Also when I run: sendmail email@domain.com < ./sample-spam.txt it gets fine to my email marked as non spam X-CPMGroup-MailScanner: Found to be clean X-CPMGroup-MailScanner-From: root@cpm-group.com X-Spam-Status: No Please help. Thanks > spamassassin -t < sample-spam.txt > will take the sample-spam.txt (shipped as part of the SpamAssassin > distribution) and process it through your SpamAssassin setup and print a > report on the end of it that shows what rules it hits and what its score is. > Do that, and see what it says; do come back and tell us what it says. > > If it says 0 then you've got a SpamAssassin problem and really need to ask > on the SpamAssassin list. > > If it gets 1000 points, then SpamAssassin is basically working, and the > problem lies elsewhere. If so, then tell us what settings in > MailScanner.conf you changed ("MailScanner --changed" will help you there). > > To start with, you don't actually need to change any settings in that file > at all, except for the ones the "Installing MailScanner with Postfix" told > you to. So I hope you didn't go through it randomly changing stuff :-) > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From vernon at comp-wiz.com Wed Apr 9 22:39:19 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Wed Apr 9 22:39:56 2008 Subject: Mail Within my own domain name is being labeled as Spam In-Reply-To: <47FD2ED4.7060401@evi-inc.com> References: <026c01c89a7f$abdef960$039cec20$@com> <47FD2ED4.7060401@evi-inc.com> Message-ID: <02f001c89a8a$2b215bf0$816413d0$@com> > Got a SpamCheck header from one of the messages? That should tell us what's > going on, but without that it's anyone's guess... That the thing it doesn't really tell me much: Message-ID: <003f01c89a4f$99b8ad10$7301a8c0@D40C9HD1> MIME-Version: 1.0 Content-Type: multipart/alternative;boundary="----=_NextPart_000_0040_01C89A2E.12A70D10" X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 thread-index: AciaT5mLuN92LnQaTJKdUVuW2DPBNw== X-COMP-WIZ-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m39Ee286005325 X-COMP-WIZ-MailScanner: Found to be clean X-COMP-WIZ-MailScanner-SpamScore: ss X-COMP-WIZ-MailScanner-From: kbednarski@recruitsavvy.com X-Spam-Status: Yes X-UID: 55066 Status: RO Content-Length: 5734 -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From gwong at linktechit.com Wed Apr 9 22:54:32 2008 From: gwong at linktechit.com (Gregory Wong) Date: Wed Apr 9 22:55:16 2008 Subject: SA-Update Problem In-Reply-To: <47FCD3D2.9030002@evi-inc.com> Message-ID: I am running version 3.1.0. I have been weary to upgrade to the latest because I've read that there are bugs in SA that allows all mail through even if its spam. On 4/9/08 10:33 AM, "Matt Kettler" wrote: Gregory Wong wrote: > I am having issues when I run SA-Update. I get the following error: > > Insecure dependency in open while running with -T switch at > /usr/lib/perl/5.8/IO/File.pm line 188. > > I have searched and it looks like I am missing a perl module IO::File > but when I try to install it in CPAN it says it cannot be found. > > Any suggestions? Well, you're definitely not missing IO::File.. It was running in that module when then error occurred. It's got to be present to be running ;) Anyway, CPAN should work for IO::File, ie: this command line should work: perl -MCPAN -e 'install IO::File' However, your problem could be one of two problems. Either your IO::File is corrupted or your SpamAssassin is old and buggy.. Are you by chance running a fairly old SpamAssassin (ie: pre 3.2.0?) Some possibly related bugs: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5061 https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5216 Also in this post: http://mail-archives.apache.org/mod_mbox/spamassassin-users/200702.mbox/%3c45CBAB37.8060409@dostech.ca%3e Daryl O'Shea implies that this exact error message is a known issue in SA pre 3.1.0. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/7a82b2be/attachment.html From ssilva at sgvwater.com Wed Apr 9 23:03:37 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 9 23:04:41 2008 Subject: how to fix Blacklist In-Reply-To: References: <20080408041836.3585ECBE80@ws5-11.us4.outblaze.com> Message-ID: on 4-8-2008 11:28 PM Koopmann, Jan-Peter spake the following: >> If you run a mail server you should be reading your postmaster mail >> everyday. If you do not want to, then you should outsource your email >> to >> someone who will. > > Well spoken but far from reality. Most people don't and it really is not > necessary that much. If our system blocks you it will tell you why and > how to contact us via phone, chat, web whatever you like. In the real I get that everyday. My users couldn't/won't/are too stupid to read a bounce message and always assume it is our end. But then I still get a wrong number on the phone and instantly get the same caller because he hit the redial button (he/she just assumes that the phone or phone company dialed the number wrong). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/28ef2ff6/signature.bin From ssilva at sgvwater.com Wed Apr 9 23:29:40 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 9 23:30:22 2008 Subject: Spamassassin not detecting spam In-Reply-To: <948a6d890804091433v5ed1a419ra588c40a1e5b0bdb@mail.gmail.com> References: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> <47FD126E.2010205@ecs.soton.ac.uk> <948a6d890804091433v5ed1a419ra588c40a1e5b0bdb@mail.gmail.com> Message-ID: on 4-9-2008 2:33 PM George spake the following: > Hi, > > Thanks for your replies. Here's what I get when running that command: > [root@cpm-group Mail-SpamAssassin-3.2.4]# spamassassin -t < ./sample-spam.txt > Subroutine FuzzyOcr::O_CREAT redefined at > /usr/lib/perl5/5.8.8/Exporter.pm line 65. > at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/POSIX.pm line 19 > Subroutine FuzzyOcr::O_EXCL redefined at > /usr/lib/perl5/5.8.8/Exporter.pm line 65. > at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/POSIX.pm line 19 > Subroutine FuzzyOcr::O_RDWR redefined at > /usr/lib/perl5/5.8.8/Exporter.pm line 65. > at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/POSIX.pm line 19 > X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on cpm-group.com > Subject: Test spam mail (GTUBE) > Message-ID: > Date: Wed, 23 Jul 2003 23:30:00 +0200 > From: Sender > To: Recipient > Precedence: junk > MIME-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > Looks like a broken or misconfigured fuzzyocr plugin. Maybe you should remove it to get things working and then you can add it back later. Just remove (or move) the FuzzyOcr.cf and FuzzyOcr.pm files from /etc/mail/spamassassin and re run the tests. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/5dfa3fc6/signature.bin From ssilva at sgvwater.com Wed Apr 9 23:32:25 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 9 23:35:14 2008 Subject: Mail Within my own domain name is being labeled as Spam In-Reply-To: <02df01c89a87$aa7b02f0$ff7108d0$@com> References: <02df01c89a87$aa7b02f0$ff7108d0$@com> Message-ID: on 4-9-2008 2:21 PM Vernon Webb spake the following: > Actually let me make a correction. The problem seems to be when someone > responds to an email that it is labeled as SPAM but on the same domain. > If they reply to spam, and quote the parts of the message that were detected as spam it will get caught again. If you don't want to scan your internal users for spam you can whitelist them. But whitelist by ip address, not domain name. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/9c1b8a03/signature.bin From ssilva at sgvwater.com Wed Apr 9 23:35:51 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 9 23:40:13 2008 Subject: MailScanner with DomainKey In-Reply-To: References: Message-ID: on 4-9-2008 2:27 PM ishukor spake the following: > How to implement MailScanner with domainkey, DKIM, DKIMproxy or it does`nt > support it yet. > Use the spamassassin plugin for incoming tests, or one of the milters on your MTA if you want to sign your outgoing. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/c3a00499/signature.bin From ssilva at sgvwater.com Wed Apr 9 23:34:21 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 9 23:45:11 2008 Subject: Maximum Attachment Size In-Reply-To: <964446.71032.qm@web38903.mail.mud.yahoo.com> References: <026c01c89a7f$abdef960$039cec20$@com> <964446.71032.qm@web38903.mail.mud.yahoo.com> Message-ID: on 4-9-2008 2:25 PM Octavio spake the following: > Hi > I try to use the parameter Max Attachment Size but it > seems doesnt works, there is something wrong? > > here is what I use > ###MailScanner.conf > Maximum Attachment Size = > /etc/MailScanner/rules/max.attachment.size Did you try this with .rules appended to the filename? In some cases the rules parser needs the file name to end in .rules so I just got in the habit of adding it on all of them to be safe. > > > ###/etc/MailScanner/rules/max.attachment.size > To: userlocal@domainlocal.com 100 > FromOrTo: default -1 > > > I configure those parameters and test with a 500k mail > attach and it is allowed without restrictions > > there is something else I have to do? > > thanks > > > > ____________________________________________________________________________________ > ?Capacidad ilimitada de almacenamiento en tu correo! > No te preocupes m?s por el espacio de tu cuenta con Correo Yahoo!: > http://correo.espanol.yahoo.com/ -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080409/9f2104ac/signature.bin From Rich.West at wesmo.com Thu Apr 10 01:51:42 2008 From: Rich.West at wesmo.com (Rich West) Date: Thu Apr 10 01:51:50 2008 Subject: MailScanner + Sendmail = "user unknown" In-Reply-To: <223f97700804091117m725ff4bekd5d5a883afc98569@mail.gmail.com> References: <47FD0060.3020302@wesmo.com> <223f97700804091117m725ff4bekd5d5a883afc98569@mail.gmail.com> Message-ID: <47FD649E.8030107@wesmo.com> Glenn Steen wrote: > On 09/04/2008, Rich West wrote: > >> I've inherited a MailScanner setup that is pretty questionable (from a >> security standpoint), and I'm rebuilding the box from scratch. I've >> gotten everything installed (CentOS, clamav, SA, MailScanner, Sendmail) >> to have the system act as a relay to an exchange backend. >> >> Oddly, it does not seem to be picking up the messages that are being >> left in /var/spool/mqueue.in. I see the messages being deposited there, >> but they don't seem to be acted upon. Is there, perhaps, setting that I >> might have missed/glossed over that is obvious? >> >> -Rich >> > > Versions? > > Have you run "MailScanner --lint" and/or "MailScanner --debug"? What > does "ps -ef" tell you? Is MailScanner running, and what does it claim > it is doing? Oh.. sorry.. it's a fresh install on CentOS using the latest version of MailScanner, Sendmail, SA, and clamav. I hadn't tried MailScanner --debug but I did enable debug within MailScanner.conf (didn't give me many hints), but while watching the logs, after it forks off all of it's processes, it just seems to sit there.. waiting. The MailScanner processes are definitely running. -Rich From bob.jones at usg.edu Thu Apr 10 02:27:15 2008 From: bob.jones at usg.edu (Bob Jones) Date: Thu Apr 10 02:28:09 2008 Subject: mailscanner install... mailtools requires perl 5.8 still? Message-ID: <47FD6CF3.10404@usg.edu> Hey all, I have a user I'm supporting running Solaris 9. He's trying to install version 4.68.8 and the installer is running into the error of mailtools requiring perl 5.8 and Solaris 9 only comes with 5.6. (I know the previous has probably all been covered before... sorry.) I found some discussion in the archives about the above fact in the "MailScanner --lint doesn't check Eicar virus - OK here!" thread, but never came across any final solution as to what to do about this problem for Solaris. Did a solution other than "find some way to use perl 5.8" ever present itself? Thanks for your help, Bob From octaviomaiden at yahoo.com Thu Apr 10 02:31:08 2008 From: octaviomaiden at yahoo.com (Octavio) Date: Thu Apr 10 02:31:42 2008 Subject: Maximum Attachment Size In-Reply-To: Message-ID: <321169.10461.qm@web38909.mail.mud.yahoo.com> Thanks Scott I tried put the .rules extension but it still doesnt work Octavio --- Scott Silva escribi?: > on 4-9-2008 2:25 PM Octavio spake the following: > > Hi > > I try to use the parameter Max Attachment Size but > it > > seems doesnt works, there is something wrong? > > > > here is what I use > > ###MailScanner.conf > > Maximum Attachment Size = > > /etc/MailScanner/rules/max.attachment.size > Did you try this with .rules appended to the > filename? In some cases the rules > parser needs the file name to end in .rules so I > just got in the habit of > adding it on all of them to be safe. > > > > > > ###/etc/MailScanner/rules/max.attachment.size > > To: userlocal@domainlocal.com 100 > > FromOrTo: default -1 > > > > > > I configure those parameters and test with a 500k > mail > > attach and it is allowed without restrictions > > > > there is something else I have to do? > > > > thanks > > > > > > > > > ____________________________________________________________________________________ > > ???Capacidad ilimitada de almacenamiento en tu > correo! > > No te preocupes m???s por el espacio de tu cuenta > con Correo Yahoo!: > > http://correo.espanol.yahoo.com/ > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > ____________________________________________________________________________________ ?Capacidad ilimitada de almacenamiento en tu correo! No te preocupes m?s por el espacio de tu cuenta con Correo Yahoo!: http://correo.espanol.yahoo.com/ From vernon at comp-wiz.com Thu Apr 10 02:34:14 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Thu Apr 10 02:34:51 2008 Subject: Mail Within my own domain name is being labeled as Spam In-Reply-To: References: <02df01c89a87$aa7b02f0$ff7108d0$@com> Message-ID: <036501c89aaa$fc70ae20$f5520a60$@com> They are not quoting something with Spam in it. The emails are being sent from me, to them and then when they respond they come back as Spam. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: Wednesday, April 09, 2008 6:32 PM To: mailscanner@lists.mailscanner.info Subject: Re: Mail Within my own domain name is being labeled as Spam on 4-9-2008 2:21 PM Vernon Webb spake the following: > Actually let me make a correction. The problem seems to be when > someone responds to an email that it is labeled as SPAM but on the same domain. > If they reply to spam, and quote the parts of the message that were detected as spam it will get caught again. If you don't want to scan your internal users for spam you can whitelist them. But whitelist by ip address, not domain name. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From hvdkooij at vanderkooij.org Thu Apr 10 06:00:09 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 10 06:00:54 2008 Subject: Mail Within my own domain name is being labeled as Spam In-Reply-To: <026c01c89a7f$abdef960$039cec20$@com> References: <026c01c89a7f$abdef960$039cec20$@com> Message-ID: <47FD9ED9.5040406@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vernon Webb wrote: | I have recent removed and reinstalled MailScanner and since that time I | have noticed that mail for email addresses that exist on my own server | are being labeled as spam. Anyone have any ideas? Show mailscanner config, full message header of inbound and outbound message before and after MS, internal topology. Please do not expect others to answer this in the blind. And did you do a full job on training your bayesian database? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH/Z7YBvzDRVjxmYERAtqfAJwMy1fuziERxhUQQJqcUlxqaTiibQCgufjG VVr/SahH6CKVpyFDU4z3Ggg= =GBMy -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Apr 10 06:06:13 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 10 06:06:22 2008 Subject: Maximum Attachment Size In-Reply-To: <964446.71032.qm@web38903.mail.mud.yahoo.com> References: <964446.71032.qm@web38903.mail.mud.yahoo.com> Message-ID: <47FDA045.9090804@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Octavio wrote: | Hi | I try to use the parameter Max Attachment Size but it | seems doesnt works, there is something wrong? | | here is what I use | ###MailScanner.conf | Maximum Attachment Size = | /etc/MailScanner/rules/max.attachment.size | | | ###/etc/MailScanner/rules/max.attachment.size | To: userlocal@domainlocal.com 100 | FromOrTo: default -1 | | | I configure those parameters and test with a 500k mail | attach and it is allowed without restrictions | | there is something else I have to do? First of: Do not steal a thread. Show the real config section + rule file and the full message header after it passed MailScanner. What does your syslog show for the same message? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH/aBDBvzDRVjxmYERAiG8AKCrgxve+XZB5InpPJTwbFG2V3h4pgCbBhQV lQk6Jogtr79xapkJLTqnNlE= =3R6A -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Apr 10 06:08:05 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 10 06:08:15 2008 Subject: MailScanner with DomainKey In-Reply-To: References: Message-ID: <47FDA0B5.6070602@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ishukor wrote: | How to implement MailScanner with domainkey, DKIM, DKIMproxy or it does`nt | support it yet. Keep in mind that the majority of DKIM messages I have seen so far are from ..... spammers. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH/aCyBvzDRVjxmYERAvXXAKCJQ/yfP/q8ihmUB1pvmpqjwPXw2wCeP+ZN GJdkOxBJXihwaitIFdFXeh0= =idz9 -----END PGP SIGNATURE----- From ram at netcore.co.in Thu Apr 10 07:29:08 2008 From: ram at netcore.co.in (ram) Date: Thu Apr 10 07:29:52 2008 Subject: After upgrade MailScanner to 4.68 just hangs at extracting attachments Message-ID: <1207808948.26556.16.camel@localhost.localdomain> I recently upgraded to MailScanner 4.68-8.1 from 4.5 Now After upgrading the conf file I can see no mails being scanned at all If I start MailScanner in debug mode it just hangs at "Trying to setlogsock(unix)" Can someone tell me what has gone wrong please MailScanner --lint output ---------- [root@spam4 MailScanner]# MailScanner --lint Trying to setlogsock(unix) Could not open ruleset's address pattern list file /o=fairplace/ou=firstadministrativegroup/cn=configuration/cn=servers/cn=fairplacedc/cn=microsoftpublicmdb, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 2007 Could not open ruleset's address pattern list file /o=fairplace/ou=firstadministrativegroup/cn=recipients/cn=nicola.barker@mcmsltd.co.uk, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 2007 Read 830 hostnames from the phishing whitelist Read 6192 hostnames from the phishing blacklist Config: calling custom init function NetcoreLog Starting Netcore Log ... Checking version numbers... Version number in MailScanner.conf (4.68.8) is correct. Unrar is not installed, it should be in . This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. MailScanner setting GID to (102) MailScanner setting UID to (100) Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database Apr 10 11:57:34.703487 check[16480]: [ 2] [bootup] Logging initiated LogDebugLevel=3 to stdout Apr 10 11:57:38.924689 check[16480]: [ 3] mail 1 is not known spam. SpamAssassin reported no errors. lock.pl sees Config LockType = posix lock.pl sees have_module = 0 Using locktype = posix MailScanner.conf says "Virus Scanners = clamavmodule f-prot" Use of uninitialized value in split at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3294. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Can't exec "-IsItInstalled": No such file or directory at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3297. Use of uninitialized value in split at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3294. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Can't exec "-IsItInstalled": No such file or directory at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3297. Use of uninitialized value in split at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3294. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Can't exec "-IsItInstalled": No such file or directory at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3297. Use of uninitialized value in split at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3294. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Can't exec "-IsItInstalled": No such file or directory at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3297. Use of uninitialized value in split at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3294. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Can't exec "-IsItInstalled": No such file or directory at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3297. Use of uninitialized value in split at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3294. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Use of uninitialized value in concatenation (.) or string at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3295. Can't exec "-IsItInstalled": No such file or directory at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3297. Debug Mode Is On Use Threads : NO Socket : /tmp/clamd IP : Using Sockets Lock File : NOT USED Time Out : 300 Scan Dir : /var/spool/MailScanner/incoming/16480/ISITINSTALLED Found these virus scanners installed: clamavmodule, f-prot =========================================================================== Created attachment dirs for 1 messages sysseek() on unopened filehandle at /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 608. sysseek() on unopened filehandle at /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 609. sysseek() on unopened filehandle at /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 620. sysseek() on unopened filehandle at /usr/lib/MailScanner/MailScanner/SMDiskStore.pm line 621. Virus and Content Scanning: Starting Commencing scanning by clamavmodule... ProcessClamAVModOutput ClamAVModule ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com ProcessClamAVModOutput ClamAVModule Completed scanning by clamavmodule Virus Scanning: ClamAVModule found 1 infections Commencing scanning by f-prot... Use of uninitialized value in numeric gt (>) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2103, line 3. Argument "4.6.7" isn't numeric in numeric gt (>) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2103, line 4. Use of uninitialized value in numeric gt (>) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2103, line 7. Use of uninitialized value in numeric gt (>) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2103, line 8. Use of uninitialized value in numeric gt (>) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2103, line 9. Use of uninitialized value in numeric gt (>) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2103, line 10. Use of uninitialized value in numeric gt (>) at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 2103, line 11. /var/spool/MailScanner/incoming/16480/1/eicar.com Infection: EICAR_Test_File Virus Scanning: F-Prot found virus EICAR_Test_File Completed scanning by f-prot Virus Scanning: F-Prot found 1 infections Virus Scanning: Found 1 viruses Use of uninitialized value in split at /usr/sbin/MailScanner line 514. =========================================================================== If any of your virus scanners (clamavmodule,f-prot) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function NetcoreLog Terminating Netcore Log ... ------------- From iamapo at ml520.dyndns.org Thu Apr 10 07:34:33 2008 From: iamapo at ml520.dyndns.org (Michael Lai) Date: Thu Apr 10 07:34:30 2008 Subject: Mailscanner not work on Fedora 8 In-Reply-To: <47FCC290.30503@skynet-srl.com> References: <200804091100.m39B03vE001875@safir.blacknight.ie> <47FCC290.30503@skynet-srl.com> Message-ID: Thanks Alex, I have compiled the Scalar-List-Utils-1.19 by the following steps, but MailScanner is still not work. So have other suggestions ? Thanks a lot. Michael ---------------------------------------------------------------------------------- wget http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/Scalar-List-Utils-1.19.tar.gz tar zxvf Scalar-List-Utils-1.19.tar.gz cd Scalar-List-Utils-1.19 [root@www Scalar-List-Utils-1.19]# perl Makefile.PL Writing Makefile for List::Util [root@www Scalar-List-Utils-1.19]# make test gcc -c -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -DVERSION=\"1.19\" -DXS_VERSION=\"1.19\" -fPIC "-I/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE" -DPERL_EXT Util.c Running Mkbootstrap for List::Util () chmod 644 Util.bs rm -f blib/arch/auto/List/Util/Util.so gcc -shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib Util.o -o blib/arch/auto/List/Util/Util.so \ \ chmod 755 blib/arch/auto/List/Util/Util.so cp Util.bs blib/arch/auto/List/Util/Util.bs chmod 644 blib/arch/auto/List/Util/Util.bs PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'inc', 'blib/lib', 'blib/arch')" t/*.t t/00version.....ok t/blessed.......ok t/dualvar.......ok t/first.........ok 2/17 skipped: Poor man's MULTICALL can't cope t/isvstring.....ok t/lln...........ok t/max...........ok t/maxstr........ok t/min...........ok t/minstr........ok t/openhan.......ok t/p_blessed.....ok t/p_first.......ok t/p_lln.........ok t/p_max.........ok t/p_maxstr......ok t/p_min.........ok t/p_minstr......ok t/p_openhan.....ok t/p_readonly....ok t/p_reduce......ok t/p_refaddr.....ok t/p_reftype.....ok t/p_shuffle.....ok t/p_sum.........ok t/p_tainted.....ok t/proto.........ok t/readonly......ok t/reduce........ok 2/23 skipped: Poor man's MULTICALL can't cope t/refaddr.......ok t/reftype.......ok t/shuffle.......ok t/sum...........ok t/tainted.......ok t/weak..........ok All tests successful, 4 subtests skipped. Files=35, Tests=380, 4 wallclock secs ( 2.69 cusr + 0.53 csys = 3.22 CPU) [root@www Scalar-List-Utils-1.19]#make install Manifying blib/man3/List::Util.3pm Manifying blib/man3/Scalar::Util.3pm Files found in blib/arch: installing files in blib/lib into architecture dependent library tree Writing /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/List/Util/.packlist Appending installation info to /usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod [root@www Scalar-List-Utils-1.19]# -----Original Message----- From: Alex To: mailscanner@lists.mailscanner.info Date: Wed, 09 Apr 2008 15:20:16 +0200 Subject: Re: Mailscanner not work on Fedora 8 > > > Oggetto: > > Mailscanner not work on Fedora 8 > > Da: > > "Michael Lai" > > Data: > > Wed, 09 Apr 2008 17:30:55 +0800 > > A: > > mailscanner@lists.mailscanner.info > > > > A: > > mailscanner@lists.mailscanner.info > > > > Content-Transfer-Encoding: > > 8bit > > Precedence: > > list > > Versione-MIME: > > 1.0 > > Rispondi-a: > > MailScanner discussion > > ID-Messaggio: > > > > Content-Type: > > text/plain; charset="UTF-8" > > Message: > > 19 > > > > > > I try to install MailScanner on Fedora 8(Postfix run on it), but I > got > > the error messages. I have no idea to resolve the problem. Please > > suggest. > > Thank you, > > Michael > > > > [root@www MailScanner-4.68.8-1]# ./install.sh > > > > Good. You have the patch command. > > > > Good, you have /usr/src/redhat in place. > > But you are running Fedora, so I am going to force the installation > > of the Perl modules that normally require it. > > > > Good, unpackaged files will not break the build process. > > Good, far-too-clever Perl requirements will be ignored. > > Good, Fedora 8 options will be ignored. > > > > Good, you appear to only have 1 copy of Perl installed. > > > > I think you are running on RedHat Linux, Mandriva Linux or SuSE > Linux. > > Good, you appear to have the basic development tools installed. > > > > This script will pause for a few seconds after each major step, > > so do not worry if it appears to stop for a while. > > If you want it to stop so you can scroll back through the output > > then press Ctrl-S to stop the output and Ctrl-Q to start it again. > > > > If this fails due to dependency checks, and you wish to ignore > > these problems, you can run > > ./install.sh nodeps > > > > Setting Perl5 search path > > > > I think your system will build architecture-dependent modules for > i386 > > > > Rebuilding all the Perl RPMs for your version of Perl > > > > Attempting to build and install perl-File-Spec-0.82-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-File-Spec-0.82- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-ExtUtils-MakeMaker-6.32-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.32- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Net-CIDR-0.11-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-Net-CIDR-0.11-1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-IO-stringy-2.110-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-IO-stringy-2.110- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-MIME-Base64-3.07-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/i386/perl-MIME-Base64-3.07-1.i386.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-TimeDate-1.16-3 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-TimeDate-1.16-3.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Pod-Escapes-1.04-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Pod-Escapes-1.04- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Pod-Simple-3.05-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Pod-Simple-3.05- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Test-Pod-1.26-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-Test-Pod-1.26-1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-MailTools-2.02-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-MailTools-2.02- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-IO-1.2301-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-IO-1.2301-1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-File-Temp-0.19-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-File-Temp-0.19- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-HTML-Tagset-3.03-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-HTML-Tagset-3.03- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-HTML-Parser-3.56-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/i386/perl-HTML-Parser-3.56-1.i386.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Convert-BinHex-1.119-2 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Convert-BinHex-1.119- > > 2.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-MIME-tools-5.425-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-MIME-tools-5.425- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Convert-TNEF-0.17-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Convert-TNEF-0.17- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Compress-Zlib-1.41-1 > > Detected Compress-Zlib, building appropriately... > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/i386/perl-Compress-Zlib-1.41- > > 1.i386.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Archive-Zip-1.16-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Archive-Zip-1.16- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Scalar-List-Utils-1.19-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Scalar-List-Utils-1.19- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Storable-2.16-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-Storable-2.16-1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-DBI-1.56-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-DBI-1.56-1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-DBD-SQLite-1.13-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-DBD-SQLite-1.13- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Getopt-Long-2.36-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Getopt-Long-2.36- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Time-HiRes-1.9707-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Time-HiRes-1.9707- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Filesys-Df-0.90-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Filesys-Df-0.90- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Test-Harness-2.64-1 > > Detected Compress-Zlib, building appropriately... > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Test-Harness-2.64- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Test-Simple-0.70-1 > > Detected Compress-Zlib, building appropriately... > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Test-Simple-0.70- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Math-BigInt-1.86-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Math-BigInt-1.86- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Math-BigRat-0.19-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Math-BigRat-0.19- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-bignum-0.21-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-bignum-0.21-1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Net-IP-1.25-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-Net-IP-1.25-1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Sys-Hostname-Long-1.4-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Sys-Hostname-Long-1.4- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Sys-Syslog-0.18-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Sys-Syslog-0.18- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Digest-MD5-2.36-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Digest-MD5-2.36- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Digest-SHA1-2.11-1 > > --rebuild: unknown option > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Digest-SHA1-2.11- > > 1.noarch.rpm. > > Maybe it did not build correctly? > > > > Attempting to build and install perl-Net-DNS-0.63-1 > > --rebuild: unknown option > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-Net-DNS-0.63-1.noarch.rpm. > > Maybe it did not build correctly? > > > > Installing tnef decoder > > > > Preparing? > > ################################################## > > package tnef-1.4.3-1.i386 have installed > > > > Now to install MailScanner itself. > > > > NOTE: If you get lots of errors here, run the install.sh script > > NOTE: again with the command "./install.sh nodeps" > > > > Preparing? > ########################################### > > [100%] > > Package mailscanner-4.68.8-1.noarch have installed > > ---------------------------------------------------------- > > Please buy the MailScanner book from www.mailscanner.info! > > It is a very useful administration guide and introduction > > to MailScanner. All the proceeds go directly to making > > MailScanner a better supported package than it is today. > > > > [root@www MailScanner-4.68.8-1]# service MailScanner start > > Starting MailScanner daemons: > > incoming postfix: [ok] > > outgoing postfix: [ok] > > MailScanner: Can't locate Filesys/Df.pm in @INC (@INC > > contains: /usr/lib/MailScanner > /usr/lib/perl5/site_perl/5.8.8/i386-linux- > > thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread- > > multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread- > > multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread- > > multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 > /usr/ > > lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 > /usr/lib/perl5/s > > ite_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread- > > multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread- > > multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread- > > multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread- > > multi /usr/lib/perl5/vendor_perl/5.8.8 > /usr/lib/perl5/vendor_perl/5.8.7 / > > usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 > /usr/lib > > /perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread- > > multi /usr/lib/perl5/5.8.8 . /usr/lib/MailScanner) > > at /usr/sbin/MailScanner line 66. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66. > > [ok] > > [root@www MailScanner-4.68.8-1]# service MailScanner status > > Checking MailScanner daemons: > > MailScanner: [failed] > > [root@www MailScanner-4.68.8-1]# > > > > > > > > > 99 on 100 you have to compile the Scalar-List-Utils-1.19 (grab it from > CPAN) > > It seems it is broken in F7 and F8 (F9? who knows) > > After doing that install MS and be happy > > Hope this helps > > Ciaoooo > > Alessandro Bianchi From shuttlebox at gmail.com Thu Apr 10 08:04:46 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Apr 10 08:05:20 2008 Subject: mailscanner install... mailtools requires perl 5.8 still? In-Reply-To: <47FD6CF3.10404@usg.edu> References: <47FD6CF3.10404@usg.edu> Message-ID: <625385e30804100004tcb426b1w2e3de5e227f228a3@mail.gmail.com> On Thu, Apr 10, 2008 at 3:27 AM, Bob Jones wrote: > Hey all, > > I have a user I'm supporting running Solaris 9. He's trying to > install version 4.68.8 and the installer is running into the error of > mailtools requiring perl 5.8 and Solaris 9 only comes with 5.6. (I know the > previous has probably all been covered before... sorry.) > > I found some discussion in the archives about the above fact in the > "MailScanner --lint doesn't check Eicar virus - OK here!" thread, but never > came across any final solution as to what to do about this problem for > Solaris. Did a solution other than "find some way to use perl 5.8" ever > present itself? You could always use the Blastwave packages. We're only at MailScanner 4.65 at the moment because we also need a minor Perl update, it should all be resolved in about a week. What you could do is to: # pkg-get -i mailscanner That would get MS 4.65 installed with all dependencies. You can then download MS 4.68 from our testing area and apply it as usual with pkgadd. You would also need Perl from testing. http://www.blastwave.org/testing/mailscanner-4.68.8.1,REV=2008.04.09-SunOS5.8-all-CSW.pkg.gz http://www.blastwave.org/testing/perl-5.8.8,REV=2008.03.25-SunOS5.8-sparc-CSW.pkg.gz http://www.blastwave.org/testing/perl-5.8.8,REV=2008.03.25-SunOS5.8-i386-CSW.pkg.gz If you're not familiar with Blastwave you can get started here: http://www.blastwave.org/howto.html -- /peter From izghitu at gmail.com Thu Apr 10 08:27:11 2008 From: izghitu at gmail.com (George) Date: Thu Apr 10 08:27:44 2008 Subject: Spamassassin not detecting spam In-Reply-To: References: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> <47FD126E.2010205@ecs.soton.ac.uk> <948a6d890804091433v5ed1a419ra588c40a1e5b0bdb@mail.gmail.com> Message-ID: <948a6d890804100027t12a518a8qa4c53e844fa94ec9@mail.gmail.com> Hi, I removed the FuzzyOCR plugin but now I get the same but without the FuzzyOCR errors. I guess it's not Fuzzy who is causing issues. Any help please? Or do I need to seek for help on the spamassassin list? Thanks On Thu, Apr 10, 2008 at 1:29 AM, Scott Silva wrote: > on 4-9-2008 2:33 PM George spake the following: > > Looks like a broken or misconfigured fuzzyocr plugin. > Maybe you should remove it to get things working and then you can add it > back later. Just remove (or move) the FuzzyOcr.cf and FuzzyOcr.pm files > from /etc/mail/spamassassin and re run the tests. > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From wm at meta.net Thu Apr 10 08:49:29 2008 From: wm at meta.net (Michael Weis) Date: Thu Apr 10 08:51:58 2008 Subject: misuse MailScanner SOLVED In-Reply-To: <47FCEBF7.2070205@balanceconsult.com> References: <47FB3A63.2040602@meta.net> <47FCEBF7.2070205@balanceconsult.com> Message-ID: <47FDC689.8060700@meta.net> Greg Borders schrieb: > Michael Weis wrote: >> Hello everyone, >> >> we are planing to create an email-account to which >> only mails with attachments will be send. >> >> I have the job to extract this attachments from >> the mail and handle them >> (save, print, archive) >> >> So far so good, but I have no idea >> how to get the attachments to a disk. >> >> I know mailscanner does this while scanning >> for viruses (right?). >> >> So how can I tell mailscanner to just save >> attachments from a certain user's emails ? >> (no problem if they were scanned before) >> >> I searched the mailing-list-archive >> but it seemed that nobody has to do this >> before. >> >> >> Greetings and thanks in advance >> >> >> Michael >> > I have used a combination of a procmail recipe and the oh so sweet > tool *ripmime* (http://www.pldaniels.com/ripmime/) to auto extract > attachments from mail in a sendmail environment. (should work with > other MTAs.) With a simple bash script triggered by the procmail > recipe, you can easily 'rip out' attachments and do what ever to it > (save, print, archive) within the script, with no need to monkey > around with your mailscanner setup whatsoever. > > Hope this helps! > Greg. > > > -- > > This email message and any document accompanying it may contain > information intended only for the person(s) named. Any use, > distribution, copying or disclosure by another person is strictly > prohibited. > > NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: > DISCLOSURE UNDER TREASURY CIRCULAR 230: > Any tax advice included in this written or electronic communication > was not intended or written to be used, and it cannot be used by the > taxpayer, for the purpose of avoiding any penalties that may be > imposed on the taxpayer by any governmental taxing authority or > agency. This written or electronic communication does not represent > legal advice. Persons in need of a legal opinion should seek competent > counsel. > @Gregg: GREAT this "os so sweet" tool is perfect Thanks a lot for all suggestions This was my first contact to the list and I'm very happy that this litte OT-problem got solved. Thanks to Julian for the programming of MailScanner, a really great software Michael -- meta Trennwandanlagen, meta Stra?e, D-56579 Rengsdorf Rechtsform: GmbH & Co. KG, Amtsgericht Montabaur HRA 10582 Pers?nlich haftende Gesellschafterin: meta Trennwandanlagen Verwaltungsgesellschaft mbH Amtsgericht Montabaur HRB 10061, Sitz der Gesellschaft: D-56579 Rengsdorf Gesch?ftsf?hrer: Klaus Weidemann, Uwe Weidemann Ust-Id-Nr. DE 149513506 From glenn.steen at gmail.com Thu Apr 10 09:05:18 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 10 09:05:53 2008 Subject: MailScanner + Sendmail = "user unknown" In-Reply-To: <47FD649E.8030107@wesmo.com> References: <47FD0060.3020302@wesmo.com> <223f97700804091117m725ff4bekd5d5a883afc98569@mail.gmail.com> <47FD649E.8030107@wesmo.com> Message-ID: <223f97700804100105h7fb600f9v9796eda52d0144eb@mail.gmail.com> On 10/04/2008, Rich West wrote: > Glenn Steen wrote: > > > On 09/04/2008, Rich West wrote: > > > > > > > I've inherited a MailScanner setup that is pretty questionable (from a > > > security standpoint), and I'm rebuilding the box from scratch. I've > > > gotten everything installed (CentOS, clamav, SA, MailScanner, Sendmail) > > > to have the system act as a relay to an exchange backend. > > > > > > Oddly, it does not seem to be picking up the messages that are being > > > left in /var/spool/mqueue.in. I see the messages being deposited > there, > > > but they don't seem to be acted upon. Is there, perhaps, setting that > I > > > might have missed/glossed over that is obvious? > > > > > > -Rich > > > > > > > > > > Versions? > > > > Have you run "MailScanner --lint" and/or "MailScanner --debug"? What > > does "ps -ef" tell you? Is MailScanner running, and what does it claim > > it is doing? > > > > > Oh.. sorry.. it's a fresh install on CentOS using the latest version of > MailScanner, Sendmail, SA, and clamav. I hadn't tried MailScanner --debug > but I did enable debug within MailScanner.conf (didn't give me many hints), > but while watching the logs, after it forks off all of it's processes, it > just seems to sit there.. waiting. The MailScanner processes are definitely > running. > Right, so what does ps tell you they are doing? Jules rewrite the commandline so that you can follow what each child think it is doing (at least in a "rough estimate" way:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Apr 10 09:09:13 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 10 09:09:47 2008 Subject: Mail Within my own domain name is being labeled as Spam In-Reply-To: <02f001c89a8a$2b215bf0$816413d0$@com> References: <026c01c89a7f$abdef960$039cec20$@com> <47FD2ED4.7060401@evi-inc.com> <02f001c89a8a$2b215bf0$816413d0$@com> Message-ID: <223f97700804100109u52e6ef07n17c7b45e8f9f39ba@mail.gmail.com> On 09/04/2008, Vernon Webb wrote: > > > Got a SpamCheck header from one of the messages? That should tell us > what's > > going on, but without that it's anyone's guess... > > > That the thing it doesn't really tell me much: > > Message-ID: <003f01c89a4f$99b8ad10$7301a8c0@D40C9HD1> > MIME-Version: 1.0 > Content-Type: > multipart/alternative;boundary="----=_NextPart_000_0040_01C89A2E.12A70D10" > X-Mailer: Microsoft Office Outlook 11 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 > thread-index: AciaT5mLuN92LnQaTJKdUVuW2DPBNw== > X-COMP-WIZ-MailScanner-Information: Please contact the ISP for more > information > X-MailScanner-ID: m39Ee286005325 > X-COMP-WIZ-MailScanner: Found to be clean > X-COMP-WIZ-MailScanner-SpamScore: ss > X-COMP-WIZ-MailScanner-From: kbednarski@recruitsavvy.com > X-Spam-Status: Yes > X-UID: 55066 > Status: RO > Content-Length: 5734 I don't see any watermarking things here, so we'll assume that to be not used... More like they hit on a BL in MailScanner... What do you have for Spam Lists in MailScanner.conf? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From a.peacock at chime.ucl.ac.uk Thu Apr 10 09:19:14 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Thu Apr 10 09:19:50 2008 Subject: Mail Within my own domain name is being labeled as Spam In-Reply-To: <02f001c89a8a$2b215bf0$816413d0$@com> References: <026c01c89a7f$abdef960$039cec20$@com> <47FD2ED4.7060401@evi-inc.com> <02f001c89a8a$2b215bf0$816413d0$@com> Message-ID: <47FDCD82.8030108@chime.ucl.ac.uk> Vernon Webb wrote: >> Got a SpamCheck header from one of the messages? That should tell us > what's >> going on, but without that it's anyone's guess... > > That the thing it doesn't really tell me much: > > Message-ID: <003f01c89a4f$99b8ad10$7301a8c0@D40C9HD1> > MIME-Version: 1.0 > Content-Type: > multipart/alternative;boundary="----=_NextPart_000_0040_01C89A2E.12A70D10" > X-Mailer: Microsoft Office Outlook 11 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 > thread-index: AciaT5mLuN92LnQaTJKdUVuW2DPBNw== > X-COMP-WIZ-MailScanner-Information: Please contact the ISP for more > information > X-MailScanner-ID: m39Ee286005325 > X-COMP-WIZ-MailScanner: Found to be clean > X-COMP-WIZ-MailScanner-SpamScore: ss > X-COMP-WIZ-MailScanner-From: kbednarski@recruitsavvy.com > X-Spam-Status: Yes > X-UID: 55066 > Status: RO > Content-Length: 5734 That seems to indicate that the spamassassin score is 2. That shouldn't be enough to mark the message as spam, which makes me wonder if it is being marked as spam by another means. Do you check any RBLs in Mailscanner? To get more information you could change your MailScanner config to include the full spamassassin report, using the following settings: Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From MailScanner at ecs.soton.ac.uk Thu Apr 10 09:41:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 09:41:59 2008 Subject: Postfix and user+randomstring@domain.com Message-ID: <47FDD2AC.3010606@ecs.soton.ac.uk> If you sent a mail to user+randomstring@domain.com and sendmail picks it up, it automatically delivers it to user@domain.com for you. Very useful for generating one-time email addresses. Can Postfix do the same (or a similar) thing? If so, how? Thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 10 09:42:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 09:42:41 2008 Subject: MailScanner + Sendmail = stuck mail? In-Reply-To: <47FD2B71.5020908@wesmo.com> References: <47FD0060.3020302@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> <47FD2B71.5020908@wesmo.com> Message-ID: <47FDD2EB.6080106@ecs.soton.ac.uk> Rich West wrote: > Mike Kercher wrote: > >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rich >> West >> Sent: Wednesday, April 09, 2008 12:44 PM >> To: mailscanner@lists.mailscanner.info >> Subject: MailScanner + Sendmail = "user unknown" >> >> I've inherited a MailScanner setup that is pretty questionable (from a >> security standpoint), and I'm rebuilding the box from scratch. I've >> gotten everything installed (CentOS, clamav, SA, MailScanner, Sendmail) >> to have the system act as a relay to an exchange backend. >> >> Oddly, it does not seem to be picking up the messages that are being >> left in /var/spool/mqueue.in. I see the messages being deposited there, >> but they don't seem to be acted upon. Is there, perhaps, setting that I >> might have missed/glossed over that is obvious? >> Don't need to touch your sendmail config at all when installing MailScanner. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 10 09:47:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 09:47:25 2008 Subject: SA-Update Problem In-Reply-To: References: Message-ID: <47FDD40A.70200@ecs.soton.ac.uk> I don't know where you've heard that, it certainly isn't true in my experience. Gregory Wong wrote: > I am running version 3.1.0. I have been weary to upgrade to the latest > because I?ve read that there are bugs in SA that allows all mail > through even if its spam. > > > On 4/9/08 10:33 AM, "Matt Kettler" wrote: > > Gregory Wong wrote: > > I am having issues when I run SA-Update. I get the following error: > > > > Insecure dependency in open while running with -T switch at > > /usr/lib/perl/5.8/IO/File.pm line 188. > > > > I have searched and it looks like I am missing a perl module IO::File > > but when I try to install it in CPAN it says it cannot be found. > > > > Any suggestions? > > > Well, you're definitely not missing IO::File.. It was running in > that module > when then error occurred. It's got to be present to be running ;) > > Anyway, CPAN should work for IO::File, ie: this command line > should work: > perl -MCPAN -e 'install IO::File' > > However, your problem could be one of two problems. Either your > IO::File is > corrupted or your SpamAssassin is old and buggy.. > > Are you by chance running a fairly old SpamAssassin (ie: pre 3.2.0?) > > Some possibly related bugs: > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5061 > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5216 > > Also in this post: > > http://mail-archives.apache.org/mod_mbox/spamassassin-users/200702.mbox/%3c45CBAB37.8060409@dostech.ca%3e > > Daryl O'Shea implies that this exact error message is a known > issue in SA pre 3.1.0. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.freegard at fsl.com Thu Apr 10 10:01:55 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Apr 10 10:02:35 2008 Subject: Postfix and user+randomstring@domain.com In-Reply-To: <47FDD2AC.3010606@ecs.soton.ac.uk> References: <47FDD2AC.3010606@ecs.soton.ac.uk> Message-ID: <47FDD783.9090406@fsl.com> Julian Field wrote: > If you sent a mail to user+randomstring@domain.com and sendmail picks it > up, it automatically delivers it to user@domain.com for you. Very useful > for generating one-time email addresses. > > Can Postfix do the same (or a similar) thing? If so, how? Yep - http://www.postfix.org/postconf.5.html#recipient_delimiter I think that's all that needs to be set for this to work. Cheers, Steve. From john at tradoc.fr Thu Apr 10 10:03:31 2008 From: john at tradoc.fr (John Wilcock) Date: Thu Apr 10 10:04:09 2008 Subject: Postfix and user+randomstring@domain.com In-Reply-To: <47FDD2AC.3010606@ecs.soton.ac.uk> References: <47FDD2AC.3010606@ecs.soton.ac.uk> Message-ID: <47FDD7E3.2040906@tradoc.fr> Julian Field a ?crit : > If you sent a mail to user+randomstring@domain.com and sendmail picks it > up, it automatically delivers it to user@domain.com for you. Very useful > for generating one-time email addresses. > > Can Postfix do the same (or a similar) thing? If so, how? Just set recipient_delimiter = + (blank by default) to have the same effect John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From edward.prendergast at netring.co.uk Thu Apr 10 10:10:26 2008 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Thu Apr 10 10:10:50 2008 Subject: MailScanner increasing score over threshold but message passed as clean? In-Reply-To: <03a501c89985$9485dcc0$bd919640$@prendergast@netring.co.uk> References: <030801c89960$868bd400$93a37c00$@prendergast@netring.co.uk> <47FB4C9C.8040603@ecs.soton.ac.uk> <03a501c89985$9485dcc0$bd919640$@prendergast@netring.co.uk> Message-ID: <011601c89aea$b824bfa0$286e3ee0$@prendergast@netring.co.uk> -----Original Message----- [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Then run "MailScanner --debug" on some test messages that should push >> the spam score over your spam threshold of 5, and mshspam should equal >> 1. Please can you let me know what it outputs. > A segment from the debug: > max message size is '200k' > max message size is '200k' > max message size is '200k' > max message size is '200k' > max message size is '200k' > max message size is '200k' > max message size is '200k' > mshspam = 0 > mshhigh = 0 > max message size is '200k' > The msh* messages didn't show up frequently - I had to debug 3 times to get > these. Any more thoughts on this? Do I need to do some further debugging to provide you with more info? Thanks ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ From MailScanner at ecs.soton.ac.uk Thu Apr 10 10:16:26 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 10:17:14 2008 Subject: 4.68 / 4.69 SA cache working? Message-ID: <47FDDAEA.2050508@ecs.soton.ac.uk> Can someone running 4.68 or 4.69 please confirm that the SpamAssassin cache is still working okay? Hopefully, the analyse_SpamAssassin_cache command will tell you. Thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From izghitu at gmail.com Thu Apr 10 10:22:02 2008 From: izghitu at gmail.com (George) Date: Thu Apr 10 10:22:34 2008 Subject: Spamassassin not detecting spam In-Reply-To: <948a6d890804100027t12a518a8qa4c53e844fa94ec9@mail.gmail.com> References: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> <47FD126E.2010205@ecs.soton.ac.uk> <948a6d890804091433v5ed1a419ra588c40a1e5b0bdb@mail.gmail.com> <948a6d890804100027t12a518a8qa4c53e844fa94ec9@mail.gmail.com> Message-ID: <948a6d890804100222t182eb5e0n6f7f84ba3b04f3f4@mail.gmail.com> Hi, I think I've fixed this myself. I removed the latest SpamAssassin that was installed using the installer from mailscanner.info and just installed the older RPM one. It works now. THanks On Thu, Apr 10, 2008 at 10:27 AM, George wrote: > Hi, > > I removed the FuzzyOCR plugin but now I get the same but without the > FuzzyOCR errors. I guess it's not Fuzzy who is causing issues. > > Any help please? Or do I need to seek for help on the spamassassin list? > > Thanks > > From glenn.steen at gmail.com Thu Apr 10 10:22:53 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 10 10:23:27 2008 Subject: Postfix and user+randomstring@domain.com In-Reply-To: <47FDD783.9090406@fsl.com> References: <47FDD2AC.3010606@ecs.soton.ac.uk> <47FDD783.9090406@fsl.com> Message-ID: <223f97700804100222n1f14429bwe54fb8465d9942e0@mail.gmail.com> On 10/04/2008, Steve Freegard wrote: > Julian Field wrote: > > > If you sent a mail to user+randomstring@domain.com and sendmail picks it > up, it automatically delivers it to user@domain.com for you. Very useful for > generating one-time email addresses. > > > > Can Postfix do the same (or a similar) thing? If so, how? > > > > Yep - > http://www.postfix.org/postconf.5.html#recipient_delimiter > > I think that's all that needs to be set for this to work. > > Cheers, > Steve. > Yep. Works well with recipient_maps too... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ram at netcore.co.in Thu Apr 10 10:37:35 2008 From: ram at netcore.co.in (ram) Date: Thu Apr 10 10:38:43 2008 Subject: Postfix and user+randomstring@domain.com In-Reply-To: <47FDD2AC.3010606@ecs.soton.ac.uk> References: <47FDD2AC.3010606@ecs.soton.ac.uk> Message-ID: <1207820255.28861.14.camel@localhost.localdomain> On Thu, 2008-04-10 at 09:41 +0100, Julian Field wrote: > If you sent a mail to user+randomstring@domain.com and sendmail picks it > up, it automatically delivers it to user@domain.com for you. Very useful > for generating one-time email addresses. > > Can Postfix do the same (or a similar) thing? If so, how? smtp_generic_maps = pcre:/etc/postfix/generic_re And in this file put ---- generic_re --- /^(.*)\+.*\@(.*)/ ${1}@${2} ----- Thanks Ram From ms-list at alexb.ch Thu Apr 10 11:09:44 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Apr 10 11:10:25 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled Message-ID: <47FDE768.9040305@alexb.ch> Jules: I've disabled all MailScanner phishing checks yet: Apr 10 12:01:01 cobox-1 update.bad.phishing.sites: Delaying cron job up to 600 seconds It would be very elegant if these are not enabled, the cron job is disabled as well. same with AV signatures update hourly job. thanks Alex From ms-list at alexb.ch Thu Apr 10 11:11:35 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Apr 10 11:11:50 2008 Subject: Remove obsolete spam.assassin.prefs.conf AWL entry Message-ID: <47FDE7D7.6060405@alexb.ch> Jules: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_auto_whitelist 0 pls remove use_auto_whitelist 0 from installer's spam.assassin.prefs.conf this has been obsolete for a long time. thanks Alex From norbert.schmidt at interactivedata.com Thu Apr 10 11:17:29 2008 From: norbert.schmidt at interactivedata.com (Norbert Schmidt) Date: Thu Apr 10 11:18:22 2008 Subject: Only scan mail from external networks through mailscanner Message-ID: <47FDE939.7080701@interactivedata.com> _Hi everybody, our current setup is using a gateway mailserver that is receiving external mail and mail from our internal networks (like mail from the datacenter) and routes them to our mailscanner servers. As there are a lot of time critical alert mails comming from the datacenter I am looking for a way to not scan them on the mailscanners but rather directly send them to the internal groupware servers. We are using a postfix setup, thus we are using the header_checks to put the mail into the hold queue. mailscanner1:~# cat /etc/postfix/header_checks /^Received:.by.mailscanner/ IGNORE /^Received:/ HOLD I've tried to add this line to the header_checks: /^Received:.*\.ourdomain\.com/ DUNNO Which worked somehow to good, as all mail went around the mailscanner (our gateway servers are using: mail1.ourdomain.com and mail2.ourdomain.com) I was thinking of a line like: If IP in header is not one of mine then HOLD Do you have any idea on how this could be aquired or do you have a better way to solve this?? Regards Norbert _ From glenn.steen at gmail.com Thu Apr 10 11:30:21 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 10 11:30:55 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <47FDE768.9040305@alexb.ch> References: <47FDE768.9040305@alexb.ch> Message-ID: <223f97700804100330t5bf5dc01q73bc4968094639b4@mail.gmail.com> On 10/04/2008, Alex Broens wrote: > Jules: > > I've disabled all MailScanner phishing checks yet: > > Apr 10 12:01:01 cobox-1 update.bad.phishing.sites: Delaying cron job up to > 600 seconds > > It would be very elegant if these are not enabled, the cron job is disabled > as well. > > same with AV signatures update hourly job. > > thanks > > Alex I'm not sure I agree, and I'm pretty sure Jules doesn't... You are not the first to ask:-). The thinking here is that the update jobs for functionality you *might* enable later should still be active, so that when you _do_ activate them, all updates are already in place. The correct way to avoid this for AV is to deinstall any unused AV product. For the phishing thing... there simply is no such thing. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alvaro at hostalia.com Thu Apr 10 11:38:26 2008 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Thu Apr 10 11:39:10 2008 Subject: 4.68 / 4.69 SA cache working? In-Reply-To: <47FDDAEA.2050508@ecs.soton.ac.uk> References: <47FDDAEA.2050508@ecs.soton.ac.uk> Message-ID: <47FDEE22.3090303@hostalia.com> Hi, > Can someone running 4.68 or 4.69 please confirm that the SpamAssassin > cache is still working okay? > Hopefully, the analyse_SpamAssassin_cache command will tell you. root@mail:/opt/MailScanner/bin # ./analyse_SpamAssassin_cache --------- TOTALS --------- Total records: 7057 First seen (oldest): 576583 sec First seen (newest): 2 sec Last seen (oldest): 170976 sec Last seen (newest): 2 sec Cache Hit Rate 20% -------- NON-SPAM -------- Total records: 283 First seen (oldest): 1908 sec First seen (newest): 13 sec Last seen (oldest): 1908 sec Last seen (newest): 4 sec -------- LOW-SPAM -------- Total records: 3 First seen (oldest): 290 sec First seen (newest): 21 sec Last seen (oldest): 290 sec Last seen (newest): 21 sec ------- HIGH-SPAM -------- Total records: 1337 First seen (oldest): 198289 sec First seen (newest): 2 sec Last seen (oldest): 10835 sec Last seen (newest): 2 sec -------- VIRUSES -------- Total records: 5434 First seen (oldest): 576583 sec First seen (newest): 23 sec Last seen (oldest): 170976 sec Last seen (newest): 23 sec ----- TOP 5 HASHES ------- MD5 COUNT FIRST LAST 06ff2e865c5718b75f1a8add9dde3c3f 152 183836 6218 e69221ed5091f475ebf390f6f21e3439 117 198289 91 7017752f3397a502b37f643f3792c81d 102 139875 951 1042ef41633bb06e949f19e3e692712e 49 12810 12725 14f948d5308d80be57893ab5e9feb51d 38 575516 3044 closing dbh with active statement handles at ./analyse_SpamAssassin_cache line 65. root@mail:/opt/MailScanner/bin # grep -c "SpamAssassin cache hit for message" /var/log/mail.log 2155 root@mail:/opt/MailScanner/bin # ./MailScanner -v | grep MailScanner This is MailScanner version 4.68.8 It seems that all run fine here :) Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From spamlists at coders.co.uk Thu Apr 10 11:42:02 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Thu Apr 10 11:43:09 2008 Subject: 4.68 / 4.69 SA cache working? In-Reply-To: <47FDDAEA.2050508@ecs.soton.ac.uk> References: <47FDDAEA.2050508@ecs.soton.ac.uk> Message-ID: <47FDEEFA.80604@coders.co.uk> Julian Field wrote: > Can someone running 4.68 or 4.69 please confirm that the SpamAssassin > cache is still working okay? > Hopefully, the analyse_SpamAssassin_cache command will tell you. > > Thanks! > > Jules > 4.68.8 - working fine. matt From MailScanner at ecs.soton.ac.uk Thu Apr 10 11:51:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 11:52:05 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <223f97700804100330t5bf5dc01q73bc4968094639b4@mail.gmail.com> References: <47FDE768.9040305@alexb.ch> <223f97700804100330t5bf5dc01q73bc4968094639b4@mail.gmail.com> Message-ID: <47FDF126.2080105@ecs.soton.ac.uk> Glenn Steen wrote: > On 10/04/2008, Alex Broens wrote: > >> Jules: >> >> I've disabled all MailScanner phishing checks yet: >> >> Apr 10 12:01:01 cobox-1 update.bad.phishing.sites: Delaying cron job up to >> 600 seconds >> >> It would be very elegant if these are not enabled, the cron job is disabled >> as well. >> >> same with AV signatures update hourly job. >> >> thanks >> >> Alex >> > > I'm not sure I agree, and I'm pretty sure Jules doesn't... You are not > the first to ask:-). > > The thinking here is that the update jobs for functionality you > *might* enable later should still be active, so that when you _do_ > activate them, all updates are already in place. The correct way to > avoid this for AV is to deinstall any unused AV product. For the > phishing thing... there simply is no such thing. > I'm with Glenn on this one, sorry. If you decide to enable a feature, it should be ready and waiting for you. It hardly adds a significant load to your system, and you can always disable the cron job yourself if you want to, just chmod -x the file in /etc/cron.hourly. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 10 11:53:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 11:53:57 2008 Subject: Only scan mail from external networks through mailscanner In-Reply-To: <47FDE939.7080701@interactivedata.com> References: <47FDE939.7080701@interactivedata.com> Message-ID: <47FDF1B2.4050906@ecs.soton.ac.uk> Do this with a ruleset on "Scan Messages" to ignore the IP addresses from your data centre. Looking for things in Received: headers is dodgy as I can force a mail to your system to not be scanned by merely including Received: by mailscanner anywhere in the headers. And you've just told all the spammers that's how to avoid your MailScanner. Norbert Schmidt wrote: > _Hi everybody, > > our current setup is using a gateway mailserver that is receiving > external mail and mail from our internal networks (like mail from the > datacenter) and routes them to our mailscanner servers. > As there are a lot of time critical alert mails comming from the > datacenter I am looking for a way to not scan them on the mailscanners > but rather directly send them to the internal groupware servers. > We are using a postfix setup, thus we are using the header_checks to put > the mail into the hold queue. > mailscanner1:~# cat /etc/postfix/header_checks > /^Received:.by.mailscanner/ IGNORE > /^Received:/ HOLD > > I've tried to add this line to the header_checks: > /^Received:.*\.ourdomain\.com/ DUNNO > > Which worked somehow to good, as all mail went around the mailscanner > (our gateway servers are using: mail1.ourdomain.com and mail2.ourdomain.com) > > I was thinking of a line like: If IP in header is not one of mine then HOLD > > Do you have any idea on how this could be aquired or do you have a > better way to solve this?? > > Regards > > Norbert > _ > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Thu Apr 10 12:23:56 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Apr 10 12:24:35 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <47FDF126.2080105@ecs.soton.ac.uk> References: <47FDE768.9040305@alexb.ch> <223f97700804100330t5bf5dc01q73bc4968094639b4@mail.gmail.com> <47FDF126.2080105@ecs.soton.ac.uk> Message-ID: <47FDF8CC.3080705@alexb.ch> On 4/10/2008 12:51 PM, Julian Field wrote: > > > Glenn Steen wrote: >> On 10/04/2008, Alex Broens wrote: >> >>> Jules: >>> >>> I've disabled all MailScanner phishing checks yet: >>> >>> Apr 10 12:01:01 cobox-1 update.bad.phishing.sites: Delaying cron job >>> up to >>> 600 seconds >>> >>> It would be very elegant if these are not enabled, the cron job is >>> disabled >>> as well. >>> >>> same with AV signatures update hourly job. >>> >>> thanks >>> >>> Alex >>> >> >> I'm not sure I agree, and I'm pretty sure Jules doesn't... You are not >> the first to ask:-). >> >> The thinking here is that the update jobs for functionality you >> *might* enable later should still be active, so that when you _do_ >> activate them, all updates are already in place. The correct way to >> avoid this for AV is to deinstall any unused AV product. For the >> phishing thing... there simply is no such thing. >> > > I'm with Glenn on this one, sorry. > If you decide to enable a feature, it should be ready and waiting for > you. It hardly adds a significant load to your system, and you can > always disable the cron job yourself if you want to, just chmod -x the > file in /etc/cron.hourly. so its not possible to check *if* feature enabled and *if* not enabled, skip update? the moment you enable the feature, the check will see *if* enabled and run the update. Alex From gary at sgluk.com Thu Apr 10 13:12:18 2008 From: gary at sgluk.com (Gary Pentland) Date: Thu Apr 10 13:13:00 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled Message-ID: mailscanner-bounces@lists.mailscanner.info wrote: > so its not possible to check *if* feature enabled and *if* not > enabled, skip update? > > the moment you enable the feature, the check will see *if* enabled and > run the update. > > Alex If you really want to do this, change the cron script to check the MailScanner.conf for the feature and exit is it finds it disabled... Something along the lines of... if grep 'Find Phishing Fraud = yes' /opt/local/mailscanner/etc/MailScanner.conf RUN UPDATE SCRIPT else DON'T RUN UPDATE SCRIPT fi This is the beauty of open source code! If *you* have an unusual requirement, *you* can change it to suit your needs. Obviously if you do change something that may be useful to others then send the diffs to Jules so he can include it in a future release. Personally if this was to be a feature then I'd suggest adding "Update Phishing Config Files" as a Yes/No in MailScanner.conf and grep on that, but then again, I don't need this feature... However, cron is still running a job and if your concern is wasted resources for something you are sure you'll never use, delete or disable the cron script altogether. Regards, Gary From ms-list at alexb.ch Thu Apr 10 13:44:48 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Apr 10 13:45:32 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: References: Message-ID: <47FE0BC0.1000801@alexb.ch> On 4/10/2008 2:12 PM, Gary Pentland wrote: > mailscanner-bounces@lists.mailscanner.info wrote: >> so its not possible to check *if* feature enabled and *if* not >> enabled, skip update? >> >> the moment you enable the feature, the check will see *if* enabled >> and run the update. >> >> Alex > > If you really want to do this, change the cron script to check the > MailScanner.conf for the feature and exit is it finds it disabled... > > Something along the lines of... > > if grep 'Find Phishing Fraud = yes' > /opt/local/mailscanner/etc/MailScanner.conf RUN UPDATE SCRIPT else > DON'T RUN UPDATE SCRIPT fi > > This is the beauty of open source code! If *you* have an unusual > requirement, *you* can change it to suit your needs. Obviously if > you do change something that may be useful to others then send the > diffs to Jules so he can include it in a future release. Personally > if this was to be a feature then I'd suggest adding "Update Phishing > Config Files" as a Yes/No in MailScanner.conf and grep on that, but > then again, I don't need this feature... > > However, cron is still running a job and if your concern is wasted > resources for something you are sure you'll never use, delete or > disable the cron script altogether. In my case, I delete the file and am happy. But if I consider a feature might come in handy, does open source mean I have to cook something for myself only and never request an enhancement which could come in handly for to others ? No everybody has coding skills, but may have decent ideas... get the point? I'm think about the zillions of possibly unnecessary file transfers which are being made done. I'd bet quite a few haven't noticed that they're downloading stuff they don't need, which also places a load on the server offering these files. same can apply to SA updates, AV, rules_du_jour etc. Alex From themba at dcdata.co.za Thu Apr 10 14:40:48 2008 From: themba at dcdata.co.za (Themba Ntleki) Date: Thu Apr 10 14:38:28 2008 Subject: Graphic inline Signature Message-ID: <47FE18E0.2010102@dcdata.co.za> Hi Guys, Is is possible to have a graphic(.jpg) within the inline signature in MS or something similar, I have tried adding some html code in the inline.sig.html file, but mail is sent without the graphic. Any Ideas? Thank you. -- Kind Regards, Themba [Open Ideas, Open Possibilities - Open Source] This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From MailScanner at ecs.soton.ac.uk Thu Apr 10 14:39:34 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 14:40:17 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <47FE0BC0.1000801@alexb.ch> References: <47FE0BC0.1000801@alexb.ch> Message-ID: <47FE1896.2000403@ecs.soton.ac.uk> Alex Broens wrote: > On 4/10/2008 2:12 PM, Gary Pentland wrote: >> mailscanner-bounces@lists.mailscanner.info wrote: >>> so its not possible to check *if* feature enabled and *if* not >>> enabled, skip update? >>> >>> the moment you enable the feature, the check will see *if* enabled >>> and run the update. >>> >>> Alex >> >> If you really want to do this, change the cron script to check the >> MailScanner.conf for the feature and exit is it finds it disabled... >> >> Something along the lines of... >> >> if grep 'Find Phishing Fraud = yes' >> /opt/local/mailscanner/etc/MailScanner.conf RUN UPDATE SCRIPT else >> DON'T RUN UPDATE SCRIPT fi >> >> This is the beauty of open source code! If *you* have an unusual >> requirement, *you* can change it to suit your needs. Obviously if >> you do change something that may be useful to others then send the >> diffs to Jules so he can include it in a future release. Personally >> if this was to be a feature then I'd suggest adding "Update Phishing >> Config Files" as a Yes/No in MailScanner.conf and grep on that, but >> then again, I don't need this feature... >> >> However, cron is still running a job and if your concern is wasted >> resources for something you are sure you'll never use, delete or >> disable the cron script altogether. > > In my case, I delete the file and am happy. But if I consider a > feature might come in handy, does open source mean I have to cook > something for myself only and never request an enhancement which could > come in handly for to others ? No, it doesn't mean that at all. Feel free to make requests and suggest features. In this case, I don't think it's worth it, in my view very few people would ever change the option from the default (which would have to be to keep the file updated). > > No everybody has coding skills, but may have decent ideas... get the > point? > > I'm think about the zillions of possibly unnecessary file transfers > which are being made done. I think you'll find that most people use this feature (it's 'on' by default), so the file transfer are necessary. > > I'd bet quite a few haven't noticed that they're downloading stuff > they don't need, which also places a load on the server offering these > files. Update to version 4.68 and you will find that update_bad_phishing_sites has changed completely. For starters, it now only downloads the changes to the file and not the entire file every time. So the individual download is very small. Furthermore, to protect against denial-of-service attacks, what appears to be a single hostname (with a single IP address) is actually a complete globally-distributed cluster of servers which serve up the file (and the tables of diffs which are updated every 10 minutes or so). Your MailScanner server will automatically download it from the closest server to you that is available, so it doesn't even generate much international traffic as there are quite a lot of servers available. If one member of the cluster is unavailable, it will back off to the next nearest and so on. So this minimises the amount of network traffic involved. If you want to find out more detail about how it all works, read up about "anycast" at http://en.wikipedia.org/wiki/Anycast Thanks go to Matt Hampton and coders.co.uk for providing me with access to do all this stuff, and for providing all the code necessary to make it work in the background for you folks. > same can apply to SA updates, AV, rules_du_jour etc. Except for the AV updates, these are only done daily, so in the big picture this is a negligible amount of traffic. If you switched to a new virus scanner and its updates were very out of date, you would run the severe risk of letting viruses into your network just because you're too stingy to keep a few files up to date. That is not a risk worth taking! If they were changed to only update if, for example, "Spam Assassin = yes" was set, it would have to be checked a lot more frequently as otherwise your SpamAssassin would be horribly out of date for the first day you tried to use it, which a) would create a really bad impression of its abilities just when you need it to work properly as you are setting it up, and b) would cause a lot more overhead on your server as these cronjobs would need to run at least every hour, instead of once every day. So in the long run, I just don't think it's useful. How big a percentage of MailScanner installations do *not* use SpamAssassin? I would expect it to be a very small number. And of that percentage, how many systems are so tight on resources that running 1 or 2 cron jobs in the middle of the night makes a noticeable difference to the total bandwidth or CPU power used? A small percentage multiplied by another small percentage is vanishingly small. I just don't think it's worth the bother, given the nuisance it would cause when you are trying to set things up and tune your system. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Thu Apr 10 14:47:28 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Apr 10 14:48:18 2008 Subject: SA-Update Problem In-Reply-To: References: Message-ID: <47FE1A70.8050901@evi-inc.com> Gregory Wong wrote: > I am running version 3.1.0. I have been weary to upgrade to the latest > because I?ve read that there are bugs in SA that allows all mail through > even if its spam. > Um, there are multiple security holes in 3.1.0 including one that allows spammers to DoS your mailserver by sending it a malformed message. All of the following security advisories apply to 3.1.0: http://spamassassin.apache.org/advisories/cve-2007-2873.txt http://spamassassin.apache.org/advisories/cve-2007-0451.txt http://spamassassin.apache.org/advisories/cve-2006-2447.txt As for said bugs that allow all mail through, what bugs are you referring to? I've not seen any such reports, and I'd suspect I'd have heard a *LOT* about it if that were true. From P.G.M.Peters at utwente.nl Thu Apr 10 14:58:56 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Apr 10 14:59:38 2008 Subject: ICSA labs anti-spam tests Message-ID: <47FE1D20.3010902@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are there any ideas on the anti-spam tests conducted by ICSA Labs? How would MS score with the testrules at https://www.icsalabs.com/icsa/docs/html/communities/Antispamcriteriav095.pdf? - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH/h0eelLo80lrIdIRAhvlAJ4wiZOlVEP2QH71iGjr8gjOMSFSRQCfd07M u/qLhstzloyPVdNUif0Vn7w= =B9iV -----END PGP SIGNATURE----- From glenn.steen at gmail.com Thu Apr 10 15:07:55 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 10 15:08:31 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <47FE0BC0.1000801@alexb.ch> References: <47FE0BC0.1000801@alexb.ch> Message-ID: <223f97700804100707i500c16cam38e505062e39d216@mail.gmail.com> On 10/04/2008, Alex Broens wrote: > On 4/10/2008 2:12 PM, Gary Pentland wrote: > > > mailscanner-bounces@lists.mailscanner.info wrote: > > > > > so its not possible to check *if* feature enabled and *if* not enabled, > skip update? > > > > > > the moment you enable the feature, the check will see *if* enabled > > > and run the update. > > > > > > Alex > > > > > > > If you really want to do this, change the cron script to check the > > MailScanner.conf for the feature and exit is it finds it disabled... > > > > Something along the lines of... > > > > if grep 'Find Phishing Fraud = yes' > > /opt/local/mailscanner/etc/MailScanner.conf RUN UPDATE > SCRIPT else DON'T RUN UPDATE SCRIPT fi > > > > This is the beauty of open source code! If *you* have an unusual > > requirement, *you* can change it to suit your needs. Obviously if > > you do change something that may be useful to others then send the > > diffs to Jules so he can include it in a future release. Personally > > if this was to be a feature then I'd suggest adding "Update Phishing > > Config Files" as a Yes/No in MailScanner.conf and grep on that, but > > then again, I don't need this feature... > > > > However, cron is still running a job and if your concern is wasted > > resources for something you are sure you'll never use, delete or > > disable the cron script altogether. > > > > In my case, I delete the file and am happy. But if I consider a feature > might come in handy, does open source mean I have to cook something for > myself only and never request an enhancement which could come in handly for > to others ? No, I didn't read Gary as saying that... only needed when the one you request it of doesn't agree with you, and hence won't do the change;-). > No everybody has coding skills, but may have decent ideas... get the point? Sure... (You are most certainly not one of those...?;-) Then again, not all requests are merited to be acted on. In this case, you didn't see the point I was making (and Jules as well), it seems. The difference in opinion can be summed up like: Your view: Don't run updates for things that are installed, but are disabled in the configuration of MailScanner. This *might* be fine for things that only run within MailScanner (like the phishing net), but is probably wrong for things like an AV scanner ("hmmm, I'll check this infected/blocked file with this AV scanenr I have instaleld but don't use....":-). But it will introduce an admittedly short-ish lag before updates get done... More than I want. Simpler to have the rule: If installed, do updates:-). My/Jules view: Update everything that is installed. This has two drawbacks: - You actually need do whatever config is needed for the updates to work... Or live with log errors or whatnot:-). - It does spend a few resources. If your system don't have them to spend... By all means, do whatever necessary to disable them. Like deinstalling that extra AV;). For the phishing... well, it really is pretty minor... I wouldn't even bother:-):-). All in all, is this really something that need another option (Update Unused But Installed Components) or a change in default behavior? I don't think so. > I'm think about the zillions of possibly unnecessary file transfers which > are being made done. Hardly zillions, however many that is:-). > I'd bet quite a few haven't noticed that they're downloading stuff they > don't need, which also places a load on the server offering these files. But it is for the "lazy bum admin" that this is actually a Good Thing(tm)! > same can apply to SA updates, AV, rules_du_jour etc. Well... at least the last need some very specific intervention from the one doing the installation ... to be installed ...:-). Chill Alex, this is definitely not a big issue. If you know enough to be asking, you know enough to "fix" it. For all else, the default behavior is "right".... IMO:-). > Alex > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From prandal at herefordshire.gov.uk Thu Apr 10 15:20:58 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Apr 10 15:21:39 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <47FE1896.2000403@ecs.soton.ac.uk> References: <47FE0BC0.1000801@alexb.ch> <47FE1896.2000403@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0360B4CA@HC-MBX02.herefordshire.gov.uk> Jules wrote: > If they were changed to only update if, for example, "Spam Assassin = yes" was set, it would > have to be checked a lot more frequently as otherwise your SpamAssassin would be horribly out > of date for the first day you tried to use it, which > a) would create a really bad impression of its abilities just when you need it to work > properly as you are setting it up, > and > b) would cause a lot more overhead on your server as these cronjobs would need to run at > least every hour, instead of once every day. Jules, There's a plan to not bundle ANY rules with SA 3.3.0, so an sa-update on install we become mandatory. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council From spamlists at coders.co.uk Thu Apr 10 15:43:11 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Thu Apr 10 15:44:36 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <47FE1896.2000403@ecs.soton.ac.uk> References: <47FE0BC0.1000801@alexb.ch> <47FE1896.2000403@ecs.soton.ac.uk> Message-ID: <47FE277F.6020308@coders.co.uk> Julian Field wrote: >> I'd bet quite a few haven't noticed that they're downloading stuff >> they don't need, which also places a load on the server offering >> these files. > Update to version 4.68 and you will find that > update_bad_phishing_sites has changed completely. For starters, it now > only downloads the changes to the file and not the entire file every > time. So the individual download is very small. > > To give you some idea - the new code reduces the bandwidth to 4% of the previous version and the update script only downloads something if there is a new update to download (it works in a similar way to sa-update by using DNS lookups). Daily downloads (per server) are now in the order of 140Kb (compared to almost 3.5 Mb). If you don't want to upgrade to the latest version of MailScanner, the new version of the script is backwardly compatible - so you can download the new source package and just extract the script and install it manually. matt. From glenn.steen at gmail.com Thu Apr 10 15:58:52 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 10 15:59:29 2008 Subject: ICSA labs anti-spam tests In-Reply-To: <47FE1D20.3010902@utwente.nl> References: <47FE1D20.3010902@utwente.nl> Message-ID: <223f97700804100758i6d454efdga486d7f8a6ea262e@mail.gmail.com> On 10/04/2008, Peter Peters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Are there any ideas on the anti-spam tests conducted by ICSA Labs? > How would MS score with the testrules at > https://www.icsalabs.com/icsa/docs/html/communities/Antispamcriteriav095.pdf? > Hm, that is pretty darned irrelevant for most MailScanner setups....:-). Seems to be more of a "service or appliance" protocol than anything else. Apart from the required "catch rate of 95% with FP rate of 0.001%"... Which all depend on the corpus, rules enabled etc etc. More like something the Steves and Jules might be concerned with for the DefenderMX and possibly BarricadeMX solutions:) Or perhaps one sould go with the "defaults setup" as described on www.mailscanner.info/wiki.mailscanner.info :..:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gary at sgluk.com Thu Apr 10 16:08:34 2008 From: gary at sgluk.com (Gary Pentland) Date: Thu Apr 10 16:09:28 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <223f97700804100707i500c16cam38e505062e39d216@mail.gmail.com> References: <47FE0BC0.1000801@alexb.ch> <223f97700804100707i500c16cam38e505062e39d216@mail.gmail.com> Message-ID: Alex, If I have offended you, that was not my intention and I would like to apologise. It is my opinion that the default MailScanner install is good for those that don't know better, if you do know better than you can, if you choose to, improve on it. In this case it was a trivial change that not many people are going to be requiring, whilst Julian and the community at large welcomes requests and suggestions he simply can't code them all! Julian, what are you on now? About 12,000 hours of effort in MailScanner or there abouts? I know it was a while ago when we talking about you having broken the 10,000 hours barrier... Anyway for the simpler changes, if you have the skills, help him out. That way he can concentrate on the stuff no-one else can work out how to code:-) That is what I meant by the beauty of open source code, its not roll-your-own for every fix or issue but a collaboration where you take on improvements that you do have the skills for and get improvements from others that you don't have the skills for. Regards, Gary From MailScanner at ecs.soton.ac.uk Thu Apr 10 16:16:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 16:17:06 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0360B4CA@HC-MBX02.herefordshire.gov.uk> References: <47FE0BC0.1000801@alexb.ch> <47FE1896.2000403@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA0360B4CA@HC-MBX02.herefordshire.gov.uk> Message-ID: <47FE2F41.4030500@ecs.soton.ac.uk> Randal, Phil wrote: > Jules wrote: > > >> If they were changed to only update if, for example, "Spam Assassin = >> > yes" was set, it would > >> have to be checked a lot more frequently as otherwise your >> > SpamAssassin would be horribly out > >> of date for the first day you tried to use it, which >> a) would create a really bad impression of its abilities just when you >> > need it to work > >> properly as you are setting it up, >> and >> b) would cause a lot more overhead on your server as these cronjobs >> > would need to run at > >> least every hour, instead of once every day. >> > > Jules, > > There's a plan to not bundle ANY rules with SA 3.3.0, so an sa-update on > install we become mandatory. > Do you know if the "make install" phase of building it will do that? Or are they hoping that everyone installing it will read all the docs and hence know how to do that. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Rich.West at wesmo.com Thu Apr 10 16:17:34 2008 From: Rich.West at wesmo.com (Rich West) Date: Thu Apr 10 16:19:48 2008 Subject: MailScanner + Sendmail = stuck mail? In-Reply-To: <47FDD2EB.6080106@ecs.soton.ac.uk> References: <47FD0060.3020302@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> <47FD2B71.5020908@wesmo.com> <47FDD2EB.6080106@ecs.soton.ac.uk> Message-ID: <47FE2F8E.6020908@wesmo.com> Julian Field wrote: > > > Rich West wrote: >> Mike Kercher wrote: >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rich >>> West >>> Sent: Wednesday, April 09, 2008 12:44 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: MailScanner + Sendmail = "user unknown" >>> >>> I've inherited a MailScanner setup that is pretty questionable (from a >>> security standpoint), and I'm rebuilding the box from scratch. I've >>> gotten everything installed (CentOS, clamav, SA, MailScanner, Sendmail) >>> to have the system act as a relay to an exchange backend. >>> >>> Oddly, it does not seem to be picking up the messages that are being >>> left in /var/spool/mqueue.in. I see the messages being deposited >>> there, >>> but they don't seem to be acted upon. Is there, perhaps, setting >>> that I >>> might have missed/glossed over that is obvious? >>> > Don't need to touch your sendmail config at all when installing > MailScanner. Ahh.. ok.. that's what I was looking for. Reverting the sendmail configuration back to a null client, it happily sends email back to the exchange server farm. From there, if I stop sendmail and start up MailScanner (with it starting up sendmail), email passes right through to the exchange server as if MailScanner never touched it. Watching the MailScanner --debug output, all I see is: /usr/sbin/MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Building a message batch to scan... And /var/log/maillog shows: root 24494 1 0 09:53 ? 00:00:00 sendmail: accepting connections smmsp 24500 1 0 09:53 ? 00:00:00 sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue root 24507 1 0 09:53 ? 00:00:00 sendmail: Queue runner@00:15:00 for /var/spool/mqueue smmsp 25062 25058 0 11:01 ? 00:00:00 /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t Interesting since my inbound queue is set to /var/spool/mqueue.in and outbound queue is set to /var/spool/mqueue... -Rich From rcastilloramos at yahoo.es Thu Apr 10 16:23:43 2008 From: rcastilloramos at yahoo.es (roberto martin castillo ramos) Date: Thu Apr 10 16:24:18 2008 Subject: help wiht MailScanner please Message-ID: <113374.3471.qm@web36404.mail.mud.yahoo.com> Hello, I have installed the MailScanner4.64.3 in Centos5, but once installed all the emails that are good enter like Spam, but when the MailScanner was not installed all emails that are good enter well, How I can do so that the good emails do not enter like Spam once installed the MailScanner, Thanks --------------------------------- ?Con Mascota por primera vez? - S? un mejor Amigo Entra en Yahoo! Respuestas. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080410/ed277cb3/attachment.html From MailScanner at ecs.soton.ac.uk Thu Apr 10 16:29:26 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 16:29:44 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: References: <47FE0BC0.1000801@alexb.ch> <223f97700804100707i500c16cam38e505062e39d216@mail.gmail.com> Message-ID: <47FE3256.9080208@ecs.soton.ac.uk> Gary Pentland wrote: > Alex, > > If I have offended you, that was not my intention and I would like to apologise. > > It is my opinion that the default MailScanner install is good for those that don't know better, if you do know better than you can, if you choose to, improve on it. In this case it was a trivial change that not many people are going to be requiring, whilst Julian and the community at large welcomes requests and suggestions he simply can't code them all! > I aim it squarely at a set of defaults that work, and a set that work well for most people most of the time, with a bias strongly in favour of those that do not know any better. If you don't like it, and know how to change it, then change it. If I like your idea, and other people like your idea too, then I'll tend to adopt it and implement it how and if I want to. I don't pretend to run a democracy :-) And no insult or offence is intended, it's just that in this case I don't like your idea. That's my choice. If you don't like the way I run the project, you are also free to start up your own and write a competing product from scratch. Have fun doing the 12,000 hours of unpaid work required to get this far :-) That's about 7.3 years of a full-time job, with no salary. (Wow, those numbers are scary! :-) > Julian, what are you on now? About 12,000 hours of effort in MailScanner or there abouts? I know it was a while ago when we talking about you having broken the 10,000 hours barrier... > Yes, it's somewhere between 11 and 12,000 hours work now. I passed the 10,000 hour mark quite a long time ago. I think I implement the vast majority of ideas people come up with, usually fairly quickly :-) > Anyway for the simpler changes, if you have the skills, help him out. That way he can concentrate on the stuff no-one else can work out how to code:-) That is what I meant by the beauty of open source code, its not roll-your-own for every fix or issue but a collaboration where you take on improvements that you do have the skills for and get improvements from others that you don't have the skills for. > Well put. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 10 16:33:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 16:34:03 2008 Subject: Graphic inline Signature In-Reply-To: <47FE18E0.2010102@dcdata.co.za> References: <47FE18E0.2010102@dcdata.co.za> Message-ID: <47FE3340.5080505@ecs.soton.ac.uk> Themba Ntleki wrote: > Hi Guys, > > Is is possible to have a graphic(.jpg) within the inline signature in > MS or something similar, I have tried adding some html code in the > inline.sig.html file, but mail is sent without the graphic. > Any Ideas? Yes, perfectly possible. Read your MailScanner.conf file and you will find these. They are most useful with rulesets, so that you switch it on and off for different people, and choose different images for different people. My default HTML signature for mail sent within my department contains an image of my real signature (well, nearly my signature, but no use for signing checks as me). If you don't know about rulesets, read /etc/MailScanner/rules/* and the docs on the website and on the wiki and in the book. # If you are using HTML signatures, you can embed an image in the signature. # For the filename(s) of the image, see the settings "Signature Image # Filename" and "Signature Image Filename". # This can also be the filename of a ruleset. Attach Image To Signature = no # Normally, you would only want to attach the image to messages with an # HTML part, as plain text messages clearly cannot display an image. # However, if you find some other use for this feature, you may want to # attach an image to a message which is just text. # This can also be the filename of a ruleset. Attach Image To HTML Message Only = yes # When using an image in the signature, there are 2 filenames which need # to be set. The first is the location in this server's filesystem of the # image file itself. The second is the name of the image as it is stored in # the attachment. The HTML version of the signature will refer to this # second name in the HTML tag. # Note: the filename extension will be used as the MIME subtype, so a GIF # image must end in ".gif" for example. (.jpg ==> "jpeg" as a special case) Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkercher at nfsmith.com Thu Apr 10 16:55:16 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Thu Apr 10 16:56:16 2008 Subject: MailScanner + Sendmail = stuck mail? In-Reply-To: <47FE2F8E.6020908@wesmo.com> References: <47FD0060.3020302@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> <47FD2B71.5020908@wesmo.com><47FDD2EB.6080106@ecs.soton.ac.uk> <47FE2F8E.6020908@wesmo.com> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F96DFFE@HOUPEX01.nfsmith.info> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rich West Sent: Thursday, April 10, 2008 10:18 AM To: MailScanner discussion Subject: Re: MailScanner + Sendmail = stuck mail? Julian Field wrote: > > > Rich West wrote: >> Mike Kercher wrote: >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Rich West >>> Sent: Wednesday, April 09, 2008 12:44 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: MailScanner + Sendmail = "user unknown" >>> >>> I've inherited a MailScanner setup that is pretty questionable (from >>> a security standpoint), and I'm rebuilding the box from scratch. >>> I've gotten everything installed (CentOS, clamav, SA, MailScanner, >>> Sendmail) to have the system act as a relay to an exchange backend. >>> >>> Oddly, it does not seem to be picking up the messages that are being >>> left in /var/spool/mqueue.in. I see the messages being deposited >>> there, but they don't seem to be acted upon. Is there, perhaps, >>> setting that I might have missed/glossed over that is obvious? >>> > Don't need to touch your sendmail config at all when installing > MailScanner. Ahh.. ok.. that's what I was looking for. Reverting the sendmail configuration back to a null client, it happily sends email back to the exchange server farm. From there, if I stop sendmail and start up MailScanner (with it starting up sendmail), email passes right through to the exchange server as if MailScanner never touched it. Watching the MailScanner --debug output, all I see is: /usr/sbin/MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Building a message batch to scan... And /var/log/maillog shows: root 24494 1 0 09:53 ? 00:00:00 sendmail: accepting connections smmsp 24500 1 0 09:53 ? 00:00:00 sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue root 24507 1 0 09:53 ? 00:00:00 sendmail: Queue runner@00:15:00 for /var/spool/mqueue smmsp 25062 25058 0 11:01 ? 00:00:00 /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t Interesting since my inbound queue is set to /var/spool/mqueue.in and outbound queue is set to /var/spool/mqueue... -Rich -- This is the output of ps, not the maillog. We need to see the maillog to see what may or may not be happening. Mike From octaviomaiden at yahoo.com Thu Apr 10 16:57:49 2008 From: octaviomaiden at yahoo.com (Octavio) Date: Thu Apr 10 16:58:24 2008 Subject: Maximum Attachment Size In-Reply-To: Message-ID: <649519.40381.qm@web38907.mail.mud.yahoo.com> --- Scott Silva escribi?: > on 4-9-2008 2:25 PM Octavio spake the following: > > Hi > > I try to use the parameter Max Attachment Size but > it > > seems doesnt works, there is something wrong? > > > > here is what I use > > ###MailScanner.conf > > Maximum Attachment Size = > > /etc/MailScanner/rules/max.attachment.size > Did you try this with .rules appended to the > filename? In some cases the rules > parser needs the file name to end in .rules so I > just got in the habit of > adding it on all of them to be safe. > > > > > > ###/etc/MailScanner/rules/max.attachment.size > > To: userlocal@domainlocal.com 100 > > FromOrTo: default -1 > > > > > > I configure those parameters and test with a 500k > mail > > attach and it is allowed without restrictions > > > > there is something else I have to do? > > > > thanks > > > > > > > > > ____________________________________________________________________________________ > > ???Capacidad ilimitada de almacenamiento en tu > correo! > > No te preocupes m???s por el espacio de tu cuenta > con Correo Yahoo!: > > http://correo.espanol.yahoo.com/ > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > does anyone know how make works this? thanks ____________________________________________________________________________________ ?Capacidad ilimitada de almacenamiento en tu correo! No te preocupes m?s por el espacio de tu cuenta con Correo Yahoo!: http://correo.espanol.yahoo.com/ From prandal at herefordshire.gov.uk Thu Apr 10 17:04:31 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Apr 10 17:05:12 2008 Subject: Request: Disable update.bad.phishing.sites job when phishing checks are disabled In-Reply-To: <47FE2F41.4030500@ecs.soton.ac.uk> References: <47FE0BC0.1000801@alexb.ch> <47FE1896.2000403@ecs.soton.ac.uk><7EF0EE5CB3B263488C8C18823239BEBA0360B4CA@HC-MBX02.herefordshire.gov.uk> <47FE2F41.4030500@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0360B527@HC-MBX02.herefordshire.gov.uk> Jules wrote: >> There's a plan to not bundle ANY rules with SA 3.3.0, so an sa-update >> on install we become mandatory. >> > Do you know if the "make install" phase of building it will do that? Or are they > hoping that everyone installing it will read all the docs and hence know how to do that. > Jules I think we're going to have to wait and see what they do. Phil From mkettler at evi-inc.com Thu Apr 10 17:07:56 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Apr 10 17:09:38 2008 Subject: ICSA labs anti-spam tests In-Reply-To: <47FE1D20.3010902@utwente.nl> References: <47FE1D20.3010902@utwente.nl> Message-ID: <47FE3B5C.2020502@evi-inc.com> Peter Peters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Are there any ideas on the anti-spam tests conducted by ICSA Labs? > How would MS score with the testrules at > https://www.icsalabs.com/icsa/docs/html/communities/Antispamcriteriav095.pdf? > 99% of what's in that document is a function of the operating system or other system utilities (ie: syslogd, ntpd) not MailScanner.. Most of it is log formats, dates, authentication, time sync, etc.. The parts that do seem applicable are: 1) log messages for actions taken (ie: deletion), which mailscanner does. 2) detection rate: well, without their corpus it's hard to tell. This also depends a LOT on what tools you use with MailScanner. Do you use SpamAssassin? Any RBL's at the MailScanner level? They require detect rate of 95% or higher and FP rate of 0.001% or lower. I can tell you that in SA's own testing, SpamAssassin's FP rate is too high for that. However, the accuracy of SA's own test corpus is probably not accurate enough to ensure that less than 0.001% of the mail in the nonspam pool isn't actually mis-placed spam. The SA corpus is hand classified, but humans make mistakes. To achieve 0.001%, you'd have to make fewer than 1 mistakes in 1 million emails. That's *way* beyond the bounds of human error. The only way I can see to get numbers like that is to run the test, look every one of the misclassified messages, kick out the ones that are actually spam upon re-review, then re-run the test. However, that borders on fitting your data to your test. The SA team does this to a very limited degree, but it's not a process taken far enough to get down to 1 in a million accuracy. They review the ones that seem to score really high, or that hit rules that don't seem like they should ever hit nonspam mail, but not every misclassified message. You'd also need a corpus of over 1 million fresh nonspam emails to detect errors so small, which the SA team does not have. The 3.2 mass-checks were based on roughly 500k nonspam's and 950k spams. From Rich.West at wesmo.com Thu Apr 10 17:09:18 2008 From: Rich.West at wesmo.com (Rich West) Date: Thu Apr 10 17:11:32 2008 Subject: MailScanner + Sendmail = stuck mail? In-Reply-To: <224FA7E11EA39E45843E11CEBBD3A36F96DFFE@HOUPEX01.nfsmith.info> References: <47FD0060.3020302@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> <47FD2B71.5020908@wesmo.com><47FDD2EB.6080106@ecs.soton.ac.uk> <47FE2F8E.6020908@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DFFE@HOUPEX01.nfsmith.info> Message-ID: <47FE3BAE.2060208@wesmo.com> Mike Kercher wrote: > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rich > West > Sent: Thursday, April 10, 2008 10:18 AM > To: MailScanner discussion > Subject: Re: MailScanner + Sendmail = stuck mail? > > Julian Field wrote: > >> Rich West wrote: >> >>> Mike Kercher wrote: >>> >>> >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>> Rich West >>>> Sent: Wednesday, April 09, 2008 12:44 PM >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: MailScanner + Sendmail = "user unknown" >>>> >>>> I've inherited a MailScanner setup that is pretty questionable (from >>>> > > >>>> a security standpoint), and I'm rebuilding the box from scratch. >>>> I've gotten everything installed (CentOS, clamav, SA, MailScanner, >>>> Sendmail) to have the system act as a relay to an exchange backend. >>>> >>>> Oddly, it does not seem to be picking up the messages that are being >>>> > > >>>> left in /var/spool/mqueue.in. I see the messages being deposited >>>> there, but they don't seem to be acted upon. Is there, perhaps, >>>> setting that I might have missed/glossed over that is obvious? >>>> >>>> >> Don't need to touch your sendmail config at all when installing >> MailScanner. >> > > > Ahh.. ok.. that's what I was looking for. > > Reverting the sendmail configuration back to a null client, it happily > sends email back to the exchange server farm. From there, if I stop > sendmail and start up MailScanner (with it starting up sendmail), email > passes right through to the exchange server as if MailScanner never > touched it. > > Watching the MailScanner --debug output, all I see is: > /usr/sbin/MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > Building a message batch to scan... > > And /var/log/maillog shows: > root 24494 1 0 09:53 ? 00:00:00 sendmail: accepting > connections > smmsp 24500 1 0 09:53 ? 00:00:00 sendmail: Queue > runner@00:15:00 for /var/spool/clientmqueue > root 24507 1 0 09:53 ? 00:00:00 sendmail: Queue > runner@00:15:00 for /var/spool/mqueue > smmsp 25062 25058 0 11:01 ? 00:00:00 /usr/sbin/sendmail > -FCronDaemon -i -odi -oem -oi -t > > Interesting since my inbound queue is set to /var/spool/mqueue.in and > outbound queue is set to /var/spool/mqueue... > > -Rich > -- > > This is the output of ps, not the maillog. We need to see the maillog > to see what may or may not be happening. > > Mike > Ooops.. it's here: pr 10 11:26:30 mail-gw-new MailScanner[25608]: MailScanner E-Mail Virus Scanner version 4.68.8 starting... Apr 10 11:26:30 mail-gw-new MailScanner[25608]: Read 817 hostnames from the phishing whitelist Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 6241 hostnames from the phishing blacklist Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom init function SQLBlacklist Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Blacklist Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 blacklist entries Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom init function MailWatchLogging Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom init function SQLWhitelist Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Whitelist Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 whitelist entries Apr 10 11:26:31 mail-gw-new MailScanner[25608]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Apr 10 11:26:32 mail-gw-new MailScanner[25600]: Using locktype = posix Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Using SpamAssassin results cache Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Connected to SpamAssassin cache database Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Enabling SpamAssassin auto-whitelist functionality... Apr 10 11:26:35 mail-gw-new MailScanner[25611]: MailScanner E-Mail Virus Scanner version 4.68.8 starting... Apr 10 11:26:35 mail-gw-new MailScanner[25611]: Read 817 hostnames from the phishing whitelist Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 6241 hostnames from the phishing blacklist Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom init function SQLBlacklist Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Blacklist Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 blacklist entries Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom init function MailWatchLogging Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom init function SQLWhitelist Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Whitelist Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 whitelist entries Apr 10 11:26:36 mail-gw-new MailScanner[25611]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Apr 10 11:26:37 mail-gw-new MailScanner[25608]: Using locktype = posix Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Using SpamAssassin results cache Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Connected to SpamAssassin cache database Apr 10 11:26:39 mail-gw-new MailScanner[25611]: Enabling SpamAssassin auto-whitelist functionality... Apr 10 11:26:43 mail-gw-new MailScanner[25611]: Using locktype = posix Apr 10 11:56:53 mail-gw-new sendmail[25677]: m3AFurMN025677: from=root, size=41, class=0, nrcpts=1, msgid=<200804101556.m3AFurMN025677@mail-gw-new.mydomain.com>, relay=root@localhost Apr 10 11:56:53 mail-gw-new sendmail[25680]: m3AFurnW025680: from=, size=343, class=0, nrcpts=1, msgid=<200804101556.m3AFurMN025677@mail-gw-new.mydomain.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Apr 10 11:56:54 mail-gw-new sendmail[25680]: m3AFurnW025680: to=, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30343, relay=chadcex004.chahq.local. [192.168.8.34], dsn=2.0.0, stat=Sent ( <200804101556.m3AFurMN025677@mail-gw-new.mydomain.com> Queued mail for delivery) Apr 10 11:56:54 mail-gw-new sendmail[25677]: m3AFurMN025677: to=rwest@mydomain.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30041, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m3AFurnW025680 Message accepted for delivery) From admin at lctn.org Thu Apr 10 17:33:47 2008 From: admin at lctn.org (admin@lctn.org) Date: Thu Apr 10 17:34:43 2008 Subject: private IPs listed in RBL In-Reply-To: <32218581.1071207845037051.JavaMail.root@mail.lctn.org> Message-ID: <29256561.1091207845227877.JavaMail.root@mail.lctn.org> We have two mailscanners running on a small network. One acts as a gateway, and hands off to a mailserver which also has mailscanner running. The mail server is marking everything as spam as of yesterday, and shows the private IP of the gateway scanner is listed in an RBL. Where can I look in the config to fix this? -- Raymond Norton LCTN -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080410/8e0e8b92/attachment-0001.html From axisml at gmail.com Thu Apr 10 17:51:16 2008 From: axisml at gmail.com (AxisInternet) Date: Thu Apr 10 17:51:52 2008 Subject: private IPs listed in RBL In-Reply-To: <29256561.1091207845227877.JavaMail.root@mail.lctn.org> References: <29256561.1091207845227877.JavaMail.root@mail.lctn.org> Message-ID: <47FE4584.7010102@gmail.com> admin@lctn.org wrote: > We have two mailscanners running on a small network. One acts as a > gateway, and hands off to a mailserver which also has mailscanner > running. The mail server is marking everything as spam as of yesterday, > and shows the private IP of the gateway scanner is listed in an RBL. > Where can I look in the config to fix this? Typically, in your /etc/mail/sendmail.mc or /etc/mail/sendmail.cf file - or if you are using a split queue, could be in /etc/mail/sendmail_in.mc or /etc/mail/sendmail_in.cf. For example, from my /etc/mail/sendmail_in.mc file: FEATURE(`enhdnsbl', `cbl.abuseat.org',`"Rejected: " $&{client_addr} " blocked by RBL - see http://cbl.abuseat.org/lookup.cgi?ip=" $&{client_addr} "&.submit=Lookup."')dnl Chris From admin at lctn.org Thu Apr 10 18:10:13 2008 From: admin at lctn.org (admin@lctn.org) Date: Thu Apr 10 18:10:56 2008 Subject: private IPs listed in RBL In-Reply-To: <47FE4584.7010102@gmail.com> Message-ID: <13759631.1151207847413951.JavaMail.root@mail.lctn.org> Typically, in your /etc/mail/sendmail.mc or /etc/mail/sendmail.cf file - or if you are using a split queue, could be in /etc/mail/sendmail_in.mc or /etc/mail/sendmail_in.cf. For example, from my /etc/mail/sendmail_in.mc file: FEATURE(`enhdnsbl', `cbl.abuseat.org',`"Rejected: " $&{client_addr} " blocked by RBL - see http://cbl.abuseat.org/lookup.cgi?ip=" $&{client_addr} "&.submit=Lookup."')dnl Clarification... Mailscanner on the mail server is marking everything as spam, indicating private IPs are listed in an RBL. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080410/3a29467c/attachment.html From Denis.Beauchemin at USherbrooke.ca Thu Apr 10 18:38:07 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Apr 10 18:39:07 2008 Subject: MailScanner + Sendmail = stuck mail? In-Reply-To: <47FE3BAE.2060208@wesmo.com> References: <47FD0060.3020302@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> <47FD2B71.5020908@wesmo.com><47FDD2EB.6080106@ecs.soton.ac.uk> <47FE2F8E.6020908@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DFFE@HOUPEX01.nfsmith.info> <47FE3BAE.2060208@wesmo.com> Message-ID: <47FE507F.2010600@USherbrooke.ca> Rich West a ?crit : > Mike Kercher wrote: > >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rich >> West >> Sent: Thursday, April 10, 2008 10:18 AM >> To: MailScanner discussion >> Subject: Re: MailScanner + Sendmail = stuck mail? >> >> Julian Field wrote: >> >> >>> Rich West wrote: >>> >>> >>>> Mike Kercher wrote: >>>> >>>> >>>> >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>> Rich West >>>>> Sent: Wednesday, April 09, 2008 12:44 PM >>>>> To: mailscanner@lists.mailscanner.info >>>>> Subject: MailScanner + Sendmail = "user unknown" >>>>> >>>>> I've inherited a MailScanner setup that is pretty questionable (from >>>>> >>>>> >> >> >>>>> a security standpoint), and I'm rebuilding the box from scratch. >>>>> I've gotten everything installed (CentOS, clamav, SA, MailScanner, >>>>> Sendmail) to have the system act as a relay to an exchange backend. >>>>> >>>>> Oddly, it does not seem to be picking up the messages that are being >>>>> >>>>> >> >> >>>>> left in /var/spool/mqueue.in. I see the messages being deposited >>>>> there, but they don't seem to be acted upon. Is there, perhaps, >>>>> setting that I might have missed/glossed over that is obvious? >>>>> >>>>> >>>>> >>> Don't need to touch your sendmail config at all when installing >>> MailScanner. >>> >>> >> Ahh.. ok.. that's what I was looking for. >> >> Reverting the sendmail configuration back to a null client, it happily >> sends email back to the exchange server farm. From there, if I stop >> sendmail and start up MailScanner (with it starting up sendmail), email >> passes right through to the exchange server as if MailScanner never >> touched it. >> >> Watching the MailScanner --debug output, all I see is: >> /usr/sbin/MailScanner --debug >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> Building a message batch to scan... >> >> And /var/log/maillog shows: >> root 24494 1 0 09:53 ? 00:00:00 sendmail: accepting >> connections >> smmsp 24500 1 0 09:53 ? 00:00:00 sendmail: Queue >> runner@00:15:00 for /var/spool/clientmqueue >> root 24507 1 0 09:53 ? 00:00:00 sendmail: Queue >> runner@00:15:00 for /var/spool/mqueue >> smmsp 25062 25058 0 11:01 ? 00:00:00 /usr/sbin/sendmail >> -FCronDaemon -i -odi -oem -oi -t >> >> Interesting since my inbound queue is set to /var/spool/mqueue.in and >> outbound queue is set to /var/spool/mqueue... >> >> -Rich >> -- >> >> This is the output of ps, not the maillog. We need to see the maillog >> to see what may or may not be happening. >> >> Mike >> >> > > Ooops.. it's here: > pr 10 11:26:30 mail-gw-new MailScanner[25608]: MailScanner E-Mail Virus > Scanner version 4.68.8 starting... > Apr 10 11:26:30 mail-gw-new MailScanner[25608]: Read 817 hostnames from > the phishing whitelist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 6241 hostnames from > the phishing blacklist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom > init function SQLBlacklist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Blacklist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 blacklist entries > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom > init function MailWatchLogging > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom > init function SQLWhitelist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Whitelist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 whitelist entries > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: SpamAssassin temporary > working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Apr 10 11:26:32 mail-gw-new MailScanner[25600]: Using locktype = posix > Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Using SpamAssassin > results cache > Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Connected to > SpamAssassin cache database > Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Enabling SpamAssassin > auto-whitelist functionality... > Apr 10 11:26:35 mail-gw-new MailScanner[25611]: MailScanner E-Mail Virus > Scanner version 4.68.8 starting... > Apr 10 11:26:35 mail-gw-new MailScanner[25611]: Read 817 hostnames from > the phishing whitelist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 6241 hostnames from > the phishing blacklist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom > init function SQLBlacklist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Blacklist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 blacklist entries > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom > init function MailWatchLogging > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom > init function SQLWhitelist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Whitelist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 whitelist entries > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: SpamAssassin temporary > working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Apr 10 11:26:37 mail-gw-new MailScanner[25608]: Using locktype = posix > Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Using SpamAssassin > results cache > Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Connected to > SpamAssassin cache database > Apr 10 11:26:39 mail-gw-new MailScanner[25611]: Enabling SpamAssassin > auto-whitelist functionality... > Apr 10 11:26:43 mail-gw-new MailScanner[25611]: Using locktype = posix > Apr 10 11:56:53 mail-gw-new sendmail[25677]: m3AFurMN025677: from=root, > size=41, class=0, nrcpts=1, > msgid=<200804101556.m3AFurMN025677@mail-gw-new.mydomain.com>, > relay=root@localhost > Apr 10 11:56:53 mail-gw-new sendmail[25680]: m3AFurnW025680: > from=, size=343, class=0, nrcpts=1, > msgid=<200804101556.m3AFurMN025677@mail-gw-new.mydomain.com>, > proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] > Apr 10 11:56:54 mail-gw-new sendmail[25680]: m3AFurnW025680: > to=, delay=00:00:01, xdelay=00:00:01, mailer=relay, > pri=30343, relay=chadcex004.chahq.local. [192.168.8.34], dsn=2.0.0, > stat=Sent ( <200804101556.m3AFurMN025677@mail-gw-new.mydomain.com> > Queued mail for delivery) > Apr 10 11:56:54 mail-gw-new sendmail[25677]: m3AFurMN025677: > to=rwest@mydomain.com, ctladdr=root (0/0), delay=00:00:01, > xdelay=00:00:01, mailer=relay, pri=30041, relay=[127.0.0.1] [127.0.0.1], > dsn=2.0.0, stat=Sent (m3AFurnW025680 Message accepted for delivery) > > > > Rich, There's nothing in there that shows MS' involvement in the processing of that email. Are you sure you stopped sendmail (service sendmail stop; ps -ef | grep sendmail) and then started it through MS (service MailScanner restart)? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Rich.West at wesmo.com Thu Apr 10 18:42:43 2008 From: Rich.West at wesmo.com (Rich West) Date: Thu Apr 10 18:44:58 2008 Subject: MailScanner + Sendmail = stuck mail? In-Reply-To: <47FE3BAE.2060208@wesmo.com> References: <47FD0060.3020302@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DE4D@HOUPEX01.nfsmith.info> <47FD2B71.5020908@wesmo.com><47FDD2EB.6080106@ecs.soton.ac.uk> <47FE2F8E.6020908@wesmo.com> <224FA7E11EA39E45843E11CEBBD3A36F96DFFE@HOUPEX01.nfsmith.info> <47FE3BAE.2060208@wesmo.com> Message-ID: <47FE5193.9060606@wesmo.com> Rich West wrote: > Mike Kercher wrote: > >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rich >> West >> Sent: Thursday, April 10, 2008 10:18 AM >> To: MailScanner discussion >> Subject: Re: MailScanner + Sendmail = stuck mail? >> >> Julian Field wrote: >> >> >>> Rich West wrote: >>> >>> >>>> Mike Kercher wrote: >>>> >>>> >>>> >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>>> Rich West >>>>> Sent: Wednesday, April 09, 2008 12:44 PM >>>>> To: mailscanner@lists.mailscanner.info >>>>> Subject: MailScanner + Sendmail = "user unknown" >>>>> >>>>> I've inherited a MailScanner setup that is pretty questionable (from >>>>> >>>>> >> >> >>>>> a security standpoint), and I'm rebuilding the box from scratch. >>>>> I've gotten everything installed (CentOS, clamav, SA, MailScanner, >>>>> Sendmail) to have the system act as a relay to an exchange backend. >>>>> >>>>> Oddly, it does not seem to be picking up the messages that are being >>>>> >>>>> >> >> >>>>> left in /var/spool/mqueue.in. I see the messages being deposited >>>>> there, but they don't seem to be acted upon. Is there, perhaps, >>>>> setting that I might have missed/glossed over that is obvious? >>>>> >>>>> >>>>> >>> Don't need to touch your sendmail config at all when installing >>> MailScanner. >>> >>> >> Ahh.. ok.. that's what I was looking for. >> >> Reverting the sendmail configuration back to a null client, it happily >> sends email back to the exchange server farm. From there, if I stop >> sendmail and start up MailScanner (with it starting up sendmail), email >> passes right through to the exchange server as if MailScanner never >> touched it. >> >> Watching the MailScanner --debug output, all I see is: >> /usr/sbin/MailScanner --debug >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> Building a message batch to scan... >> >> And /var/log/maillog shows: >> root 24494 1 0 09:53 ? 00:00:00 sendmail: accepting >> connections >> smmsp 24500 1 0 09:53 ? 00:00:00 sendmail: Queue >> runner@00:15:00 for /var/spool/clientmqueue >> root 24507 1 0 09:53 ? 00:00:00 sendmail: Queue >> runner@00:15:00 for /var/spool/mqueue >> smmsp 25062 25058 0 11:01 ? 00:00:00 /usr/sbin/sendmail >> -FCronDaemon -i -odi -oem -oi -t >> >> Interesting since my inbound queue is set to /var/spool/mqueue.in and >> outbound queue is set to /var/spool/mqueue... >> >> -Rich >> -- >> >> This is the output of ps, not the maillog. We need to see the maillog >> to see what may or may not be happening. >> >> Mike >> >> > > Ooops.. it's here: > pr 10 11:26:30 mail-gw-new MailScanner[25608]: MailScanner E-Mail Virus > Scanner version 4.68.8 starting... > Apr 10 11:26:30 mail-gw-new MailScanner[25608]: Read 817 hostnames from > the phishing whitelist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 6241 hostnames from > the phishing blacklist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom > init function SQLBlacklist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Blacklist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 blacklist entries > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom > init function MailWatchLogging > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Config: calling custom > init function SQLWhitelist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Starting up SQL Whitelist > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: Read 0 whitelist entries > Apr 10 11:26:31 mail-gw-new MailScanner[25608]: SpamAssassin temporary > working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Apr 10 11:26:32 mail-gw-new MailScanner[25600]: Using locktype = posix > Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Using SpamAssassin > results cache > Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Connected to > SpamAssassin cache database > Apr 10 11:26:33 mail-gw-new MailScanner[25608]: Enabling SpamAssassin > auto-whitelist functionality... > Apr 10 11:26:35 mail-gw-new MailScanner[25611]: MailScanner E-Mail Virus > Scanner version 4.68.8 starting... > Apr 10 11:26:35 mail-gw-new MailScanner[25611]: Read 817 hostnames from > the phishing whitelist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 6241 hostnames from > the phishing blacklist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom > init function SQLBlacklist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Blacklist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 blacklist entries > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom > init function MailWatchLogging > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Config: calling custom > init function SQLWhitelist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Starting up SQL Whitelist > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: Read 0 whitelist entries > Apr 10 11:26:36 mail-gw-new MailScanner[25611]: SpamAssassin temporary > working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Apr 10 11:26:37 mail-gw-new MailScanner[25608]: Using locktype = posix > Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Using SpamAssassin > results cache > Apr 10 11:26:38 mail-gw-new MailScanner[25611]: Connected to > SpamAssassin cache database > Apr 10 11:26:39 mail-gw-new MailScanner[25611]: Enabling SpamAssassin > auto-whitelist functionality... > Apr 10 11:26:43 mail-gw-new MailScanner[25611]: Using locktype = posix > Apr 10 11:56:53 mail-gw-new sendmail[25677]: m3AFurMN025677: from=root, > size=41, class=0, nrcpts=1, > msgid=<200804101556.m3AFurMN025677@mail-gw-new.mydomain.com>, > relay=root@localhost > Apr 10 11:56:53 mail-gw-new sendmail[25680]: m3AFurnW025680: > from=, size=343, class=0, nrcpts=1, > msgid=<200804101556.m3AFurMN025677@mail-gw-new.mydomain.com>, > proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] > Apr 10 11:56:54 mail-gw-new sendmail[25680]: m3AFurnW025680: > to=, delay=00:00:01, xdelay=00:00:01, mailer=relay, > pri=30343, relay=chadcex004.chahq.local. [192.168.8.34], dsn=2.0.0, > stat=Sent ( <200804101556.m3AFurMN025677@mail-gw-new.mydomain.com> > Queued mail for delivery) > Apr 10 11:56:54 mail-gw-new sendmail[25677]: m3AFurMN025677: > to=rwest@mydomain.com, ctladdr=root (0/0), delay=00:00:01, > xdelay=00:00:01, mailer=relay, pri=30041, relay=[127.0.0.1] [127.0.0.1], > dsn=2.0.0, stat=Sent (m3AFurnW025680 Message accepted for delivery) > > > > I just nuked the sendmail install and re-installed the CentOS RPM to see if that made any difference. The only configuration change I made was to update mailertable and relay-domains (in an attempt to keep it as vanilla as possible). Now, the messages just get dropped in to the mqueue.in directory and they sit there. It doesn't look as if MailScanner is even touching them.. Wait.. wait.. wait.. Stupidity alert. The permissions on the spool directory were good, but the individual spool items (as they were getting created by the sendmail process) were owned and readable ONLY by root, and since I had the "Run As User" set to "smmsp" in MailScanner.conf, MailScanner couldn't read it. Once I fixed that, email started flowing through. :) I knew it was something simple (and stupid) that I must have been doing incorrectly. Thanks for all of the great input! -Rich From dnsadmin at 1bigthink.com Thu Apr 10 18:38:31 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Thu Apr 10 18:45:00 2008 Subject: Upgraded to 4.68.8.. Is this okay? Message-ID: <200804101738.m3AHccT7020135@mxt.1bigthink.com> Hello All, Prior to this, I did OS updates CentOS 5.x. Tested OS and MailScanner prior to MailScanner upgrade. Just upgraded from 4.65.3-1 to 4.68.8-1. Got these errors: # The libraries needed for IPv6 support have been found # Now we establish if we can bind to ::1 # # # Failed to bind to ::1 # Address family not supported by protocol # # We assume there is no IPv6 connectivity and skip the tests # Couldn't create TCP socket: Address family not supported by protocol at /usr/src/redhat/BUILD/Net-DNS-0.63/blib/lib/Net/DNS/Nameserver.pm line 93 Net::DNS::Nameserver::new('Net::DNS::Nameserver', 'LocalAddr', 'ARRAY(0x9a4fe10)', 'LocalPort', 5363, 'ReplyHandler', 'CODE(0x9a4fe58)', 'Verbose', 1, ...) called at t/11-inet6.t line 197 Couldn't create UDP socket: Address family not supported by protocol at /usr/src/redhat/BUILD/Net-DNS-0.63/blib/lib/Net/DNS/Nameserver.pm line 112 Net::DNS::Nameserver::new('Net::DNS::Nameserver', 'LocalAddr', 'ARRAY(0x9a4fe10)', 'LocalPort', 5363, 'ReplyHandler', 'CODE(0x9a4fe58)', 'Verbose', 1, ...) called at t/11-inet6.t line 197 # Failed test 'nameserver object created on IPv6 ::1' # at t/11-inet6.t line 205. # Looks like you failed 1 test of 12. t/11-inet6.................dubious Test returned status 1 (wstat 256, 0x100) DIED. FAILED test 12 Failed 1/12 tests, 91.67% okay (less 10 skipped tests: 1 okay, 8.33%) t/12-compression...........ok 1/5 123456789112345678921234567893123456789412345678951234567896123... truncated to 63 octets (RFC1035 2.3.1) at t/12-compression.t line 56 t/12-compression...........ok Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/11-inet6.t 1 256 12 2 16.67% 12 3 tests and 13 subtests skipped. Failed 1/25 test scripts, 96.00% okay. 1/1348 subtests failed, 99.93% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.26373 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.26373 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-Net-DNS-0.63-1.noarch.rpm. Maybe it did not build correctly? I installed perl-Net-DNS after the fact. Is that okay, or should I rebuild? Thanks, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Apr 10 19:15:00 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 10 19:15:37 2008 Subject: private IPs listed in RBL In-Reply-To: <13759631.1151207847413951.JavaMail.root@mail.lctn.org> References: <47FE4584.7010102@gmail.com> <13759631.1151207847413951.JavaMail.root@mail.lctn.org> Message-ID: <223f97700804101115m5516f634i43278a4be3a11ee0@mail.gmail.com> On 10/04/2008, admin@lctn.org wrote: > Typically, in your /etc/mail/sendmail.mc or /etc/mail/sendmail.cf file - or > if you are using a split queue, could be in /etc/mail/sendmail_in.mc or > /etc/mail/sendmail_in.cf. For example, from my /etc/mail/sendmail_in.mc > file: > > FEATURE(`enhdnsbl', `cbl.abuseat.org',`"Rejected: " $&{client_addr} " > blocked by RBL - see http://cbl.abuseat.org/lookup.cgi?ip=" > $&{client_addr} > "&.submit=Lookup."')dnl > > Clarification... > > > Mailscanner on the mail server is marking everything as spam, indicating > private IPs are listed in an RBL. > ... So what Spam Lists do youuse in MailScanner then? Not ORDB...? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From admin at lctn.org Thu Apr 10 20:12:19 2008 From: admin at lctn.org (admin@lctn.org) Date: Thu Apr 10 20:13:01 2008 Subject: private IPs listed in RBL In-Reply-To: <223f97700804101115m5516f634i43278a4be3a11ee0@mail.gmail.com> Message-ID: <10325766.1241207854739683.JavaMail.root@mail.lctn.org> ... So what Spam Lists do youuse in MailScanner then? Not ORDB...? Been a long time since I looked, but it was set to ORDB-RBL SBL+XBL. I have since disabled that line. It had been working for a many months without any noticible problems. Not sure what occured to cause the problem. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080410/462074fc/attachment.html From MailScanner at ecs.soton.ac.uk Thu Apr 10 20:12:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 20:13:19 2008 Subject: Upgraded to 4.68.8.. Is this okay? In-Reply-To: <200804101738.m3AHccT7020135@mxt.1bigthink.com> References: <200804101738.m3AHccT7020135@mxt.1bigthink.com> Message-ID: <47FE66A6.5080509@ecs.soton.ac.uk> dnsadmin 1bigthink.com wrote: > Hello All, > > Prior to this, I did OS updates CentOS 5.x. Tested OS and MailScanner > prior to MailScanner upgrade. Just upgraded from 4.65.3-1 to 4.68.8-1. > > Got these errors: > > # The libraries needed for IPv6 support have been found > # Now we establish if we can bind to ::1 > # > # > # Failed to bind to ::1 > # Address family not supported by protocol > # > # We assume there is no IPv6 connectivity and skip the > tests > # > Couldn't create TCP socket: Address family not supported by protocol > at /usr/src/redhat/BUILD/Net-DNS-0.63/blib/lib/Net/DNS/Nameserver.pm > line 93 > Net::DNS::Nameserver::new('Net::DNS::Nameserver', 'LocalAddr', > 'ARRAY(0x9a4fe10)', 'LocalPort', 5363, 'ReplyHandler', > 'CODE(0x9a4fe58)', 'Verbose', 1, ...) called at t/11-inet6.t line 197 > Couldn't create UDP socket: Address family not supported by protocol > at /usr/src/redhat/BUILD/Net-DNS-0.63/blib/lib/Net/DNS/Nameserver.pm > line 112 > Net::DNS::Nameserver::new('Net::DNS::Nameserver', 'LocalAddr', > 'ARRAY(0x9a4fe10)', 'LocalPort', 5363, 'ReplyHandler', > 'CODE(0x9a4fe58)', 'Verbose', 1, ...) called at t/11-inet6.t line 197 > > # Failed test 'nameserver object created on IPv6 ::1' > # at t/11-inet6.t line 205. > # Looks like you failed 1 test of 12. > t/11-inet6.................dubious > Test returned status 1 (wstat 256, 0x100) > DIED. FAILED test 12 > Failed 1/12 tests, 91.67% okay (less 10 skipped tests: 1 okay, > 8.33%) > t/12-compression...........ok 1/5 > 123456789112345678921234567893123456789412345678951234567896123... > truncated to 63 octets (RFC1035 2.3.1) at t/12-compression.t line 56 > t/12-compression...........ok > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > > t/11-inet6.t 1 256 12 2 16.67% 12 > 3 tests and 13 subtests skipped. > Failed 1/25 test scripts, 96.00% okay. 1/1348 subtests failed, 99.93% > okay. > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.26373 (%build) > > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.26373 (%build) > > > > Missing file /usr/src/redhat/RPMS/noarch/perl-Net-DNS-0.63-1.noarch.rpm. > Maybe it did not build correctly? > > > I installed perl-Net-DNS after the fact. Is that okay, or should I > rebuild? That should be fine. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Thu Apr 10 20:25:16 2008 From: alex at nkpanama.com (Alex Neuman) Date: Thu Apr 10 20:26:34 2008 Subject: private IPs listed in RBL In-Reply-To: <10325766.1241207854739683.JavaMail.root@mail.lctn.org> References: <10325766.1241207854739683.JavaMail.root@mail.lctn.org> Message-ID: It's probably a "read error". As in "didn't read the notice years ago the ORDB list was going offline". :D On Apr 10, 2008, at 2:12 PM, admin@lctn.org wrote: > Not sure what occured to cause the problem. From wilson.galafassi at gmail.com Thu Apr 10 20:32:19 2008 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Thu Apr 10 20:32:55 2008 Subject: block attachments Message-ID: <47fe6b42.070fc00a.68da.153c@mx.google.com> Hello to all. I need to block attachments for almost all users. I only need to permit ti RECEIVE attachments for some users (admin, etc). All users can send attachments. How i can configure this? Thanks, Wilson From admin at lctn.org Thu Apr 10 20:55:11 2008 From: admin at lctn.org (admin@lctn.org) Date: Thu Apr 10 20:55:52 2008 Subject: private IPs listed in RBL In-Reply-To: Message-ID: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> ----- "Alex Neuman" wrote: It's probably a "read error". As in "didn't read the notice years ago the ORDB list was going offline". :D Cute, but doesn't explain why all my private IPs are marked as being in an RBL. -- Raymond Norton LCTN -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080410/2f0dd955/attachment.html From pascal.maes at elec.ucl.ac.be Thu Apr 10 20:55:35 2008 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Apr 10 20:56:13 2008 Subject: Spam Actions & forward Message-ID: <1583CCFF-EF06-4CF8-AB44-6185260F20C3@elec.ucl.ac.be> Hello, I would like to send all the spam coming from our domain to a special address. In MailScanner.conf, I have Spam Actions = %rules-dir%/spam_actions.rules and in spam_actions.rules, I put : From: 130.104. deliver header "X-SGSI-Spam- Status: Yes" forward Spam-Warn@uclouvain.be From: *@*.ucl.ac.be deliver header "X-SGSI-Spam- Status: Yes" forward Spam-Warn@uclouvain.be From: *@uclouvain.be deliver header "X-SGSI-Spam- Status: Yes" forward Spam-Warn@uclouvain.be From: *@*.uclouvain.be deliver header "X-SGSI-Spam- Status: Yes" forward Spam-Warn@uclouvain.be But when I send an email with a lot of "special words", the mail is well treated as spam but it is not send to the forward address. What's wrong ? Thanks -- Pascal From shuttlebox at gmail.com Thu Apr 10 21:02:27 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Apr 10 21:03:01 2008 Subject: private IPs listed in RBL In-Reply-To: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> References: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> Message-ID: <625385e30804101302h7f182d3r6f3371015a1f2fa4@mail.gmail.com> On Thu, Apr 10, 2008 at 9:55 PM, wrote: > > ----- "Alex Neuman" wrote: > It's probably a "read error". As in "didn't read the notice years ago > the ORDB list was going offline". :D > > Cute, but doesn't explain why all my private IPs are marked as being in an > RBL. http://it.slashdot.org/article.pl?sid=08/03/25/2124224&from=rss -- /peter From richard.frovarp at sendit.nodak.edu Thu Apr 10 21:05:27 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Apr 10 21:06:02 2008 Subject: private IPs listed in RBL In-Reply-To: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> References: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> Message-ID: <47FE7307.9070104@sendit.nodak.edu> admin@lctn.org wrote: > > ----- "Alex Neuman" wrote: > It's probably a "read error". As in "didn't read the notice years ago > the ORDB list was going offline". :D > > Cute, but doesn't explain why all my private IPs are marked as being > in an RBL. > > -- > Raymond Norton > LCTN > > Because to wake people up to stop using the list, they are returning true for every IP, including private IPs. From Pascal.Maes at elec.ucl.ac.be Thu Apr 10 21:06:37 2008 From: Pascal.Maes at elec.ucl.ac.be (Pascal Maes) Date: Thu Apr 10 21:06:50 2008 Subject: Spam Actions & forward Message-ID: Hello, > I would like to send all the spam coming from our domain to a > special address. > > In MailScanner.conf, I have > > Spam Actions = %rules-dir%/spam_actions.rules > > and in spam_actions.rules, I put : > > From: 130.104. deliver header "X-SGSI-Spam- > Status: Yes" forward Spam-Warn@uclouvain.be > From: *@*.ucl.ac.be deliver header "X-SGSI-Spam- > Status: Yes" forward Spam-Warn@uclouvain.be > From: *@uclouvain.be deliver header "X-SGSI-Spam- > Status: Yes" forward Spam-Warn@uclouvain.be > From: *@*.uclouvain.be deliver header "X-SGSI-Spam- > Status: Yes" forward Spam-Warn@uclouvain.be > > > But when I send an email with a lot of "special words", the mail is > well treated as spam but it is not send to the forward address. > > What's wrong ? > In the logfile, I see : Apr 10 22:03:46 smtp-1 MailScanner[2393]: Spam Actions: message 709FAE89FC.582DC actions are spam- warn@uclouvain.be,forward,deliver,header Thanks -- Pascal From alex at nkpanama.com Thu Apr 10 21:09:33 2008 From: alex at nkpanama.com (Alex Neuman) Date: Thu Apr 10 21:10:22 2008 Subject: private IPs listed in RBL In-Reply-To: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> References: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> Message-ID: <4D65FE6F-1376-4EDE-A121-1853005B0B91@nkpanama.com> No, but the chatter this past few weeks on the list does. A quick google search will probably do the same. The point is that some of us found out ORDB went offline after it started reporting ALL IP addresses as SPAM. It taught us to keep up with the mailing list for every one of the different pieces of software installed on our servers in order to "see the next problem coming". On Apr 10, 2008, at 2:55 PM, admin@lctn.org wrote: > Cute, but doesn't explain why all my private IPs are marked as being > in an RBL. From MailScanner at ecs.soton.ac.uk Thu Apr 10 21:09:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 21:10:30 2008 Subject: private IPs listed in RBL In-Reply-To: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> References: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> Message-ID: <47FE740B.3050804@ecs.soton.ac.uk> admin@lctn.org wrote: > > ----- "Alex Neuman" wrote: > It's probably a "read error". As in "didn't read the notice years ago > the ORDB list was going offline". :D > > Cute, but doesn't explain why all my private IPs are marked as being > in an RBL. Have you tried testing the questionaly IP addresses against RBL membership at www.dnsstuff.com? The other simple option is to use a ruleset to stop MailScanner doing "Spam List" tests on mail coming from the private IP addresses you use. A 1-line ruleset would probably do the trick. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ecasarero at gmail.com Thu Apr 10 21:12:25 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Apr 10 21:13:00 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: <2baac6140803132105q47c6fb70pd80c482182222462@mail.gmail.com> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD5AD6.4010703@kettle.org.uk> <47CD6442.2020700@ecs.soton.ac.uk> <47CDAF24.4060304@kettle.org.uk> <47CEE139.1060509@kettle.org.uk> <47CEF46E.5030406@ecs.soton.ac.uk> <47CEFD4E.2020105@kettle.org.uk> <2baac6140803132105q47c6fb70pd80c482182222462@mail.gmail.com> Message-ID: <7d9b3cf20804101312o60856999y774e789442284cb6@mail.gmail.com> I've upgraded 10 servers to this MS version, and in 1 server i had this issue. I imported a MailScanner.conf form another box with the same SO and MS Ver and the diff between MailScanner.conf shows this. 107c107 < Max Children = 12 --- > Max Children = 7 175c175 < Restart Every = 7200 --- > Restart Every = 14400 762c762 < ClamAV Full Message Scan = no --- > ClamAV Full Message Scan = yes 1288c1288 < Include Scores In SpamAssassin Report = yes --- > Include Scores In SpamAssassin Report = no 1387c1387 < Notify Senders = no --- > Notify Senders = yes 1510c1510 < Size Subject Text = [*Size*] --- > Size Subject Text = {Size} 1784c1784 < Max Spam Check Size = 150000 --- > Max Spam Check Size = 250000 2358c2358 < SpamAssassin Local State Dir = # /var/lib --- > SpamAssassin Local State Dir = # /var/lib/spamassassin 2481c2481 < Debug SpamAssassin = yes --- > Debug SpamAssassin = no On Fri, Mar 14, 2008 at 1:05 AM, Devon Harding wrote: > > > > > > > i too was very surprised but that is what happened. first time i've had > > any issue with the upgrade and I've been using it for years. just bad > > look i guess. > > Same thing here. I've tried 4.68 with no success. Still 100% MailScanner: > extracting attachments > > What else can I do? > > -Devon I've upgraded 10 servers to this MS version, and in 1 server i had this issue. I imported a MailScanner.conf form another box with the same SO and MS Ver and the diff between MailScanner.conf shows this. Could any of this options generate this behaviour? '>' shows the conf that is really working. 107c107 < Max Children = 12 --- > Max Children = 7 175c175 < Restart Every = 7200 --- > Restart Every = 14400 762c762 < ClamAV Full Message Scan = no --- > ClamAV Full Message Scan = yes 1288c1288 < Include Scores In SpamAssassin Report = yes --- > Include Scores In SpamAssassin Report = no 1387c1387 < Notify Senders = no --- > Notify Senders = yes 1510c1510 < Size Subject Text = [*Size*] --- > Size Subject Text = {Size} 1784c1784 < Max Spam Check Size = 150000 --- > Max Spam Check Size = 250000 2358c2358 < SpamAssassin Local State Dir = # /var/lib --- > SpamAssassin Local State Dir = # /var/lib/spamassassin 2481c2481 < Debug SpamAssassin = yes --- > Debug SpamAssassin = no > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From admin at lctn.org Thu Apr 10 21:33:04 2008 From: admin at lctn.org (admin@lctn.org) Date: Thu Apr 10 21:33:45 2008 Subject: private IPs listed in RBL In-Reply-To: <18359102.1381207859299017.JavaMail.root@mail.lctn.org> Message-ID: <25582253.1401207859584707.JavaMail.root@mail.lctn.org> Because to wake people up to stop using the list, they are returning true for every IP, including private IPs. OK.. I have seen the light:) Until today, I wasn't even aware the lists where being used. Man... a guy can't even be snide, and be right at the same time:) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080410/3269e10b/attachment.html From MailScanner at ecs.soton.ac.uk Thu Apr 10 21:58:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 21:59:43 2008 Subject: Spam Actions & forward In-Reply-To: <1583CCFF-EF06-4CF8-AB44-6185260F20C3@elec.ucl.ac.be> References: <1583CCFF-EF06-4CF8-AB44-6185260F20C3@elec.ucl.ac.be> Message-ID: <47FE7F93.9050808@ecs.soton.ac.uk> What does your maillog say when it processes this message? Make sure all the "Log..." settings in MailScanner.conf are switched on. I have just tested this, and it is working fine. One thing though: are you sure the message is triggering your "Spam Actions" and not your "High Scoring Spam Actions"? I just fell into the same trap myself, while testing this setup to see if the code works or not. Pascal Maes wrote: > Hello, > > I would like to send all the spam coming from our domain to a special > address. > > In MailScanner.conf, I have > > Spam Actions = %rules-dir%/spam_actions.rules > > and in spam_actions.rules, I put : > > From: 130.104. deliver header > "X-SGSI-Spam-Status: Yes" forward Spam-Warn@uclouvain.be > From: *@*.ucl.ac.be deliver header > "X-SGSI-Spam-Status: Yes" forward Spam-Warn@uclouvain.be > From: *@uclouvain.be deliver header > "X-SGSI-Spam-Status: Yes" forward Spam-Warn@uclouvain.be > From: *@*.uclouvain.be deliver header > "X-SGSI-Spam-Status: Yes" forward Spam-Warn@uclouvain.be > > > But when I send an email with a lot of "special words", the mail is > well treated as spam but it is not send to the forward address. > > What's wrong ? > > Thanks > -- > Pascal > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 10 22:06:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 10 22:06:38 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: <7d9b3cf20804101312o60856999y774e789442284cb6@mail.gmail.com> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD5AD6.4010703@kettle.org.uk> <47CD6442.2020700@ecs.soton.ac.uk> <47CDAF24.4060304@kettle.org.uk> <47CEE139.1060509@kettle.org.uk> <47CEF46E.5030406@ecs.soton.ac.uk> <47CEFD4E.2020105@kettle.org.uk> <2baac6140803132105q47c6fb70pd80c482182222462@mail.gmail.com> <7d9b3cf20804101312o60856999y774e789442284cb6@mail.gmail.com> Message-ID: <47FE814F.4030408@ecs.soton.ac.uk> Eduardo Casarero wrote: > I've upgraded 10 servers to this MS version, and in 1 server i had > this issue. I imported a MailScanner.conf form another box with the > same SO and MS Ver and the diff between MailScanner.conf shows this. > > 107c107 > < Max Children = 12 > --- > >> Max Children = 7 >> That's quite a difference. Make sure the one set to 12 isn't running out of RAM. > 175c175 > < Restart Every = 7200 > --- > >> Restart Every = 14400 >> > 762c762 > < ClamAV Full Message Scan = no > --- > >> ClamAV Full Message Scan = yes >> What virus scanners are you using? If you're not using ClamAV then this should be set to no. > 1288c1288 > < Include Scores In SpamAssassin Report = yes > --- > >> Include Scores In SpamAssassin Report = no >> > 1387c1387 > < Notify Senders = no > --- > >> Notify Senders = yes >> > 1510c1510 > < Size Subject Text = [*Size*] > --- > >> Size Subject Text = {Size} >> > 1784c1784 > < Max Spam Check Size = 150000 > --- > >> Max Spam Check Size = 250000 >> > 2358c2358 > < SpamAssassin Local State Dir = # /var/lib > --- > >> SpamAssassin Local State Dir = # /var/lib/spamassassin >> > 2481c2481 > < Debug SpamAssassin = yes > --- > >> Debug SpamAssassin = no >> This should never be "yes" when in normal production mode. Only ever set it from the command-line when you're debugging something. > > > On Fri, Mar 14, 2008 at 1:05 AM, Devon Harding wrote: > >>> i too was very surprised but that is what happened. first time i've had >>> any issue with the upgrade and I've been using it for years. just bad >>> look i guess. >>> >> Same thing here. I've tried 4.68 with no success. Still 100% MailScanner: >> extracting attachments >> >> What else can I do? >> >> -Devon >> > > I've upgraded 10 servers to this MS version, and in 1 server i had > this issue. I imported a MailScanner.conf form another box with the > same SO and MS Ver and the diff between MailScanner.conf shows this. > > Could any of this options generate this behaviour? > > '>' shows the conf that is really working. > > 107c107 > < Max Children = 12 > --- > >> Max Children = 7 >> > 175c175 > < Restart Every = 7200 > --- > >> Restart Every = 14400 >> > 762c762 > < ClamAV Full Message Scan = no > --- > >> ClamAV Full Message Scan = yes >> > 1288c1288 > < Include Scores In SpamAssassin Report = yes > --- > >> Include Scores In SpamAssassin Report = no >> > 1387c1387 > < Notify Senders = no > --- > >> Notify Senders = yes >> > 1510c1510 > < Size Subject Text = [*Size*] > --- > >> Size Subject Text = {Size} >> > 1784c1784 > < Max Spam Check Size = 150000 > --- > >> Max Spam Check Size = 250000 >> > 2358c2358 > < SpamAssassin Local State Dir = # /var/lib > --- > >> SpamAssassin Local State Dir = # /var/lib/spamassassin >> > 2481c2481 > < Debug SpamAssassin = yes > --- > >> Debug SpamAssassin = no >> > > >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Fri Apr 11 00:11:05 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Apr 11 00:11:50 2008 Subject: block attachments In-Reply-To: <47fe6b42.070fc00a.68da.153c@mx.google.com> References: <47fe6b42.070fc00a.68da.153c@mx.google.com> Message-ID: <47FE9E89.2080703@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wilson A. Galafassi Jr. wrote: | I need to block attachments for almost all users. I only need to permit ti | RECEIVE attachments for some users (admin, etc). All users can send | attachments. | | How i can configure this? What have you read about this? What have you tried? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH/p6IBvzDRVjxmYERAjdWAJ4/gJpw5HRTqIZymLwJnl7uuWEtqACfRvXU qsJHKD6Rf0AJXt6XGPVv5n0= =CL2B -----END PGP SIGNATURE----- From pascal.maes at elec.ucl.ac.be Fri Apr 11 07:20:40 2008 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Fri Apr 11 07:20:55 2008 Subject: Spam Actions & forward In-Reply-To: <47FE7F93.9050808@ecs.soton.ac.uk> References: <1583CCFF-EF06-4CF8-AB44-6185260F20C3@elec.ucl.ac.be> <47FE7F93.9050808@ecs.soton.ac.uk> Message-ID: Le 10-avr.-08 ? 22:58, Julian Field a ?crit : > What does your maillog say when it processes this message? Make sure > all the "Log..." settings in MailScanner.conf are switched on. > I have just tested this, and it is working fine. > One thing though: are you sure the message is triggering your "Spam > Actions" and not your "High Scoring Spam Actions"? I just fell into > the same trap myself, while testing this setup to see if the code > works or not. > I have the same setting for both actions : Spam Actions = %rules-dir%/spam_actions.rules High Scoring Spam Actions = %rules-dir%/spam_actions.rules In the maillog, I have Apr 10 21:47:55 smtp-1 MailScanner[2517]: Message 1E3F9E9A36.DF30E from 130.104.236.3 (mp@amd-1-1.elec.ucl.ac.be) to uclouvain.be is polluriel, SpamAssassin (cached, score=38.674, requis 5, autolearn=spam, ALL_TRUSTED -1.80, BAYES_40 -0.58, DIET_1 0.08, HOHOHO 5.00, SARE_ADLTSUB2 1.23, SARE_ADULT2 1.42, SARE_SUB_MULTI_PRN2 1.66, SARE_SUB_PENIS 1.67, SPECOF 5.00, SUBJ_COCK 5.00, SUBJ_FUCK 5.00, SUBJ_PENIS 5.00, WEIGHT1 5.00, WEIGHT2 5.00) Apr 10 21:47:55 smtp-1 MailScanner[2517]: Spam Checks: Found 1 spam messages Apr 10 21:47:56 smtp-1 MailScanner[2517]: Spam Actions: message 1E3F9E9A36.DF30E actions are spam- warn@uclouvain.be,forward,deliver,header I wonder why the string "forward spam-warn@uclouvain.be" is splitted, reverted and why there is a comma between the two terms > Pascal Maes wrote: >> Hello, >> >> I would like to send all the spam coming from our domain to a >> special address. >> >> In MailScanner.conf, I have >> >> Spam Actions = %rules-dir%/spam_actions.rules >> >> and in spam_actions.rules, I put : >> >> From: 130.104. deliver header "X-SGSI-Spam- >> Status: Yes" forward Spam-Warn@uclouvain.be >> From: *@*.ucl.ac.be deliver header "X-SGSI-Spam- >> Status: Yes" forward Spam-Warn@uclouvain.be >> From: *@uclouvain.be deliver header "X-SGSI-Spam- >> Status: Yes" forward Spam-Warn@uclouvain.be >> From: *@*.uclouvain.be deliver header "X-SGSI-Spam- >> Status: Yes" forward Spam-Warn@uclouvain.be >> >> >> But when I send an email with a lot of "special words", the mail is >> well treated as spam but it is not send to the forward address. >> >> What's wrong ? >> >> Thanks >> -- >> Pascal >> >> >> > > Jules > -- Pascal From garethm at synaq.com Fri Apr 11 08:40:49 2008 From: garethm at synaq.com (Gareth McCumskey) Date: Fri Apr 11 08:41:35 2008 Subject: MailScanner Custom Add On with PHP Message-ID: <47FF1601.5000204@synaq.com> I have searched the MAQ on the Mailscanner wiki and looked for info in the manual, etc. I am currently looking fo rmore information on creating custom add-ons for Mailscanner. Specifically I am looking at the possibility that a custom add on can be created with PHP. I am not even sure if MailScanner could pass data to a PHP script. Any help is appreciated. Thanks in advance Gareth From MailScanner at ecs.soton.ac.uk Fri Apr 11 09:07:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 11 09:08:03 2008 Subject: Spam Actions & forward In-Reply-To: References: <1583CCFF-EF06-4CF8-AB44-6185260F20C3@elec.ucl.ac.be> <47FE7F93.9050808@ecs.soton.ac.uk> Message-ID: <47FF1C34.5010007@ecs.soton.ac.uk> Pascal Maes wrote: > > Le 10-avr.-08 ? 22:58, Julian Field a ?crit : >> What does your maillog say when it processes this message? Make sure >> all the "Log..." settings in MailScanner.conf are switched on. >> I have just tested this, and it is working fine. >> One thing though: are you sure the message is triggering your "Spam >> Actions" and not your "High Scoring Spam Actions"? I just fell into >> the same trap myself, while testing this setup to see if the code >> works or not. >> > > I have the same setting for both actions : > > Spam Actions = %rules-dir%/spam_actions.rules > High Scoring Spam Actions = %rules-dir%/spam_actions.rules > > > In the maillog, I have > > > Apr 10 21:47:55 smtp-1 MailScanner[2517]: Message 1E3F9E9A36.DF30E > from 130.104.236.3 (mp@amd-1-1.elec.ucl.ac.be) to uclouvain.be is > polluriel, SpamAssassin (cached, score=38.674, requis 5, > autolearn=spam, ALL_TRUSTED -1.80, BAYES_40 -0.58, DIET_1 0.08, HOHOHO > 5.00, SARE_ADLTSUB2 1.23, SARE_ADULT2 1.42, SARE_SUB_MULTI_PRN2 1.66, > SARE_SUB_PENIS 1.67, SPECOF 5.00, SUBJ_COCK 5.00, SUBJ_FUCK 5.00, > SUBJ_PENIS 5.00, WEIGHT1 5.00, WEIGHT2 5.00) > > Apr 10 21:47:55 smtp-1 MailScanner[2517]: Spam Checks: Found 1 spam > messages > > Apr 10 21:47:56 smtp-1 MailScanner[2517]: Spam Actions: message > 1E3F9E9A36.DF30E actions are > spam-warn@uclouvain.be,forward,deliver,header > > > I wonder why the string "forward spam-warn@uclouvain.be" is splitted, > reverted and why there is a comma between the two terms It's the internal version once it has parsed it. It proves that it has got the actions correctly parsed. > >> Pascal Maes wrote: >>> Hello, >>> >>> I would like to send all the spam coming from our domain to a >>> special address. >>> >>> In MailScanner.conf, I have >>> >>> Spam Actions = %rules-dir%/spam_actions.rules >>> >>> and in spam_actions.rules, I put : >>> >>> From: 130.104. deliver header >>> "X-SGSI-Spam-Status: Yes" forward Spam-Warn@uclouvain.be >>> From: *@*.ucl.ac.be deliver header >>> "X-SGSI-Spam-Status: Yes" forward Spam-Warn@uclouvain.be >>> From: *@uclouvain.be deliver header >>> "X-SGSI-Spam-Status: Yes" forward Spam-Warn@uclouvain.be >>> From: *@*.uclouvain.be deliver header >>> "X-SGSI-Spam-Status: Yes" forward Spam-Warn@uclouvain.be >>> >>> >>> But when I send an email with a lot of "special words", the mail is >>> well treated as spam but it is not send to the forward address. >>> >>> What's wrong ? >>> >>> Thanks >>> -- >>> Pascal >>> >>> >>> >> >> Jules >> > > > -- > Pascal > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From philippe at beau.nom.fr Fri Apr 11 09:15:22 2008 From: philippe at beau.nom.fr (Philippe BEAU) Date: Fri Apr 11 09:15:58 2008 Subject: MailScanner problem Message-ID: <004701c89bac$30616ab0$91244010$@nom.fr> Hi Everybody, I upgraded to 4.68.8 and at first the upgrade_MailScanner_conf don't work (a lot of defunct). So I remake the configuration by hand. All is okay but when I put : MailWatch.pm in MailScanner.conf I have this error message and no message are scan and the queue is going on full . commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. Anyone have an idea ? Is this a mysql problem ? Is there a configuration change to do ? Regards Philippe, -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/8971b5ca/attachment.html From MailScanner at ecs.soton.ac.uk Fri Apr 11 09:19:08 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 11 09:19:25 2008 Subject: MailScanner Custom Add On with PHP In-Reply-To: <47FF1601.5000204@synaq.com> References: <47FF1601.5000204@synaq.com> Message-ID: <47FF1EFC.3080708@ecs.soton.ac.uk> Gareth McCumskey wrote: > I have searched the MAQ on the Mailscanner wiki and looked for info in > the manual, etc. I am currently looking fo rmore information on > creating custom add-ons for Mailscanner. Specifically I am looking at > the possibility that a custom add on can be created with PHP. I am not > even sure if MailScanner could pass data to a PHP script. The standard plug-in interface for MailScanner is Perl. However, there is no reason why it couldn't call a PHP script via command-line (ie system()). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From housey at sme-ecom.co.uk Fri Apr 11 09:23:57 2008 From: housey at sme-ecom.co.uk (Paul Houselander (SME)) Date: Fri Apr 11 09:26:47 2008 Subject: Backscatter & challenge response Message-ID: <002f01c89bad$63026d10$29074730$@co.uk> Hi In common with lots of people I've seen a massive increase in the amount of backscatter my domains are getting. I implemented watermarking which has helped a great deal. What I'm getting complaints about now are the mails coming in from annoying challenge response systems, the mails don't come from postmaster, <> etc... so the watermark does not get looked at. Just wondered if anyone had any bright ideals as to how to combat it? I've been looking at a selection I've been sent through this morning and there doesn't seem to be anything consistent about them and there not hitting many spamassasin rules. Cheers Paul From Kevin.Murphy at midland-ics.ie Fri Apr 11 10:25:58 2008 From: Kevin.Murphy at midland-ics.ie (Kevin MURPHY) Date: Fri Apr 11 10:21:48 2008 Subject: Backscatter & challenge response In-Reply-To: <002f01c89bad$63026d10$29074730$@co.uk> References: <002f01c89bad$63026d10$29074730$@co.uk> Message-ID: <15316.92.61.193.42.1207905958.squirrel@webmail.midland-ics.ie> Hi there, Sorry for jumping in on this - but wondered how you went about watermarking? I use Sendmail / MS Regards > Hi > > In common with lots of people I've seen a massive increase in the amount > of > backscatter my domains are getting. I implemented watermarking which has > helped a great deal. > > What I'm getting complaints about now are the mails coming in from > annoying > challenge response systems, the mails don't come from postmaster, <> > etc... > so the watermark does not get looked at. > > Just wondered if anyone had any bright ideals as to how to combat it? > > I've been looking at a selection I've been sent through this morning and > there doesn't seem to be anything consistent about them and there not > hitting many spamassasin rules. > > Cheers > > Paul > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. From test at remedial-teacher.nl Fri Apr 11 10:20:34 2008 From: test at remedial-teacher.nl (Test) Date: Fri Apr 11 10:23:09 2008 Subject: MailScanner problem In-Reply-To: <004701c89bac$30616ab0$91244010$@nom.fr> References: <004701c89bac$30616ab0$91244010$@nom.fr> Message-ID: <20080411111957.0C1A.EE63E960@remedial-teacher.nl> I have got the same "problem", if you comment the line (that is the actual commit) the message will not show up again... -- Test From housey at sme-ecom.co.uk Fri Apr 11 11:07:39 2008 From: housey at sme-ecom.co.uk (Paul Houselander (SME)) Date: Fri Apr 11 11:09:05 2008 Subject: Backscatter & challenge response {Scanned by Allteks Mailsafe} In-Reply-To: <15316.92.61.193.42.1207905958.squirrel@webmail.midland-ics.ie> References: <002f01c89bad$63026d10$29074730$@co.uk> <15316.92.61.193.42.1207905958.squirrel@webmail.midland-ics.ie> Message-ID: <007701c89bbb$dfce5490$9f6afdb0$@co.uk> If your domains outbound e-mail goes via servers you control/have ms running on them take a look in MailScanner.conf at the Watermarking section. I run ms for many domains not all send their outbound via me so I use rulesets to only add a watermark for certain domains and only check them for certain domains, has worked a treat, only problem is that some read receipts and out of office replies get incorrectly flagged, small price to pay to block all the rubbish I think! > > Hi there, > > Sorry for jumping in on this - but wondered how you went about > watermarking? I use Sendmail / MS > > Regards > > > Hi > > > > In common with lots of people I've seen a massive increase in the > amount > > of > > backscatter my domains are getting. I implemented watermarking which > has > > helped a great deal. > > > > What I'm getting complaints about now are the mails coming in from > > annoying > > challenge response systems, the mails don't come from postmaster, <> > > etc... > > so the watermark does not get looked at. > > > > Just wondered if anyone had any bright ideals as to how to combat it? > > > > I've been looking at a selection I've been sent through this morning > and > > there doesn't seem to be anything consistent about them and there not > > hitting many spamassasin rules. > > > > Cheers > > > > Paul > From edward.prendergast at netring.co.uk Fri Apr 11 11:50:38 2008 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Fri Apr 11 11:51:13 2008 Subject: Backscatter & challenge response {Scanned by Allteks Mailsafe} In-Reply-To: <007701c89bbb$dfce5490$9f6afdb0$@co.uk> References: <002f01c89bad$63026d10$29074730$@co.uk> <15316.92.61.193.42.1207905958.squirrel@webmail.midland-ics.ie> <007701c89bbb$dfce5490$9f6afdb0$@co.uk> Message-ID: <01f301c89bc1$e1f348b0$a5d9da10$@prendergast@netring.co.uk> You could take a look at SpamAssassin's VBounce - this identifies different kinds of bounce messages and it may specifically look out for challenge/response. If it does you could try hiking the score up but there is a high risk of losing legitimate challenge/response messages with this method. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander (SME) Sent: 11 April 2008 11:08 To: 'MailScanner discussion' Subject: RE: Backscatter & challenge response {Scanned by Allteks Mailsafe} If your domains outbound e-mail goes via servers you control/have ms running on them take a look in MailScanner.conf at the Watermarking section. I run ms for many domains not all send their outbound via me so I use rulesets to only add a watermark for certain domains and only check them for certain domains, has worked a treat, only problem is that some read receipts and out of office replies get incorrectly flagged, small price to pay to block all the rubbish I think! > > Hi there, > > Sorry for jumping in on this - but wondered how you went about > watermarking? I use Sendmail / MS > > Regards > > > Hi > > > > In common with lots of people I've seen a massive increase in the > amount > > of > > backscatter my domains are getting. I implemented watermarking which > has > > helped a great deal. > > > > What I'm getting complaints about now are the mails coming in from > > annoying > > challenge response systems, the mails don't come from postmaster, <> > > etc... > > so the watermark does not get looked at. > > > > Just wondered if anyone had any bright ideals as to how to combat it? > > > > I've been looking at a selection I've been sent through this morning > and > > there doesn't seem to be anything consistent about them and there not > > hitting many spamassasin rules. > > > > Cheers > > > > Paul > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ From glenn.steen at gmail.com Fri Apr 11 12:13:47 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 11 12:14:22 2008 Subject: MailScanner problem In-Reply-To: <20080411111957.0C1A.EE63E960@remedial-teacher.nl> References: <004701c89bac$30616ab0$91244010$@nom.fr> <20080411111957.0C1A.EE63E960@remedial-teacher.nl> Message-ID: <223f97700804110413m7f6cdadyb9e375919b7e05da@mail.gmail.com> On 11/04/2008, Test wrote: > I have got the same "problem", if you comment the line (that is the > actual commit) the message will not show up again... ... and the "problem" (that you use MailWatch with a MySQL database with autocommit set to on, where MailWatch cover all abses by having appropriate commit instructions where needed) is purely cosmetic. If it bothers you, and youi have no other app working with MySQL that need the autocommit set... you could just as well disable autocommitting;-). Apart from the semi-spurious warning there is no harmful effect of leaving things as is. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From pascal.maes at elec.ucl.ac.be Fri Apr 11 13:11:53 2008 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Fri Apr 11 13:12:33 2008 Subject: Spam Actions & forward (solved) In-Reply-To: <47FF1C34.5010007@ecs.soton.ac.uk> References: <1583CCFF-EF06-4CF8-AB44-6185260F20C3@elec.ucl.ac.be> <47FE7F93.9050808@ecs.soton.ac.uk> <47FF1C34.5010007@ecs.soton.ac.uk> Message-ID: Le 11-avr.-08 ? 10:07, Julian Field a ?crit : > > > Pascal Maes wrote: >> >> Le 10-avr.-08 ? 22:58, Julian Field a ?crit : >>> What does your maillog say when it processes this message? Make >>> sure all the "Log..." settings in MailScanner.conf are switched on. >>> I have just tested this, and it is working fine. >>> One thing though: are you sure the message is triggering your >>> "Spam Actions" and not your "High Scoring Spam Actions"? I just >>> fell into the same trap myself, while testing this setup to see if >>> the code works or not. >>> >> >> I have the same setting for both actions : >> >> Spam Actions = %rules-dir%/spam_actions.rules >> High Scoring Spam Actions = %rules-dir%/spam_actions.rules >> >> >> In the maillog, I have >> >> >> Apr 10 21:47:55 smtp-1 MailScanner[2517]: Message 1E3F9E9A36.DF30E >> from 130.104.236.3 (mp@amd-1-1.elec.ucl.ac.be) to uclouvain.be is >> polluriel, SpamAssassin (cached, score=38.674, requis 5, >> autolearn=spam, ALL_TRUSTED -1.80, BAYES_40 -0.58, DIET_1 0.08, >> HOHOHO 5.00, SARE_ADLTSUB2 1.23, SARE_ADULT2 1.42, >> SARE_SUB_MULTI_PRN2 1.66, SARE_SUB_PENIS 1.67, SPECOF 5.00, >> SUBJ_COCK 5.00, SUBJ_FUCK 5.00, SUBJ_PENIS 5.00, WEIGHT1 5.00, >> WEIGHT2 5.00) >> >> Apr 10 21:47:55 smtp-1 MailScanner[2517]: Spam Checks: Found 1 spam >> messages >> >> Apr 10 21:47:56 smtp-1 MailScanner[2517]: Spam Actions: message >> 1E3F9E9A36.DF30E actions are spam- >> warn@uclouvain.be,forward,deliver,header >> >> >> I wonder why the string "forward spam-warn@uclouvain.be" is >> splitted, reverted and why there is a comma between the two terms > It's the internal version once it has parsed it. It proves that it > has got the actions correctly parsed. >> As the forward was send to an adress which was an alias and due to our postfix installation, the mail can't be delivered. I have modified our configuration and now it works. Thanks -- Pascal From zeman at JULI.CZ Fri Apr 11 14:18:32 2008 From: zeman at JULI.CZ (Petr Zeman) Date: Fri Apr 11 14:19:29 2008 Subject: MailScanner process virus checking of messages marked as SPAM Message-ID: <47FF6528.2080907@juli.cz> Hello, i am using MailScanner 4.61.2 with SpamAssassin enabled and with 2 antivirus scanners (kaspersky and clamav). 90% of all e-mails is SPAM and server is heavy loaded. When i searching why, i found in log: Apr 11 14:17:40 mail MailScanner[4940]: New Batch: Scanning 1 messages, 1743 bytes Apr 11 14:17:40 mail MailScanner[4940]: Spam Checks: Starting Apr 11 14:17:46 mail MailScanner[4940]: Message m3BCHYfn006104 from 60.52.94.167 (pesseist_1980@1370wbtn.com) to juli.cz is spam, SpamAssassin (not cached, score=10.147, required 5, BAYES_99 3.50, DCC_CHECK 2.17, DIGEST_MULTIPLE 0.00, HTML_MESSAGE 0.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, URIBL_JP_SURBL 1.50, URIBL_SC_SURBL 0.47) Apr 11 14:17:46 mail MailScanner[4940]: Spam Checks: Found 1 spam messages Apr 11 14:17:46 mail MailScanner[4940]: Spam Actions: message m3BCHYfn006104 actions are store,header Apr 11 14:17:46 mail MailScanner[4940]: mailscanner@lists.mailscanner.info and Content Scanning: Starting Apr 11 14:17:53 mail MailScanner[4940]: Logging message m3BCHYfn006104 to SQL MailScanner process virus checking of messages marked as SPAM. Is possible disable this? Sorry for my bad english. -- Petr Zeman JULI Motorenwerk, s.r.o. organizace a informatika tel. 547 124 199 zeman@juli.cz From MailScanner at ecs.soton.ac.uk Fri Apr 11 14:54:31 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 11 14:55:18 2008 Subject: MailScanner process virus checking of messages marked as SPAM In-Reply-To: <47FF6528.2080907@juli.cz> References: <47FF6528.2080907@juli.cz> Message-ID: <47FF6D97.1030001@ecs.soton.ac.uk> What is your "Virus Scanners =" set to in MailScanner.conf? Virus scanning shouldn't add much to the load, it's a very quick process. I'm slightly concerned that yours is apparently taking as long as 7 seconds. Petr Zeman wrote: > Hello, > > i am using MailScanner 4.61.2 with SpamAssassin enabled and with 2 > antivirus scanners (kaspersky and clamav). 90% of all e-mails is SPAM > and server is heavy loaded. When i searching why, i found in log: > > Apr 11 14:17:40 mail MailScanner[4940]: New Batch: Scanning 1 > messages, 1743 bytes > Apr 11 14:17:40 mail MailScanner[4940]: Spam Checks: Starting > Apr 11 14:17:46 mail MailScanner[4940]: Message m3BCHYfn006104 from > 60.52.94.167 (pesseist_1980@1370wbtn.com) to juli.cz is spam, > SpamAssassin (not cached, score=10.147, required 5, BAYES_99 3.50, > DCC_CHECK 2.17, DIGEST_MULTIPLE 0.00, HTML_MESSAGE 0.00, > RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > RAZOR2_CHECK 0.50, URIBL_JP_SURBL 1.50, URIBL_SC_SURBL 0.47) > Apr 11 14:17:46 mail MailScanner[4940]: Spam Checks: Found 1 spam > messages > Apr 11 14:17:46 mail MailScanner[4940]: Spam Actions: message > m3BCHYfn006104 actions are store,header > Apr 11 14:17:46 mail MailScanner[4940]: > mailscanner@lists.mailscanner.info and Content Scanning: Starting > Apr 11 14:17:53 mail MailScanner[4940]: Logging message m3BCHYfn006104 > to SQL > > MailScanner process virus checking of messages marked as SPAM. Is > possible disable this? > > Sorry for my bad english. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From P.G.M.Peters at utwente.nl Fri Apr 11 15:02:20 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Fri Apr 11 15:03:28 2008 Subject: Exclude certain IP addresses from scanning. Message-ID: <47FF6F6C.3050508@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am trying to set up a rule that will make MS scan all messages to and from a number of domains, except when they come in from a certain system. In fact something like this: FromTo: *@utwente.nl AND From: 130.89.2.4 no FromTo: *@utwente.nl yes And those lines are needed for each domain/IP combination. Putting those IP addresses in a separate From: line does not seem to work because MS uses the FromTo: line with the domain. No matter if I put the IP-line first or last. BTW: default is no. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH/29relLo80lrIdIRAvqUAKCKS8np/aMVpL4YzH4vsFi80FFinwCbBxQn oOQeR81q3W9+Lc8+FeBLCJw= =bDU+ -----END PGP SIGNATURE----- From mkettler at evi-inc.com Fri Apr 11 15:06:11 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 11 15:06:57 2008 Subject: private IPs listed in RBL In-Reply-To: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> References: <27206703.1301207857311700.JavaMail.root@mail.lctn.org> Message-ID: <47FF7053.5080201@evi-inc.com> admin@lctn.org wrote: > > ----- "Alex Neuman" wrote: > It's probably a "read error". As in "didn't read the notice years ago > the ORDB list was going offline". :D > > Cute, but doesn't explain why all my private IPs are marked as being in > an RBL. *EVERYTHING* is marked in ORDB now. Absolutely every query will return a hit, no matter what IP it is. This is meant to draw your attention to the problem, so you'll disable the RBL. From hacking.in.progress at gmail.com Fri Apr 11 16:45:09 2008 From: hacking.in.progress at gmail.com (Ricardo Francis) Date: Fri Apr 11 16:45:45 2008 Subject: Rule to BCC recipients Message-ID: Hi list, I'm running MailScanner-4.67.6-1 + Sendmail 8.14.xx + ClamAV and it has been a great help to scan +200k mails. Due to the high rate of email to unknown users (~80%), I had to change the "Scan Messages" and "Virus Scanning" to rules file: I've created a list of email addresses based on passwd + aliases file to force scans on these email addresses only and, by default, the rest is not scanned because they're being redirected to /dev/null . The rule says: To: user@domain.com yes But email addresses in BCC are not checked at all. Let's say a message enters the system TO user unknown@domain.com and to validuser@domain.com in BCC. The message to unknown@domain.com is discarded and the one to validuser@domain.com is delivered with no scan at all because it did not match any rule to do it. My question is, is there any way to include the BCC addresses in those rules files? Thanks and congratulations for the best mail filter around. Ric. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/64ecc3c3/attachment.html From glenn.steen at gmail.com Fri Apr 11 16:49:44 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 11 16:50:21 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: <47FF6F6C.3050508@utwente.nl> References: <47FF6F6C.3050508@utwente.nl> Message-ID: <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> On 11/04/2008, Peter Peters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I am trying to set up a rule that will make MS scan all messages to and > from a number of domains, except when they come in from a certain system. > > In fact something like this: > > FromTo: *@utwente.nl AND From: 130.89.2.4 no > FromTo: *@utwente.nl yes FromOrTo:, not FromTo: ...:-) > And those lines are needed for each domain/IP combination. > > Putting those IP addresses in a separate From: line does not seem to > work because MS uses the FromTo: line with the domain. No matter if I > put the IP-line first or last. > > BTW: default is no. > Strange. How do you edit it? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ecasarero at gmail.com Fri Apr 11 17:19:10 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Apr 11 17:20:08 2008 Subject: Rule to BCC recipients In-Reply-To: References: Message-ID: <7d9b3cf20804110919k5e409ecdpdace918707cd3ba1@mail.gmail.com> use milter-ahead or so, at MTA level managing unknown users is much better! On Fri, Apr 11, 2008 at 12:45 PM, Ricardo Francis wrote: > Hi list, > > I'm running MailScanner-4.67.6-1 + Sendmail 8.14.xx + ClamAV and it has been > a great help to scan +200k mails. > > Due to the high rate of email to unknown users (~80%), I had to change the > "Scan Messages" and "Virus Scanning" to rules file: > > I've created a list of email addresses based on passwd + aliases file to > force scans on these email addresses only and, by default, the rest is not > scanned because they're being redirected to /dev/null . > > The rule says: > > To: user@domain.com yes > > But email addresses in BCC are not checked at all. > Let's say a message enters the system TO user unknown@domain.com and to > validuser@domain.com in BCC. The message to unknown@domain.com is discarded > and the one to validuser@domain.com is delivered with no scan at all because > it did not match any rule to do it. > > My question is, is there any way to include the BCC addresses in those rules > files? > > Thanks and congratulations for the best mail filter around. > Ric. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From test at remedial-teacher.nl Fri Apr 11 18:17:14 2008 From: test at remedial-teacher.nl (Test) Date: Fri Apr 11 18:23:13 2008 Subject: Releasing messages Message-ID: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> Is it possible to release a message from quarantine "as is" ? So that it is released in it's original form and the original From adres and not from postmaster ... -- Test From ssilva at sgvwater.com Fri Apr 11 18:42:58 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 11 18:43:49 2008 Subject: Spamassassin not detecting spam In-Reply-To: <948a6d890804100222t182eb5e0n6f7f84ba3b04f3f4@mail.gmail.com> References: <948a6d890804091135y4f6de66dn2c9cec8dead37f9@mail.gmail.com> <47FD126E.2010205@ecs.soton.ac.uk> <948a6d890804091433v5ed1a419ra588c40a1e5b0bdb@mail.gmail.com> <948a6d890804100027t12a518a8qa4c53e844fa94ec9@mail.gmail.com> <948a6d890804100222t182eb5e0n6f7f84ba3b04f3f4@mail.gmail.com> Message-ID: on 4-10-2008 2:22 AM George spake the following: > Hi, > > I think I've fixed this myself. I removed the latest SpamAssassin that > was installed using the installer from mailscanner.info and just > installed the older RPM one. > > It works now. > > THanks > > On Thu, Apr 10, 2008 at 10:27 AM, George wrote: >> Hi, >> >> I removed the FuzzyOCR plugin but now I get the same but without the >> FuzzyOCR errors. I guess it's not Fuzzy who is causing issues. >> >> Any help please? Or do I need to seek for help on the spamassassin list? >> >> Thanks >> >> When you installed Julian's spamassassin package, did you FIRST remove the RPM version? This will hose a system quickly because of the differences in the spamassassin installs. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/d04cab82/signature.bin From dominian at slackadelic.com Fri Apr 11 18:46:40 2008 From: dominian at slackadelic.com (Matt Hayes) Date: Fri Apr 11 18:47:32 2008 Subject: Releasing messages In-Reply-To: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> Message-ID: <47FFA400.1030308@slackadelic.com> Test wrote: > Is it possible to release a message from quarantine "as is" ? > > So that it is released in it's original form and the original From adres > and not from postmaster ... > > I think no matter what you do, in the mailwatch interface it will show as from postmaster, but the user sees the original Envelope as it was when originally received by the server. This is something I wanted to look into as well, but gave up as it doesn't seem possible :) -Matt From shuttlebox at gmail.com Fri Apr 11 18:47:33 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Apr 11 18:48:07 2008 Subject: Releasing messages In-Reply-To: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> Message-ID: <625385e30804111047u5c9c146axbc936fc30500f1fc@mail.gmail.com> On Fri, Apr 11, 2008 at 7:17 PM, Test wrote: > Is it possible to release a message from quarantine "as is" ? > > So that it is released in it's original form and the original From adres > and not from postmaster ... The messages are always quarantined "as is". -- /peter From Denis.Beauchemin at USherbrooke.ca Fri Apr 11 18:48:12 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 11 18:49:01 2008 Subject: Rule to BCC recipients In-Reply-To: References: Message-ID: <47FFA45C.9050908@USherbrooke.ca> Ricardo Francis a ?crit : > Hi list, > > I'm running MailScanner-4.67.6-1 + Sendmail 8.14.xx + ClamAV and it > has been a great help to scan +200k mails. > > Due to the high rate of email to unknown users (~80%), I had to change > the "Scan Messages" and "Virus Scanning" to rules file: > > I've created a list of email addresses based on passwd + aliases file > to force scans on these email addresses only and, by default, the rest > is not scanned because they're being redirected to /dev/null . > > The rule says: > > To: user@domain.com yes > > But email addresses in BCC are not checked at all. > Let's say a message enters the system TO user unknown@domain.com > and to validuser@domain.com > in BCC. The message to > unknown@domain.com is discarded and the > one to validuser@domain.com is delivered > with no scan at all because it did not match any rule to do it. > > My question is, is there any way to include the BCC addresses in those > rules files? > > Thanks and congratulations for the best mail filter around. > Ric. > Ricardo, You'll have to configure sendmail to split emails for many recipients into separate emails if you want to do this. The wiki will help you: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient&s=sendmail Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ssilva at sgvwater.com Fri Apr 11 18:46:19 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 11 18:50:15 2008 Subject: MailScanner with DomainKey In-Reply-To: <47FDA0B5.6070602@vanderkooij.org> References: <47FDA0B5.6070602@vanderkooij.org> Message-ID: on 4-9-2008 10:08 PM Hugo van der Kooij spake the following: > ishukor wrote: > | How to implement MailScanner with domainkey, DKIM, DKIMproxy or it > does`nt > | support it yet. > > Keep in mind that the majority of DKIM messages I have seen so far are > from ..... spammers. > > Hugo. > True. It only helps with some of the bot traffic. I have had to use it mostly with e-mails from our bank so they don't get treated as spam. Can't just whitelist the domain because of phishers. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/0aec19c9/signature.bin From davejones70 at gmail.com Fri Apr 11 18:42:32 2008 From: davejones70 at gmail.com (Dave Jones) Date: Fri Apr 11 18:50:25 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804111042v72f6269as5400465403dfca58@mail.gmail.com> Can someone post a sample of a working inline.sig.html? I am getting an email with the attached jpg file but it only shows an image box of 186 x 23 with no image inside it. Am I missing something in my html file that puts it inline within the body? *MailScanner.conf* Attach Image To Signature = yes Inline HTML Signature = %rules-dir%/inline-html-signature.rules Signature Image Filename = %rules-dir%/signature-image-filename.rules Signature Image Filename = signature.jpg *cat inline-html-signature.rules* From: me@mydomain.com %report-dir%/inline.oneteam.sig.html FromOrTo: default no *cat signature-image-filename.rules * From: me@mydomain.com %report-dir%/OneTeam.jpg FromOrTo: default no *cat inline.oneteam.sig.html* Dave Jones >Themba Ntleki wrote: >> Hi Guys, >> >> Is is possible to have a graphic(.jpg) within the inline signature in >> MS or something similar, I have tried adding some html code in the >> inline.sig.html file, but mail is sent without the graphic. >> Any Ideas? >Yes, perfectly possible. Read your MailScanner.conf file and you will find these. They are most useful with rulesets, so that you switch it on and off for different people, and choose different images for different people. My default HTML signature for mail sent within my department contains an image of my real signature (well, nearly my signature, but no use for signing checks as me). If you don't know about rulesets, read /etc/MailScanner/rules/* and the docs on the website and on the wiki and in the book. ># If you are using HTML signatures, you can embed an image in the signature. ># For the filename(s) of the image, see the settings "Signature Image ># Filename" and "Signature Image Filename". ># This can also be the filename of a ruleset. >Attach Image To Signature = no ># Normally, you would only want to attach the image to messages with an ># HTML part, as plain text messages clearly cannot display an image. ># However, if you find some other use for this feature, you may want to ># attach an image to a message which is just text. ># This can also be the filename of a ruleset. >Attach Image To HTML Message Only = yes ># When using an image in the signature, there are 2 filenames which need ># to be set. The first is the location in this server's filesystem of the ># image file itself. The second is the name of the image as it is stored in ># the attachment. The HTML version of the signature will refer to this ># second name in the HTML tag. ># Note: the filename extension will be used as the MIME subtype, so a GIF ># image must end in ".gif" for example. (.jpg ==> "jpeg" as a special case) >Signature Image Filename = %report-dir%/sig.jpg >Signature Image Filename = signature.jpg >Jules -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/c88c96b9/attachment.html From ssilva at sgvwater.com Fri Apr 11 18:50:04 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 11 18:55:13 2008 Subject: 4.68 / 4.69 SA cache working? In-Reply-To: <47FDDAEA.2050508@ecs.soton.ac.uk> References: <47FDDAEA.2050508@ecs.soton.ac.uk> Message-ID: on 4-10-2008 2:16 AM Julian Field spake the following: > Can someone running 4.68 or 4.69 please confirm that the SpamAssassin > cache is still working okay? > Hopefully, the analyse_SpamAssassin_cache command will tell you. > > Thanks! > > Jules > --------- TOTALS --------- Total records: 160 First seen (oldest): 211654 sec First seen (newest): 38 sec Last seen (oldest): 211654 sec Last seen (newest): 38 sec Cache Hit Rate 0% -------- NON-SPAM -------- Total records: 38 First seen (oldest): 1825 sec First seen (newest): 38 sec Last seen (oldest): 1825 sec Last seen (newest): 38 sec -------- LOW-SPAM -------- Total records: 0 First seen (oldest): 0 sec First seen (newest): 0 sec Last seen (oldest): 0 sec Last seen (newest): 0 sec ------- HIGH-SPAM -------- Total records: 64 First seen (oldest): 10529 sec First seen (newest): 44 sec Last seen (oldest): 10529 sec Last seen (newest): 44 sec -------- VIRUSES -------- Total records: 57 First seen (oldest): 159628 sec First seen (newest): 4371 sec Last seen (oldest): 159628 sec Last seen (newest): 4371 sec ----- TOP 5 HASHES ------- MD5 COUNT FIRST LAST closing dbh with active statement handles at /usr/sbin/analyse_SpamAssassin_cach e line 65. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/aecc2ad2/signature.bin From MailScanner at ecs.soton.ac.uk Fri Apr 11 19:17:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 11 19:18:27 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> References: <47FF6F6C.3050508@utwente.nl> <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> Message-ID: <47FFAB4F.3020406@ecs.soton.ac.uk> Glenn Steen wrote: > On 11/04/2008, Peter Peters wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi, >> >> I am trying to set up a rule that will make MS scan all messages to and >> from a number of domains, except when they come in from a certain system. >> >> In fact something like this: >> >> FromTo: *@utwente.nl AND From: 130.89.2.4 no >> FromTo: *@utwente.nl yes >> > FromOrTo:, not FromTo: > ...:-) > Doesn't make any difference. Looks for an "f" and a "t". Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 11 19:19:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 11 19:20:03 2008 Subject: Releasing messages In-Reply-To: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> Message-ID: <47FFABC6.7000900@ecs.soton.ac.uk> Test wrote: > Is it possible to release a message from quarantine "as is" ? > Quarantine the messages as "Raw Queue Files" and release them by just dropping them into the outgoing MTA queue. If this is actually a MailWatch query, then you'll have to ask on its mailing list, not this one. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Fri Apr 11 19:19:22 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 11 19:20:10 2008 Subject: help wiht MailScanner please In-Reply-To: <113374.3471.qm@web36404.mail.mud.yahoo.com> References: <113374.3471.qm@web36404.mail.mud.yahoo.com> Message-ID: on 4-10-2008 8:23 AM roberto martin castillo ramos spake the following: > > Hello, > > I have installed the MailScanner4.64.3 in Centos5, but once installed > all the emails that are good enter like Spam, but when the MailScanner > was not installed all emails that are good enter well, > > How I can do so that the good emails do not enter like Spam once > installed the MailScanner, > > Thanks > Read all the relevant docs at wiki.mailscanner.info Not to be insulting, but since English seems to be your second language, maybe you can find someone local to help with any translation issues you might have. It is better to have a good grasp of the documents to prevent any mistakes due to mis-understanding. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/3597285f/signature.bin From ssilva at sgvwater.com Fri Apr 11 19:32:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Apr 11 19:33:11 2008 Subject: MailScanner process virus checking of messages marked as SPAM In-Reply-To: <47FF6528.2080907@juli.cz> References: <47FF6528.2080907@juli.cz> Message-ID: on 4-11-2008 6:18 AM Petr Zeman spake the following: > Hello, > > i am using MailScanner 4.61.2 with SpamAssassin enabled and with 2 > antivirus scanners (kaspersky and clamav). 90% of all e-mails is SPAM > and server is heavy loaded. When i searching why, i found in log: > > Apr 11 14:17:40 mail MailScanner[4940]: New Batch: Scanning 1 messages, > 1743 bytes > Apr 11 14:17:40 mail MailScanner[4940]: Spam Checks: Starting > Apr 11 14:17:46 mail MailScanner[4940]: Message m3BCHYfn006104 from > 60.52.94.167 (pesseist_1980@1370wbtn.com) to juli.cz is spam, > SpamAssassin (not cached, score=10.147, required 5, BAYES_99 3.50, > DCC_CHECK 2.17, DIGEST_MULTIPLE 0.00, HTML_MESSAGE 0.00, > RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > RAZOR2_CHECK 0.50, URIBL_JP_SURBL 1.50, URIBL_SC_SURBL 0.47) > Apr 11 14:17:46 mail MailScanner[4940]: Spam Checks: Found 1 spam messages > Apr 11 14:17:46 mail MailScanner[4940]: Spam Actions: message > m3BCHYfn006104 actions are store,header > Apr 11 14:17:46 mail MailScanner[4940]: > mailscanner@lists.mailscanner.info and Content Scanning: Starting > Apr 11 14:17:53 mail MailScanner[4940]: Logging message m3BCHYfn006104 > to SQL > > MailScanner process virus checking of messages marked as SPAM. Is > possible disable this? > > Sorry for my bad english. > Have you thought about using one of the alternates for clamav like clamavmodule or clamd? They have much lower loads. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/c5ef5c10/signature.bin From MailScanner at ecs.soton.ac.uk Fri Apr 11 19:40:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 11 19:41:20 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804111042v72f6269as5400465403dfca58@mail.gmail.com> References: <67a55ed50804111042v72f6269as5400465403dfca58@mail.gmail.com> Message-ID: <47FFB0A7.5090601@ecs.soton.ac.uk> Dave Jones wrote: > Can someone post a sample of a working inline.sig.html? I am getting > an email with the attached jpg file but it only shows an image box of > 186 x 23 with no image inside it. Am I missing something in my html > file that puts it inline within the body? > > _*MailScanner.conf*_ > Attach Image To Signature = yes > Inline HTML Signature = %rules-dir%/inline-html-signature.rules > Signature Image Filename = %rules-dir%/signature-image-filename.rules > Signature Image Filename = signature.jpg > > _*cat inline-html-signature.rules*_ > From: me@mydomain.com > %report-dir%/inline.oneteam.sig.html > FromOrTo: default no > > _*cat signature-image-filename.rules *_ > From: me@mydomain.com > %report-dir%/OneTeam.jpg > FromOrTo: default no > > _*cat inline.oneteam.sig.html*_ > You need to call it src="cid:signature.jpg" > > Dave Jones > > >Themba Ntleki wrote: > >> Hi Guys, > >> > >> Is is possible to have a graphic(.jpg) within the inline signature in > >> MS or something similar, I have tried adding some html code in the > >> inline.sig.html file, but mail is sent without the graphic. > >> Any Ideas? > >Yes, perfectly possible. Read your MailScanner.conf file and you will > find these. They are most useful with rulesets, so that you switch it on > and off for different people, and choose different images for different > people. My default HTML signature for mail sent within my department > contains an image of my real signature (well, nearly my signature, but > no use for signing checks as me). If you don't know about rulesets, read > /etc/MailScanner/rules/* and the docs on the website and on the wiki and > in the book. > > ># If you are using HTML signatures, you can embed an image in the > signature. > ># For the filename(s) of the image, see the settings "Signature Image > ># Filename" and "Signature Image Filename". > ># This can also be the filename of a ruleset. > >Attach Image To Signature = no > > ># Normally, you would only want to attach the image to messages with an > ># HTML part, as plain text messages clearly cannot display an image. > ># However, if you find some other use for this feature, you may want to > ># attach an image to a message which is just text. > ># This can also be the filename of a ruleset. > >Attach Image To HTML Message Only = yes > > ># When using an image in the signature, there are 2 filenames which need > ># to be set. The first is the location in this server's filesystem of the > ># image file itself. The second is the name of the image as it is > stored in > ># the attachment. The HTML version of the signature will refer to this > ># second name in the HTML tag. > ># Note: the filename extension will be used as the MIME subtype, so a GIF > ># image must end in ".gif" for example. (.jpg ==> "jpeg" as a special > case) > >Signature Image Filename = %report-dir%/sig.jpg > >Signature Image Filename = signature.jpg > > >Jules > > -- > Dave Jones Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Fri Apr 11 20:51:53 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Apr 11 20:52:31 2008 Subject: Questions about ClamAV/Spamassassin, etc. Message-ID: I'm *way* overdue to upgrade my MailScanner boxes. There have been so many great changes over the last year that I'm a bit lost on the finer details so would like some "best practice" advice. I've got a nifty new IBM x3650 64 bit, dual processer & two gigs ram, running SLES 10. I've installed MS, and am now at the spamassassin and clamav stage. Please advise on the following: 1: ClamAV - which to use, ClamAV, clamd, or clamavmodule? I started running the SA/ClamAV dual script and got the following: =============================================================== There are 2 recommended ways of installing ClamAV, depending on various factors. If you want to use MailScanners support for Clamd (virus-scanning daemon) then I recommend you cancel this script now (press Ctrl-C) and install the RPMs for clamav, clamav-db and clamd from http://dag.wieers.com/rpm/packages/clamav Then re-run this script and tell me that clamscan is installed in /usr/bin. This will set up your virus.scanners.conf file for you. =============================================================== I cancelled. The Dag Wieers site doesn't have SUSE rpms. If clamd is the preferred option, what's the best way to install it, clamav and clamav-db? I believe the the install script will do clamav-module, right? I vaguely seems to remember that there was some chatter on the list a while ago but don't remember specifics - any caveats to using that, ie. keywords to search the archives on? 2: I'm getting this when /etc/cron.hourly runs: =============================================================== running hourly cronjob scripts SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 2. =============================================================== Any ideas on that? Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From davejones70 at gmail.com Fri Apr 11 21:01:46 2008 From: davejones70 at gmail.com (Dave Jones) Date: Fri Apr 11 21:02:21 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804111301v47ba1b38p4448818e3fc5bdfc@mail.gmail.com> >Dave Jones wrote: >> Can someone post a sample of a working inline.sig.html? I am getting >> an email with the attached jpg file but it only shows an image box of >> 186 x 23 with no image inside it. Am I missing something in my html >> file that puts it inline within the body? >> >> _*MailScanner.conf*_ >> Attach Image To Signature = yes >> Inline HTML Signature = %rules-dir%/inline-html-signature.rules >> Signature Image Filename = %rules-dir%/signature-image-filename.rules >> Signature Image Filename = signature.jpg >> >> _*cat inline-html-signature.rules*_ >> From: me mydomain.com mydomain.com> >> %report-dir%/inline.oneteam.sig.html >> FromOrTo: default no >> >> _*cat signature-image-filename.rules *_ >> From: me mydomain.com mydomain.com> >> %report-dir%/OneTeam.jpg >> FromOrTo: default no >> >> _*cat inline.oneteam.sig.html*_ >> >You need to call it src="cid:signature.jpg" I made my "inline.oneteam.sig.html" have " >> >> Dave Jones >> >> >Themba Ntleki wrote: >> >> Hi Guys, >> >> >> >> Is is possible to have a graphic(.jpg) within the inline signature in >> >> MS or something similar, I have tried adding some html code in the >> >> inline.sig.html file, but mail is sent without the graphic. >> >> Any Ideas? >> >Yes, perfectly possible. Read your MailScanner.conf file and you will >> find these. They are most useful with rulesets, so that you switch it on >> and off for different people, and choose different images for different >> people. My default HTML signature for mail sent within my department >> contains an image of my real signature (well, nearly my signature, but >> no use for signing checks as me). If you don't know about rulesets, read >> /etc/MailScanner/rules/* and the docs on the website and on the wiki and >> in the book. >> >> ># If you are using HTML signatures, you can embed an image in the >> signature. >> ># For the filename(s) of the image, see the settings "Signature Image >> ># Filename" and "Signature Image Filename". >> ># This can also be the filename of a ruleset. >> >Attach Image To Signature = no >> >> ># Normally, you would only want to attach the image to messages with an >> ># HTML part, as plain text messages clearly cannot display an image. >> ># However, if you find some other use for this feature, you may want to >> ># attach an image to a message which is just text. >> ># This can also be the filename of a ruleset. >> >Attach Image To HTML Message Only = yes >> >> ># When using an image in the signature, there are 2 filenames which need >> ># to be set. The first is the location in this server's filesystem of the >> ># image file itself. The second is the name of the image as it is >> stored in >> ># the attachment. The HTML version of the signature will refer to this >> ># second name in the HTML tag. >> ># Note: the filename extension will be used as the MIME subtype, so a GIF >> ># image must end in ".gif" for example. (.jpg ==> "jpeg" as a special >> case) >> >Signature Image Filename = %report-dir%/sig.jpg >> >Signature Image Filename = signature.jpg >> >> >Jules >> >> -- >> Dave Jones >Jules -- Dave Jones From wilson.galafassi at gmail.com Fri Apr 11 21:10:55 2008 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Fri Apr 11 21:11:30 2008 Subject: RES: block attachments In-Reply-To: <47FE9E89.2080703@vanderkooij.org> References: <47fe6b42.070fc00a.68da.153c@mx.google.com> <47FE9E89.2080703@vanderkooij.org> Message-ID: <47ffc5ce.060ec00a.224d.ffffaac9@mx.google.com> I have to block using filename or filetype? -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Hugo van der Kooij Enviada em: quinta-feira, 10 de abril de 2008 20:11 Para: MailScanner discussion Assunto: Re: block attachments -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wilson A. Galafassi Jr. wrote: | I need to block attachments for almost all users. I only need to permit ti | RECEIVE attachments for some users (admin, etc). All users can send | attachments. | | How i can configure this? What have you read about this? What have you tried? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH/p6IBvzDRVjxmYERAjdWAJ4/gJpw5HRTqIZymLwJnl7uuWEtqACfRvXU qsJHKD6Rf0AJXt6XGPVv5n0= =CL2B -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Fri Apr 11 21:56:25 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Apr 11 21:57:10 2008 Subject: Backscatter & challenge response In-Reply-To: <002f01c89bad$63026d10$29074730$@co.uk> References: <002f01c89bad$63026d10$29074730$@co.uk> Message-ID: <47FFD079.8080800@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Houselander (SME) wrote: | In common with lots of people I've seen a massive increase in the amount of | backscatter my domains are getting. I implemented watermarking which has | helped a great deal. | | What I'm getting complaints about now are the mails coming in from annoying | challenge response systems, the mails don't come from postmaster, <> etc... | so the watermark does not get looked at. | | Just wondered if anyone had any bright ideals as to how to combat it? | | I've been looking at a selection I've been sent through this morning and | there doesn't seem to be anything consistent about them and there not | hitting many spamassasin rules. I considere them hostile spam senders and blacklist them accordingly. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH/9B3BvzDRVjxmYERAhUtAKCZ78lzazH417/PZnm+K81baJfRLwCfWFXS zyiyKWI0BQMQ2qAUqMzNe+A= =Fgv2 -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Fri Apr 11 22:02:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 11 22:03:48 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804111301v47ba1b38p4448818e3fc5bdfc@mail.gmail.com> References: <67a55ed50804111301v47ba1b38p4448818e3fc5bdfc@mail.gmail.com> Message-ID: <47FFD1CB.5060109@ecs.soton.ac.uk> Dave Jones wrote: >> Dave Jones wrote: >> >>> Can someone post a sample of a working inline.sig.html? I am getting >>> an email with the attached jpg file but it only shows an image box of >>> 186 x 23 with no image inside it. Am I missing something in my html >>> file that puts it inline within the body? >>> >>> _*MailScanner.conf*_ >>> Attach Image To Signature = yes >>> Inline HTML Signature = %rules-dir%/inline-html-signature.rules >>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>> Signature Image Filename = signature.jpg >>> >>> _*cat inline-html-signature.rules*_ >>> From: me mydomain.com mydomain.com> >>> %report-dir%/inline.oneteam.sig.html >>> FromOrTo: default no >>> >>> _*cat signature-image-filename.rules *_ >>> From: me mydomain.com mydomain.com> >>> %report-dir%/OneTeam.jpg >>> FromOrTo: default no >>> >>> _*cat inline.oneteam.sig.html*_ >>> >>> >> You need to call it src="cid:signature.jpg" >> > > I made my "inline.oneteam.sig.html" have " src="cid:signature.jpg>" " but now the src= text value is getting > dropped off when I view the source of the email. This is a snip of > the end of the source: > > > > That's because you've got the quotes in the wrong place. src="cid:signature.jpg" just as I said last time, so the whole thing looks like > > > >>> Dave Jones >>> >>> >>>> Themba Ntleki wrote: >>>> >>>>> Hi Guys, >>>>> >>>>> Is is possible to have a graphic(.jpg) within the inline signature in >>>>> MS or something similar, I have tried adding some html code in the >>>>> inline.sig.html file, but mail is sent without the graphic. >>>>> Any Ideas? >>>>> >>>> Yes, perfectly possible. Read your MailScanner.conf file and you will >>>> >>> find these. They are most useful with rulesets, so that you switch it on >>> and off for different people, and choose different images for different >>> people. My default HTML signature for mail sent within my department >>> contains an image of my real signature (well, nearly my signature, but >>> no use for signing checks as me). If you don't know about rulesets, read >>> /etc/MailScanner/rules/* and the docs on the website and on the wiki and >>> in the book. >>> >>> >>>> # If you are using HTML signatures, you can embed an image in the >>>> >>> signature. >>> >>>> # For the filename(s) of the image, see the settings "Signature Image >>>> # Filename" and "Signature Image Filename". >>>> # This can also be the filename of a ruleset. >>>> Attach Image To Signature = no >>>> >>>> # Normally, you would only want to attach the image to messages with an >>>> # HTML part, as plain text messages clearly cannot display an image. >>>> # However, if you find some other use for this feature, you may want to >>>> # attach an image to a message which is just text. >>>> # This can also be the filename of a ruleset. >>>> Attach Image To HTML Message Only = yes >>>> >>>> # When using an image in the signature, there are 2 filenames which need >>>> # to be set. The first is the location in this server's filesystem of the >>>> # image file itself. The second is the name of the image as it is >>>> >>> stored in >>> >>>> # the attachment. The HTML version of the signature will refer to this >>>> # second name in the HTML tag. >>>> # Note: the filename extension will be used as the MIME subtype, so a GIF >>>> # image must end in ".gif" for example. (.jpg ==> "jpeg" as a special >>>> >>> case) >>> >>>> Signature Image Filename = %report-dir%/sig.jpg >>>> Signature Image Filename = signature.jpg >>>> >>>> Jules >>>> >>> -- >>> Dave Jones >>> > > >> Jules >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Apr 11 22:12:09 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 11 22:12:44 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: <47FFAB4F.3020406@ecs.soton.ac.uk> References: <47FF6F6C.3050508@utwente.nl> <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> <47FFAB4F.3020406@ecs.soton.ac.uk> Message-ID: <223f97700804111412i21312046n2d4089db41ca8006@mail.gmail.com> On 11/04/2008, Julian Field wrote: > > > Glenn Steen wrote: > > > On 11/04/2008, Peter Peters wrote: > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Hi, > > > > > > I am trying to set up a rule that will make MS scan all messages to and > > > from a number of domains, except when they come in from a certain > system. > > > > > > In fact something like this: > > > > > > FromTo: *@utwente.nl AND From: 130.89.2.4 no > > > FromTo: *@utwente.nl yes > > > > > > > > FromOrTo:, not FromTo: > > ...:-) > > > > > Doesn't make any difference. Looks for an "f" and a "t". > Forgive me, Oh Root, for I have sinned and did not look up the Code before Replying! Oh well, I'm off to do my penitance... 200 Hail Julians, was it?:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Fri Apr 11 22:23:20 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Apr 11 22:23:55 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: <223f97700804111412i21312046n2d4089db41ca8006@mail.gmail.com> References: <47FF6F6C.3050508@utwente.nl> <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> <47FFAB4F.3020406@ecs.soton.ac.uk> <223f97700804111412i21312046n2d4089db41ca8006@mail.gmail.com> Message-ID: <47FFD6C8.90601@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: | Forgive me, Oh Root, for I have sinned and did not look up the Code | before Replying! | Oh well, I'm off to do my penitance... 200 Hail Julians, was it?:-):-) 200 lines of code or 200 lines of documentation will do as well. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH/9bGBvzDRVjxmYERAsOqAJ4+3AhAAeQD66Y05zvcVE6SCn9LeQCeKwUQ jVPEAkHUSPsmrf54nImTZGw= =EhaZ -----END PGP SIGNATURE----- From Kevin_Miller at ci.juneau.ak.us Fri Apr 11 23:50:25 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Apr 11 23:51:07 2008 Subject: tmpfs question Message-ID: I figured I'd give the tmpfs trick a try. The wiki says to add this to /etc/fstab: none /var/spool/MailScanner/incoming tmpfs defaults 0 0 I don't see where it assigns a specific amount of ram. Does it just take what it needs? How do you limit it so the system doesn't start swapping? Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Sat Apr 12 03:47:42 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Apr 12 03:48:40 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: <47FFD6C8.90601@vanderkooij.org> References: <47FF6F6C.3050508@utwente.nl> <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> <47FFAB4F.3020406@ecs.soton.ac.uk> <223f97700804111412i21312046n2d4089db41ca8006@mail.gmail.com> <47FFD6C8.90601@vanderkooij.org> Message-ID: on 4-11-2008 2:23 PM Hugo van der Kooij spake the following: > Glenn Steen wrote: > > | Forgive me, Oh Root, for I have sinned and did not look up the Code > | before Replying! > | Oh well, I'm off to do my penitance... 200 Hail Julians, was it?:-):-) > > 200 lines of code or 200 lines of documentation will do as well. > > Hugo. > And a chilled glass of akavit! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/298cb0c6/signature.bin From ssilva at sgvwater.com Sat Apr 12 03:56:29 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Apr 12 03:56:45 2008 Subject: tmpfs question In-Reply-To: References: Message-ID: on 4-11-2008 3:50 PM Kevin Miller spake the following: > I figured I'd give the tmpfs trick a try. The wiki says to add this to > /etc/fstab: > > none /var/spool/MailScanner/incoming tmpfs defaults 0 0 > > I don't see where it assigns a specific amount of ram. Does it just > take what it needs? How do you limit it so the system doesn't start > swapping? > > Thanks... > > ...Kevin Have a look in the mount man page for the options. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080411/83bfe79f/signature.bin From hvdkooij at vanderkooij.org Sat Apr 12 07:56:50 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Apr 12 07:57:34 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> Message-ID: <48005D32.3040802@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: | On 06/04/2008, Hugo van der Kooij wrote: |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Hi, |> |> I have been trying to get my head around this question before. I find |> that I have a scalability problem that I could resolve if I can put |> messages on HOLD for MS to pickup only if it is not for a certain |> recipient. |> |> There is one recipient that goes straight into a procmail parser to |> extract specific information. There is no need to fire up the whole MS |> circus for each message. This is an automated system that will get 1 |> message per monitored SMTP server per minute. |> |> The normal config is: |> # Do some header checks |> # This includes setting almost anything on hold for MailScanner to |> pick up |> header_checks = regexp:/etc/postfix/regexp/header-checks |> |> So I have tried a number of setups. Most of them failed miserably. |> |> This morning I woke up whith what seems to be the answer so I gave it a |> spin and here are my findings. |> |> |> What does work is at the end of my smtpd checks add a table to list |> explicit addresses to scan. In the main.cf it looks like: |> |> # Access rules |> smtpd_client_restrictions = |> ~ permit_mynetworks, |> ~ permit_sasl_authenticated, |> ....Long list removed....... |> ~ reject_unauth_destination, |> ~ check_recipient_access |> hash:/etc/postfix/hash/valid-recipients |> |> And the hash tables explicit lists everyone for whome MS should be |> called upon. Like: |> |> hugo@vanderkooij.org HOLD |> hvdkooij@vanderkooij.org HOLD |> |> (I know putting email in the clear scares some people. But if you ever |> see a Megalist without these two then do not buy it. ;-) |> |> But the drawback is it only works for a simple setup at home with only a |> moderate list of recipients. And where you actually know all the |> recipients. |> | Actually... If you (as ) already use the relay_recipient_map thing, | it'd be trivial to rewrite the script that generates the | relay_recipient_map to also do an access_map...:). | But then again... |> But if you want to have just a few exceptions then you better use |> regular expressions. |> |> So replace: |> check_recipient_access |> hash:/etc/postfix/hash/valid-recipients |> |> with: |> check_recipient_access |> regexp:/etc/postfix/regexp/MailScanner |> |> With /etc/postfix/regexp/MailScanner looking like: |> |> # |> # header_checks - Postfix built-in header/body inspection |> # |> /exclusion@test\.example\.net/ OK |> |> # Everyone else will go through MailScanner! |> /.*/ HOLD |> |> # EOF |> |> |> This does the trick for me. It might work for others. | This would be a better replacement for the header check thing, in | cases where you'd like to be selective. Thanks for thinking it up, and | sharing. Sharing is what make OS so much stronger. But I have found an issue I am not able to pinpoint yet. Every email to my postmaster seems to bypass MailScanner as well. I have grepped my config files untill my fingers grew tired. But I have no postmaster exception in postfix anywhere. Nor do I have one in MailScanner. Is there an buildin option of postfix I am missing here? ~ --- postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 header_checks = regexp:/etc/postfix/regexp/header-checks home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_command = /usr/bin/procmail -Y mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, $testdomains, spamvrij.net, vanderkooij.org, localhost.$mydomain, localhost.localdomain, localhost mydomain = vanderkooij.org myhostname = balin.waakhond.net mynetworks = 84.244.132.155/32, [2001:960:2:595::2]/128, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES recipient_delimiter = + relay_domains = $mydestination sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_sasl_auth_enable = no smtpd_banner = $myhostname ESMTP The sending of unsollicited bulk or commercial email will be regarded as criminal activities. All traffic is logged and violations will be handled under criminal and/or civil law. smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/hash/whitelist, check_client_access cidr:/etc/postfix/cidr/blacklist-networks, check_client_access cidr:/etc/postfix/cidr/spamhaus-droplist, check_recipient_access hash:/etc/postfix/hash/recipients, check_client_access hash:/etc/postfix/hash/blacklist, check_sender_access hash:/etc/postfix/hash/blacklist, check_client_access hash:/etc/postfix/hash/dynamic-blacklist, check_client_access regexp:/etc/postfix/regexp/dynamic-networks, check_sender_access hash:/etc/postfix/hash/spamlist, reject_non_fqdn_hostname, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_hostname, reject_unverified_recipient, reject_rbl_client STX2E4ZKZBQAVGD47HCFAB8ETQWC8HB.r.mail-abuse.com, reject_rbl_client all.rbl.jp, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client korea.services.net, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client blackholes.securitysage.com, reject_unauth_destination, check_recipient_access regexp:/etc/postfix/regexp/MailScanner smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_restriction_classes = work_MS, reject_RFC, reject_auto, reject_auto_virus, reject_domain, reject_dynamic, reject_infected, ~ reject_spam, reject_user, whitelist_select smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/balin.waakhond.net.crt smtpd_tls_key_file = /etc/ssl/balin.waakhond.net.key smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes transport_maps = hash:/etc/postfix/hash/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = rust-hoff.nl virtual_alias_maps = hash:/etc/postfix/hash/virtual-domains ~ --- MailScanner -c Option Name Default Current Value =============================================================================== addenvelopetoheader no yes alwaysincludespamassassinreport no yes alwayslookeduplast no FUNCTION:MailWatchLogging attachmentextensionsnottozip .zip .rar .gz .tgz .mpg .mpe .mpeg .mp3 .rpm .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml attachmentwarningfilename VirusWarning.txt VANDERKOOIJ-Attachment-Warning.txt clamavfullmessagescan no yes clamdsocket 127.0.0.1 /tmp/clamd cleanheadervalue Found to be clean No virus detected contentsubjecttext {Dangerous Content?} [MODIFIED] disarmedsubjecttext {Disarmed} [DISARMED] disinfectedheadervalue Disinfected Virus removed enablespambounce no RULESET:Default=no envelopefromheader X-MailScanner-Envelope-From: X-VANDERKOOIJ-MailScanner-From: envelopetoheader X-MailScanner-Envelope-To: X-VANDERKOOIJ-MailScanner-To: filenamerules RULESET:Default=/etc/MailScanner/filename.rules.conf filenamesubjecttext {Filename?} [STRIPPED] filetyperules /etc/MailScanner/filetype.rules.conf highscoringspamactions deliver header "X-Spam-Status: Yes" store highscoringspamsubjecttext {Spam?} [SPAM:_SCORE_] highspamassassinscore 10 6 hostname the MailScanner the VANDERKOOIJ (balin.waakhond.net) MailScanner ignoredwebbugfilenames spacer pixel.gif pixel.png gap incomingqueuedir /var/spool/mqueue.in /var/spool/postfix/hold infectedheadervalue Found to be infected Virus detected informationheader X-VANDERKOOIJ-MailScanner-Information: informationheadervalue Please contact the ISP for more information If you see this line then you have found the headers. Use them wisely! isdefinitelynotspam no FUNCTION:SQLWhitelist isdefinitelyspam no FUNCTION:SQLBlacklist keepspamandmcparchiveclean no yes knownwebbugservers msgtag.com languagestrings /etc/MailScanner/reports/en/languages.conf logdangeroushtmltags no yes lognonspam no yes logsilentviruses no yes logspam no yes mailheader X-MailScanner: X-VANDERKOOIJ-MailScanner: mailscannerversionnumber 1.0.0 4.66.5 maxchildren 5 1 maximummessagesize 0 RULESET:Default=0 maxspamassassinsize 30000 40k maxspamchecksize 150000 250000 mcpheader X-MailScanner-MCPCheck: X-VANDERKOOIJ-MailScanner-MCPCheck: mcpmaxspamassassinsize 100000 100k monitorsforclamavupdates /usr/local/share/clamav/*.cvd /var/clamav/*.inc/* /var/clamav/*.cvd monitorsforsophosupdates /usr/local/Sophos/ide/*.zip /usr/local/Sophos/ide/*ides.zip mta sendmail postfix nonspamactions deliver header "X-Spam-Status: No" store deliver header "X-VANDERKOOIJ-SPAM: NO" noticesignature -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info -- \nMailScanner (anti-spam, anti-virus toolkit) notifysenders yes no notifysendersofblockedfilenamesorfiletypes yes no notifysendersofblockedsizeattachments no yes outgoingqueuedir /var/spool/mqueue /var/spool/postfix/incoming phishingsubjecttext {Fraud?} [PHISHING] quarantinegroup apache quarantinepermissions 0600 0660 quarantinesilentviruses no yes quarantineuser postfix quarantinewholemessage no yes queuescaninterval 6 3 rejectionreport /etc/MailScanner/reports/en/message.rejection.report.txt /etc/MailScanner/reports/en/rejection.report.txt requiredspamassassinscore 6 3 runasgroup 0 postfix runasuser 0 postfix scanmessages yes RULESET:Default=yes scannedsubjecttext {Scanned} [SCANNED] signatureimagefilename /etc/MailScanner/reports/en/sig.jpg signatureimageimgfilename signature.jpg signcleanmessages yes no sizesubjecttext {Size} [SIZE] sophosidedir /usr/local/Sophos/ide sophoslibdir /usr/local/Sophos/lib spamactions deliver header "X-Spam-Status: Yes" store deliver header "X-VANDERKOOIJ-SPAM: YES" spamassassinsiterulesdir /etc/mail/spamassassin spamassassintimeout 75 60 spamassassinuserstatedir /var/spool/MailScanner/spamassassin spamheader X-MailScanner-SpamCheck: X-VANDERKOOIJ-MailScanner-SpamCheck: spamlist ERS spamhaus-ZEN RBL-JP RBL-KR spamliststobespam 1 2 spamscoreheader X-MailScanner-SpamScore: X-VANDERKOOIJ-MailScanner-SpamScore: spamscorenumberformat %d %5.2f spamsubjecttext {Spam?} [SPAM:_SCORE_] treatinvalidwatermarkswithnosenderasspam spam 1 unscannedheadervalue Not scanned: please contact your Internet E-Mail Service Provider for details This message was not scanned! Be cautious! virusscanners auto clamavmodule mcafee avastd virusscanning yes RULESET:Default=yes virussubjecttext {Virus?} [VIRUS] watermarkheader MailScanner-NULL-Check: X-VANDERKOOIJ-MailScanner-Watermark: watermarksecret webbugreplacement http://www.mailscanner.info/images/1x1spacer.gif http://hugo.vanderkooij.org/images/1x1spacer.gif Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIAF0uBvzDRVjxmYERAq8KAKCa8Lwz97yvCozDpfaf05PLrRdbRwCgjC9T H+aqhYLDfLvbQITkuTy2lmI= =qFRZ -----END PGP SIGNATURE----- From zeman at JULI.CZ Sat Apr 12 08:07:38 2008 From: zeman at JULI.CZ (Petr Zeman) Date: Sat Apr 12 08:08:24 2008 Subject: MailScanner process virus checking of messages marked as SPAM In-Reply-To: <47FF6D97.1030001@ecs.soton.ac.uk> References: <47FF6528.2080907@juli.cz> <47FF6D97.1030001@ecs.soton.ac.uk> Message-ID: <48005FBA.10905@juli.cz> thnx for answers .. Virus scanners = kaspersky-4.5 clamd clamav version is 0.91.2 kaspersky is 5.5.3 computer P4 at 2.8 GHz and 1 GB RAM, running SuSE 9.3 Petr Zeman JULI Motorenwerk, s.r.o. organizace a informatika tel. 547 124 199 zeman@juli.cz Julian Field napsal(a): > What is your "Virus Scanners =" set to in MailScanner.conf? > Virus scanning shouldn't add much to the load, it's a very quick > process. I'm slightly concerned that yours is apparently taking as long > as 7 seconds. > > Petr Zeman wrote: >> Hello, >> >> i am using MailScanner 4.61.2 with SpamAssassin enabled and with 2 >> antivirus scanners (kaspersky and clamav). 90% of all e-mails is SPAM >> and server is heavy loaded. When i searching why, i found in log: >> >> Apr 11 14:17:40 mail MailScanner[4940]: New Batch: Scanning 1 >> messages, 1743 bytes >> Apr 11 14:17:40 mail MailScanner[4940]: Spam Checks: Starting >> Apr 11 14:17:46 mail MailScanner[4940]: Message m3BCHYfn006104 from >> 60.52.94.167 (pesseist_1980@1370wbtn.com) to juli.cz is spam, >> SpamAssassin (not cached, score=10.147, required 5, BAYES_99 3.50, >> DCC_CHECK 2.17, DIGEST_MULTIPLE 0.00, HTML_MESSAGE 0.00, >> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, >> RAZOR2_CHECK 0.50, URIBL_JP_SURBL 1.50, URIBL_SC_SURBL 0.47) >> Apr 11 14:17:46 mail MailScanner[4940]: Spam Checks: Found 1 spam >> messages >> Apr 11 14:17:46 mail MailScanner[4940]: Spam Actions: message >> m3BCHYfn006104 actions are store,header >> Apr 11 14:17:46 mail MailScanner[4940]: >> mailscanner@lists.mailscanner.info and Content Scanning: Starting >> Apr 11 14:17:53 mail MailScanner[4940]: Logging message m3BCHYfn006104 >> to SQL >> >> MailScanner process virus checking of messages marked as SPAM. Is >> possible disable this? >> >> Sorry for my bad english. >> > > Jules > From glenn.steen at gmail.com Sat Apr 12 10:00:50 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 12 10:01:25 2008 Subject: Releasing messages In-Reply-To: <47FFABC6.7000900@ecs.soton.ac.uk> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> <47FFABC6.7000900@ecs.soton.ac.uk> Message-ID: <223f97700804120200q419e327ag4eff5d9ed38547d3@mail.gmail.com> On 11/04/2008, Julian Field wrote: > > > Test wrote: > > > Is it possible to release a message from quarantine "as is" ? > > > > > Quarantine the messages as "Raw Queue Files" and release them by just > dropping them into the outgoing MTA queue. > > If this is actually a MailWatch query, then you'll have to ask on its > mailing list, not this one. > > Jules .... and if it is (aMailWatch question, that is), then quaratining as raw queue files is definitely bad:-). Anyway, most (if not all) methods of releasing messages from quarantine are covered in the wiki... If one has the RFC822 message file, it is simply a question of how to form the appropriate sendmail command (or equivalent). That this will be logged as from root or postmaster is largely immaterial/invisible to the recipient. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 12 10:14:05 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 12 10:14:43 2008 Subject: Questions about ClamAV/Spamassassin, etc. In-Reply-To: References: Message-ID: <223f97700804120214v33964d0i5374c98fa917979@mail.gmail.com> On 11/04/2008, Kevin Miller wrote: > I'm *way* overdue to upgrade my MailScanner boxes. There have been so > many great changes over the last year that I'm a bit lost on the finer > details so would like some "best practice" advice. > > I've got a nifty new IBM x3650 64 bit, dual processer & two gigs ram, > running SLES 10. I've installed MS, and am now at the spamassassin and > clamav stage. Please advise on the following: > > 1: ClamAV - which to use, ClamAV, clamd, or clamavmodule? I started > running the SA/ClamAV dual script and got the following: > =============================================================== > There are 2 recommended ways of installing ClamAV, depending on > various factors. > If you want to use MailScanners support for Clamd (virus-scanning > daemon) then I recommend you cancel this script now (press Ctrl-C) > and install the RPMs for clamav, clamav-db and clamd from > http://dag.wieers.com/rpm/packages/clamav > Then re-run this script and tell me that clamscan is installed in > /usr/bin. This will set up your virus.scanners.conf file for you. > =============================================================== > > I cancelled. The Dag Wieers site doesn't have SUSE rpms. If clamd is > the preferred option, what's the best way to install it, clamav and > clamav-db? There is one big win for clamd over clamavmodule, and that is memory footprint. With clamd, only the clamd process need hold the signatures in memory, so the MS workers are lean and nice. IIRC there also is a slight performance increase... Might be wrong about that though:-). The biggest drawback, once you've successfully set it up (not exactly trivial, not exactly hard:-), is that you have a SPOF in the clamd daemon process... So you need have a "service watcher" that will respawn it if ever it dies... Personally, I'm still sticking with ClamAVModule:-). > I believe the the install script will do clamav-module, right? I Yep. > vaguely seems to remember that there was some chatter on the list a > while ago but don't remember specifics - any caveats to using that, ie. > keywords to search the archives on? Perhaps you refer to the signature loading->100% CPU for a few minutes bug? That shouldn't affect you/your version. > 2: I'm getting this when /etc/cron.hourly runs: > =============================================================== > running hourly cronjob scripts > > SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 2. > =============================================================== > Any ideas on that? Nope. Have you run it by hand? > Thanks... > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Apr 12 10:36:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 12 10:37:12 2008 Subject: tmpfs question In-Reply-To: References: Message-ID: <4800829B.5010800@ecs.soton.ac.uk> Kevin Miller wrote: > I figured I'd give the tmpfs trick a try. The wiki says to add this to > /etc/fstab: > > none /var/spool/MailScanner/incoming tmpfs defaults 0 0 > > I don't see where it assigns a specific amount of ram. Does it just > take what it needs? How do you limit it so the system doesn't start > swapping? > It just takes what it needs. You don't need to limit it, it will work it all out for itself. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gerard at seibercom.net Sat Apr 12 12:08:36 2008 From: gerard at seibercom.net (Gerard) Date: Sat Apr 12 12:09:30 2008 Subject: Backscatter & challenge response In-Reply-To: <47FFD079.8080800@vanderkooij.org> References: <002f01c89bad$63026d10$29074730$@co.uk> <47FFD079.8080800@vanderkooij.org> Message-ID: <20080412070836.02bfe50c@scorpio> On Fri, 11 Apr 2008 22:56:25 +0200 Hugo van der Kooij wrote: > Paul Houselander (SME) wrote: > > | In common with lots of people I've seen a massive increase in the > amount of > | backscatter my domains are getting. I implemented watermarking > which has | helped a great deal. > | > | What I'm getting complaints about now are the mails coming in from > annoying > | challenge response systems, the mails don't come from postmaster, <> > etc... > | so the watermark does not get looked at. > | > | Just wondered if anyone had any bright ideals as to how to combat > it? | > | I've been looking at a selection I've been sent through this > morning and | there doesn't seem to be anything consistent about them > and there not | hitting many spamassasin rules. > > I considere them hostile spam senders and blacklist them accordingly. I agree totally. I bounce any mail from a known 'challenge response' user. The entire concept of 'challenge response' is flawed and a huge waste of time and bandwidth. -- Gerard gerard@seibercom.net I believe a little incompatibility is the spice of life, particularly if he has income and she is pattable. Ogden Nash -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080412/e4342926/signature.bin From davejones70 at gmail.com Sat Apr 12 13:12:18 2008 From: davejones70 at gmail.com (Dave Jones) Date: Sat Apr 12 13:12:52 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804120512k35cbedbfoe698d82c5d54379a@mail.gmail.com> >Dave Jones wrote: >>> Dave Jones wrote: >>> >>>> Can someone post a sample of a working inline.sig.html? I am getting >>>> an email with the attached jpg file but it only shows an image box of >>>> 186 x 23 with no image inside it. Am I missing something in my html >>>> file that puts it inline within the body? >>>> >>>> _*MailScanner.conf*_ >>>> Attach Image To Signature = yes >>>> Inline HTML Signature = %rules-dir%/inline-html-signature.rules >>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>> Signature Image Filename = signature.jpg >>>> >>>> _*cat inline-html-signature.rules*_ >>>> From: me mydomain.com mydomain.com> >>>> %report-dir%/inline.oneteam.sig.html >>>> FromOrTo: default no >>>> >>>> _*cat signature-image-filename.rules *_ >>>> From: me mydomain.com mydomain.com> >>>> %report-dir%/OneTeam.jpg >>>> FromOrTo: default no >>>> >>>> _*cat inline.oneteam.sig.html*_ >>>> >>>> >>> You need to call it src="cid:signature.jpg" >>> >> >> I made my "inline.oneteam.sig.html" have "> src="cid:signature.jpg>" " but now the src= text value is getting >> dropped off when I view the source of the email. This is a snip of >> the end of the source: >> >> >> >> >That's because you've got the quotes in the wrong place. >src="cid:signature.jpg" >just as I said last time, so the whole thing looks like > My apologies for the previous bad posting. I had the real file exactly as you have it above and still get the resulting HTML dropping the src= value inside the img tag. -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080412/c520554e/attachment.html From glenn.steen at gmail.com Sat Apr 12 15:51:13 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 12 15:51:49 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: <47FFD6C8.90601@vanderkooij.org> References: <47FF6F6C.3050508@utwente.nl> <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> <47FFAB4F.3020406@ecs.soton.ac.uk> <223f97700804111412i21312046n2d4089db41ca8006@mail.gmail.com> <47FFD6C8.90601@vanderkooij.org> Message-ID: <223f97700804120751t53f4b02bif21c93f60deae735@mail.gmail.com> On 11/04/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > > | Forgive me, Oh Root, for I have sinned and did not look up the Code > | before Replying! > | Oh well, I'm off to do my penitance... 200 Hail Julians, was it?:-):-) > > 200 lines of code or 200 lines of documentation will do as well. You have an evil streak Hugo:-) .... 200 lines code... no problemo... 200 doco... uuuurgh:-) > Hugo. > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 12 15:52:25 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 12 15:53:00 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: References: <47FF6F6C.3050508@utwente.nl> <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> <47FFAB4F.3020406@ecs.soton.ac.uk> <223f97700804111412i21312046n2d4089db41ca8006@mail.gmail.com> <47FFD6C8.90601@vanderkooij.org> Message-ID: <223f97700804120752h2bfaf89fmb4abdf47fd34ab@mail.gmail.com> On 12/04/2008, Scott Silva wrote: > on 4-11-2008 2:23 PM Hugo van der Kooij spake the following: > > > Glenn Steen wrote: > > > > | Forgive me, Oh Root, for I have sinned and did not look up the Code > > | before Replying! > > | Oh well, I'm off to do my penitance... 200 Hail Julians, was it?:-):-) > > > > 200 lines of code or 200 lines of documentation will do as well. > > > > Hugo. > > > > > And a chilled glass of akavit! Yes please! With the way my new and shiny AIX boxes are treating me ... lets make that three...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 12 15:59:10 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 12 15:59:20 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <48005D32.3040802@vanderkooij.org> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> Message-ID: <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> On 12/04/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > | On 06/04/2008, Hugo van der Kooij wrote: > |> -----BEGIN PGP SIGNED MESSAGE----- > |> Hash: SHA1 > |> > |> Hi, > |> > |> I have been trying to get my head around this question before. I find > |> that I have a scalability problem that I could resolve if I can put > |> messages on HOLD for MS to pickup only if it is not for a certain > |> recipient. > |> > |> There is one recipient that goes straight into a procmail parser to > |> extract specific information. There is no need to fire up the whole MS > |> circus for each message. This is an automated system that will get 1 > |> message per monitored SMTP server per minute. > |> > |> The normal config is: > |> # Do some header checks > |> # This includes setting almost anything on hold for MailScanner > to > |> pick up > |> header_checks = > regexp:/etc/postfix/regexp/header-checks > |> > |> So I have tried a number of setups. Most of them failed miserably. > |> > |> This morning I woke up whith what seems to be the answer so I gave it a > |> spin and here are my findings. > |> > |> > |> What does work is at the end of my smtpd checks add a table to list > |> explicit addresses to scan. In the main.cf it looks like: > |> > |> # Access rules > |> smtpd_client_restrictions = > |> ~ permit_mynetworks, > |> ~ permit_sasl_authenticated, > |> ....Long list removed....... > |> ~ reject_unauth_destination, > |> ~ check_recipient_access > |> hash:/etc/postfix/hash/valid-recipients > |> > |> And the hash tables explicit lists everyone for whome MS should be > |> called upon. Like: > |> > |> hugo@vanderkooij.org HOLD > |> hvdkooij@vanderkooij.org HOLD > |> > |> (I know putting email in the clear scares some people. But if you ever > |> see a Megalist without these two then do not buy it. ;-) > |> > |> But the drawback is it only works for a simple setup at home with only > a > |> moderate list of recipients. And where you actually know all the > |> recipients. > |> > | Actually... If you (as ) already use the relay_recipient_map thing, > | it'd be trivial to rewrite the script that generates the > | relay_recipient_map to also do an access_map...:). > | But then again... > |> But if you want to have just a few exceptions then you better use > |> regular expressions. > |> > |> So replace: > |> check_recipient_access > |> hash:/etc/postfix/hash/valid-recipients > |> > |> with: > |> check_recipient_access > |> regexp:/etc/postfix/regexp/MailScanner > |> > |> With /etc/postfix/regexp/MailScanner looking like: > |> > |> # > |> # header_checks - Postfix built-in header/body inspection > |> # > |> /exclusion@test\.example\.net/ OK > |> > |> # Everyone else will go through MailScanner! > |> /.*/ HOLD > |> > |> # EOF > |> > |> > |> This does the trick for me. It might work for others. > | This would be a better replacement for the header check thing, in > | cases where you'd like to be selective. Thanks for thinking it up, and > | sharing. > > Sharing is what make OS so much stronger. > > But I have found an issue I am not able to pinpoint yet. Every email to > my postmaster seems to bypass MailScanner as well. I have grepped my > config files untill my fingers grew tired. But I have no postmaster > exception in postfix anywhere. Nor do I have one in MailScanner. > > Is there an buildin option of postfix I am missing here? Nah, it likely is a regexp thing:-). Your pattern /.*/ litteraly means "anything containing at least one character". So you need match the empty recipient as well with a separate /^$/ HOLD pattern in there, or else the empty sender (==MAILER-DAEMON, postmaster or ...:-) will simply "fall through". Try it and tell us how you fare! Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Apr 12 16:01:33 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Apr 12 16:01:43 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> Message-ID: <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> On 12/04/2008, Glenn Steen wrote: > On 12/04/2008, Hugo van der Kooij wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Glenn Steen wrote: > > | On 06/04/2008, Hugo van der Kooij wrote: > > |> -----BEGIN PGP SIGNED MESSAGE----- > > |> Hash: SHA1 > > |> > > |> Hi, > > |> > > |> I have been trying to get my head around this question before. I find > > |> that I have a scalability problem that I could resolve if I can put > > |> messages on HOLD for MS to pickup only if it is not for a certain > > |> recipient. > > |> > > |> There is one recipient that goes straight into a procmail parser to > > |> extract specific information. There is no need to fire up the whole MS > > |> circus for each message. This is an automated system that will get 1 > > |> message per monitored SMTP server per minute. > > |> > > |> The normal config is: > > |> # Do some header checks > > |> # This includes setting almost anything on hold for MailScanner > > to > > |> pick up > > |> header_checks = > > regexp:/etc/postfix/regexp/header-checks > > |> > > |> So I have tried a number of setups. Most of them failed miserably. > > |> > > |> This morning I woke up whith what seems to be the answer so I gave it a > > |> spin and here are my findings. > > |> > > |> > > |> What does work is at the end of my smtpd checks add a table to list > > |> explicit addresses to scan. In the main.cf it looks like: > > |> > > |> # Access rules > > |> smtpd_client_restrictions = > > |> ~ permit_mynetworks, > > |> ~ permit_sasl_authenticated, > > |> ....Long list removed....... > > |> ~ reject_unauth_destination, > > |> ~ check_recipient_access > > |> hash:/etc/postfix/hash/valid-recipients > > |> > > |> And the hash tables explicit lists everyone for whome MS should be > > |> called upon. Like: > > |> > > |> hugo@vanderkooij.org HOLD > > |> hvdkooij@vanderkooij.org HOLD > > |> > > |> (I know putting email in the clear scares some people. But if you ever > > |> see a Megalist without these two then do not buy it. ;-) > > |> > > |> But the drawback is it only works for a simple setup at home with only > > a > > |> moderate list of recipients. And where you actually know all the > > |> recipients. > > |> > > | Actually... If you (as ) already use the relay_recipient_map thing, > > | it'd be trivial to rewrite the script that generates the > > | relay_recipient_map to also do an access_map...:). > > | But then again... > > |> But if you want to have just a few exceptions then you better use > > |> regular expressions. > > |> > > |> So replace: > > |> check_recipient_access > > |> hash:/etc/postfix/hash/valid-recipients > > |> > > |> with: > > |> check_recipient_access > > |> regexp:/etc/postfix/regexp/MailScanner > > |> > > |> With /etc/postfix/regexp/MailScanner looking like: > > |> > > |> # > > |> # header_checks - Postfix built-in header/body inspection > > |> # > > |> /exclusion@test\.example\.net/ OK > > |> > > |> # Everyone else will go through MailScanner! > > |> /.*/ HOLD > > |> > > |> # EOF > > |> > > |> > > |> This does the trick for me. It might work for others. > > | This would be a better replacement for the header check thing, in > > | cases where you'd like to be selective. Thanks for thinking it up, and > > | sharing. > > > > Sharing is what make OS so much stronger. > > > > But I have found an issue I am not able to pinpoint yet. Every email to > > my postmaster seems to bypass MailScanner as well. I have grepped my > > config files untill my fingers grew tired. But I have no postmaster > > exception in postfix anywhere. Nor do I have one in MailScanner. > > > > Is there an buildin option of postfix I am missing here? > > Nah, it likely is a regexp thing:-). > Your pattern > /.*/ > litteraly means "anything containing at least one character". So you Correction. It _should_ mean anything containing 0 or more characters, but seem to mean the above... Which will miss the empty string. Sigh. > need match the empty recipient as well with a separate > /^$/ HOLD > pattern in there, or else the empty sender (==MAILER-DAEMON, > postmaster or ...:-) will simply "fall through". > Try it and tell us how you fare! > > > Cheers Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Sat Apr 12 16:43:56 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sat Apr 12 16:44:53 2008 Subject: Backscatter & challenge response {Scanned by Allteks Mailsafe} In-Reply-To: <01f301c89bc1$e1f348b0$a5d9da10$@prendergast@netring.co.uk> References: <002f01c89bad$63026d10$29074730$@co.uk> <15316.92.61.193.42.1207905958.squirrel@webmail.midland-ics.ie> <007701c89bbb$dfce5490$9f6afdb0$@co.uk> <01f301c89bc1$e1f348b0$a5d9da10$@prendergast@netring.co.uk> Message-ID: <625AF55D-435A-4022-A16C-3F83AAD9A422@nkpanama.com> On this list you may find a lot of people believe there is no such thing as a legitimate challenge/response message. It's like an oxymoron. :-) On Apr 11, 2008, at 5:50 AM, Edward Prendergast wrote: > If it does you could try hiking the score up but there > is a high risk of losing legitimate challenge/response messages with > this > method. From Ron.Ghetti at town.barnstable.ma.us Sat Apr 12 17:07:18 2008 From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron) Date: Sat Apr 12 17:07:01 2008 Subject: MailScanner folder References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> Message-ID: <3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> ok latest version of MailScanner installed from the website on ubuntu(debian) it's the strangest thing. if I type MailScanner --lint I get "mailscanner is not installed" if I look here in /opt/MailScanner I see that it is installed with it's own etc folder. if I look in /etc/MailScanner I see what looks like a second installation can someone give me a clue how to tell which one is the right one ? thanks -Ron From MailScanner at ecs.soton.ac.uk Sat Apr 12 17:17:01 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 12 17:17:47 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804120512k35cbedbfoe698d82c5d54379a@mail.gmail.com> References: <67a55ed50804120512k35cbedbfoe698d82c5d54379a@mail.gmail.com> Message-ID: <4800E07D.6000201@ecs.soton.ac.uk> Dave, Dave Jones wrote: > >Dave Jones wrote: > >>> Dave Jones wrote: > >>> > >>>> Can someone post a sample of a working inline.sig.html? I am getting > >>>> an email with the attached jpg file but it only shows an image box of > >>>> 186 x 23 with no image inside it. Am I missing something in my html > >>>> file that puts it inline within the body? > >>>> > >>>> _*MailScanner.conf*_ > >>>> Attach Image To Signature = yes > >>>> Inline HTML Signature = %rules-dir%/inline-html > -signature.rules > >>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules > >>>> Signature Image Filename = signature.jpg > >>>> > >>>> _*cat inline-html-signature.rules*_ > >>>> From: me mydomain.com mydomain.com > > >>>> %report-dir%/inline.oneteam.sig.html > >>>> FromOrTo: default no > >>>> > >>>> _*cat signature-image-filename.rules *_ > >>>> From: me mydomain.com mydomain.com > > >>>> %report-dir%/OneTeam.jpg > >>>> FromOrTo: default no > >>>> > >>>> _*cat inline.oneteam.sig.html*_ > >>>> > >>>> > >>> You need to call it src="cid:signature.jpg" > >>> > >> > >> I made my "inline.oneteam.sig.html" have " >> src="cid:signature.jpg>" " but now the src= text value is getting > >> dropped off when I view the source of the email. This is a snip of > >> the end of the source: > >> > >> > >> > >> > >That's because you've got the quotes in the wrong place. > >src="cid:signature.jpg" > >just as I said last time, so the whole thing looks like > > > My apologies for the previous bad posting. I had the real file > exactly as you have it above and still get the resulting HTML dropping > the src= value inside the img tag. Here is my (working fine) setup. Remember that MailScanner will always add a text signature to a plain-text message, and will only add an HTML signature to the HTML part of an HTML message. So if you are using Thunderbird, you need to pursuade it to send HTML *and* plain-text parts of the message. You can do this by adding a bold space on the last line of the message. That's enough to trigger it and doesn't show up visibly in the resulting message. Dave ---- if you want to add this to the Wiki, it might be a good idea. Just register yourself and add it in the configuration section. ***** MailScanner.conf: Inline HTML Signature = %rules-dir%/inline.html.sig.rules Inline Text Signature = %rules-dir%/inline.text.sig.rules Signature Image Filename = %report-dir%/jules/julessig.png Signature Image Filename = julessig.png Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules ***** %rules-dir%/inline.html.sig.rules: From: sysjkf@ecs.soton.ac.uk /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html From: *@jules.fm /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html ***** %rules-dir%/inline.text.sig.rules: From: sysjkf@ecs.soton.ac.uk /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt From: *@jules.fm /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt ***** %rules-dir%/attach.image.to.sig.rules: From: sysjkf@ecs.soton.ac.uk yes From: *@jules.fm yes FromOrTo: default no ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html:

-- 
sysjkf@ecs.soton.ac.uk ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html

-- 
Jules@Jules.FM ***** /etc/MailScanner/reports/ECS/inline.sig.html:
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean. ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: Jules -- sysjkf@ecs.soton.ac.uk ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: -- Jules@Jules.FM ***** /etc/MailScanner/reports/ECS/inline.sig.txt: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ***** THAT'S IT! ***** Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 12 17:38:42 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 12 17:39:24 2008 Subject: MailScanner folder In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> <3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> Message-ID: <4800E592.9060103@ecs.soton.ac.uk> Installed "from the website": what website? How did you install it? What do you get when you run /opt/MailScanner/bin/MailScanner -v /opt/MailScanner/bin/MailScanner --lint ? Ghetti, Ron wrote: > > ok latest version of MailScanner installed from the website on ubuntu(debian) > it's the strangest thing. > if I type MailScanner --lint I get "mailscanner is not installed" > if I look here in /opt/MailScanner I see that it is installed with it's own etc folder. > if I look in /etc/MailScanner I see what looks like a second installation > can someone give me a clue how to tell which one is the right one ? > > thanks > -Ron > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Ron.Ghetti at town.barnstable.ma.us Sat Apr 12 17:45:42 2008 From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron) Date: Sat Apr 12 17:45:15 2008 Subject: MailScanner folder References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> <3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> Message-ID: <3411CC12BB577F4FAEAC8A694780866B13C429@ITMAIL.town.barnstable.ma.us> ok, this is from the install script: echo I will install MailScanner under /opt, from where you can echo move it if you want. I guess what I'm confused about is why there is a MailScanner folder under the /etc folder. perhaps this is from the distribution ? can I remove this extraeneous folder ? will it break things ? on another note, so whats up with cafe press not taking paypal ? is that something new or just a vendor specific thing, I thought I'd used paypal with them in the past... ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Ghetti, Ron Sent: Sat 4/12/2008 12:07 PM To: MailScanner discussion Subject: MailScanner folder ok latest version of MailScanner installed from the website on ubuntu(debian) it's the strangest thing. if I type MailScanner --lint I get "mailscanner is not installed" if I look here in /opt/MailScanner I see that it is installed with it's own etc folder. if I look in /etc/MailScanner I see what looks like a second installation can someone give me a clue how to tell which one is the right one ? thanks -Ron From shuttlebox at gmail.com Sat Apr 12 18:00:54 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Apr 12 18:01:28 2008 Subject: MailScanner folder In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B13C429@ITMAIL.town.barnstable.ma.us> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> <3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> <3411CC12BB577F4FAEAC8A694780866B13C429@ITMAIL.town.barnstable.ma.us> Message-ID: <625385e30804121000j606e45eepd140319669f5771@mail.gmail.com> On Sat, Apr 12, 2008 at 6:45 PM, Ghetti, Ron wrote: > > ok, this is from the install script: > > > echo I will install MailScanner under /opt, from where you can > echo move it if you want. > > > I guess what I'm confused about is why there is a MailScanner folder > under the /etc folder. perhaps this is from the distribution ? > can I remove this extraeneous folder ? > will it break things ? You probably have the old MS package Ubuntu distributes. Try: # dpkg -l mailscanner If you get a match try this to show the files in the package: # dpkg -L mailscanner If you installed a current version of MS yourself you should definitely remove the old one to avoid confusion and other problems. Try: # dpkg -r mailscanner -- /peter From Ron.Ghetti at town.barnstable.ma.us Sat Apr 12 18:11:40 2008 From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron) Date: Sat Apr 12 18:11:14 2008 Subject: MailScanner folder References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl><3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> <4800E592.9060103@ecs.soton.ac.uk> Message-ID: <3411CC12BB577F4FAEAC8A694780866B13C42A@ITMAIL.town.barnstable.ma.us> ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field Sent: Sat 4/12/2008 12:38 PM To: MailScanner discussion Subject: Re: MailScanner folder Installed "from the website": what website? How did you install it? What do you get when you run /opt/MailScanner/bin/MailScanner -v /opt/MailScanner/bin/MailScanner --lint ? Hi, thanks for the quick reply, much appreciated. to make a long story short, I've inherited this site and done some upgrades. latest version from here: http://www.mailscanner.info/files/4/tar/MailScanner-install-4.68.8-1.tar.gz ran install.sh per the readme upgraded spam assassin also, which went pretty well I believe. to answer your question, running /opt/MailScanner/bin/MailScanner -v gives me the proper output, so it appears the path is correct. Perl 5.8.8 MailScanner 4.68.8 no other errors. reading the Phishing lists ( that looks fine. ) sa working directory is /tmp ( not sure if that is correct ) spamassassin reported no errors. ( that would be right. ) found clamav installed. ( also correct.) found 1 problems. ( it doesn't specify as far as I can tell. ) does that all make sense ? we are passing mail no problem, mta is postfix. Ghetti, Ron wrote: > > ok latest version of MailScanner installed from the website on ubuntu(debian) > it's the strangest thing. > if I type MailScanner --lint I get "mailscanner is not installed" > if I look here in /opt/MailScanner I see that it is installed with it's own etc folder. > if I look in /etc/MailScanner I see what looks like a second installation > can someone give me a clue how to tell which one is the right one ? > > thanks > -Ron > > > From Ron.Ghetti at town.barnstable.ma.us Sat Apr 12 18:24:24 2008 From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron) Date: Sat Apr 12 18:23:32 2008 Subject: MailScanner folder References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl><3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us><3411CC12BB577F4FAEAC8A694780866B13C429@ITMAIL.town.barnstable.ma.us> <625385e30804121000j606e45eepd140319669f5771@mail.gmail.com> Message-ID: <3411CC12BB577F4FAEAC8A694780866B13C42B@ITMAIL.town.barnstable.ma.us> Thanks for the quick reply Peter. Thats what I'm talking about, I had a feeling someone could help me. you hit the nail on the head. Much thanks!! my knowledge of dpkg is minimal, I've been using apt-get for the standard stuff included with this distro. some stats on this server from the logs. There were 257 Messages Sent from Local ( internal) Users. There were 121 virus infected messages removed. There were 10,350 Total messages Recieved. There were 2,982 Messages Queued for delivery. There were 3,068 Messages Delivered. There were 5,082 messages marked as spam. There were 3,285 Messages rejected due to bad recipients. There were 854 Messages rejected due to bad Sender Addresses (Domain Not Found) There were 361 Messages rejected due to embedded-attached images ( image spam ) There were 5 Attempted Message Relays. There were 16,514 Connections Dropped. There were 21,280 rejected in Total. ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of shuttlebox Sent: Sat 4/12/2008 1:00 PM To: MailScanner discussion Subject: Re: MailScanner folder On Sat, Apr 12, 2008 at 6:45 PM, Ghetti, Ron wrote: > > ok, this is from the install script: > > > echo I will install MailScanner under /opt, from where you can > echo move it if you want. > > > I guess what I'm confused about is why there is a MailScanner folder > under the /etc folder. perhaps this is from the distribution ? > can I remove this extraeneous folder ? > will it break things ? You probably have the old MS package Ubuntu distributes. Try: # dpkg -l mailscanner If you get a match try this to show the files in the package: # dpkg -L mailscanner If you installed a current version of MS yourself you should definitely remove the old one to avoid confusion and other problems. Try: # dpkg -r mailscanner -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Apr 12 18:26:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 12 18:26:52 2008 Subject: MailScanner folder In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B13C429@ITMAIL.town.barnstable.ma.us> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl> <3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> <3411CC12BB577F4FAEAC8A694780866B13C429@ITMAIL.town.barnstable.ma.us> Message-ID: <4800F0AF.4020200@ecs.soton.ac.uk> Ghetti, Ron wrote: > on another note, > so whats up with cafe press not taking paypal ? > is that something new or just a vendor specific thing, I thought I'd used paypal > with them in the past... > I'm not sure if Cafe Press take PayPal or not, but I certainly haven't set anything to stop them taking it. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 12 18:32:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 12 18:32:56 2008 Subject: MailScanner folder In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B13C42A@ITMAIL.town.barnstable.ma.us> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl><3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> <4800E592.9060103@ecs.soton.ac.uk> <3411CC12BB577F4FAEAC8A694780866B13C42A@ITMAIL.town.barnstable.ma.us> Message-ID: <4800F236.6090106@ecs.soton.ac.uk> Ghetti, Ron wrote: > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field > Sent: Sat 4/12/2008 12:38 PM > To: MailScanner discussion > Subject: Re: MailScanner folder > > > > Installed "from the website": what website? How did you install it? > What do you get when you run > /opt/MailScanner/bin/MailScanner -v > /opt/MailScanner/bin/MailScanner --lint > ? > > > Hi, > thanks for the quick reply, much appreciated. > > > to make a long story short, I've inherited this site and done some upgrades. > latest version from here: > http://www.mailscanner.info/files/4/tar/MailScanner-install-4.68.8-1.tar.gz > > ran install.sh per the readme > > upgraded spam assassin also, which went pretty well I believe. > > > to answer your question, running /opt/MailScanner/bin/MailScanner -v > gives me the proper output, so it appears the path is correct. > > Perl 5.8.8 > MailScanner 4.68.8 > Make sure you have the latest SpamAssassin installed in the right places. "MailScanner -v" should show the Mail::SpamAssassin version number as "3.002004". You probably also want to make sure you have clamd or clamavmodule installed. clamd is probably better for you. > found 1 problems. ( it doesn't specify as far as I can tell. ) > It successfully found the eicar test 'virus', which is what you want it to say. You should have all the optional modules installed, apart from SAVI. > > > Ghetti, Ron wrote: > >> ok latest version of MailScanner installed from the website on ubuntu(debian) >> it's the strangest thing. >> if I type MailScanner --lint I get "mailscanner is not installed" >> if I look here in /opt/MailScanner I see that it is installed with it's own etc folder. >> if I look in /etc/MailScanner I see what looks like a second installation >> can someone give me a clue how to tell which one is the right one ? >> >> thanks >> -Ron >> >> >> >> > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sat Apr 12 22:20:08 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Apr 12 22:20:54 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> Message-ID: <48012788.8070401@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: |> Nah, it likely is a regexp thing:-). |> Your pattern |> /.*/ |> litteraly means "anything containing at least one character". So you | Correction. It _should_ mean anything containing 0 or more characters, | but seem to mean the above... Which will miss the empty string. Sigh. | |> need match the empty recipient as well with a separate |> /^$/ HOLD |> pattern in there, or else the empty sender (==MAILER-DAEMON, |> postmaster or ...:-) will simply "fall through". |> Try it and tell us how you fare! Tried that one. But it is not working. The recipient is in fact the postmaster and it contains a sender as well. For example: Return-Path: X-Original-To: postmaster@vanderkooij.org Delivered-To: postmaster@vanderkooij.org Received: from rrcs-72-43-49-109.nys.biz.rr.com (rrcs-72-43-49-109.nys.biz.rr.com [72.43.49.109]) by balin.waakhond.net (Postfix) with ESMTP id E98EB17E8010 for ; Sat, 12 Apr 2008 20:49:25 +0200 (CEST) User-Agent: Microsoft-Entourage/12.1.0.080305 Date: Sat, 12 Apr 2008 14:49:23 -0400 Subject: Get more action today From: bromee To: "postmaster@vanderkooij.org" Message-ID: Thread-Topic: Get more action today Thread-Index: AcicrGXHIUUszYsXR3ujRk1w1EMh9Q== Mime-version: 1.0 Content-type: multipart/alternative; ~ boundary="B_4144125777_14746" And the mail log: Apr 12 20:49:25 balin postfix/smtpd[32542]: connect from rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] Apr 12 20:49:25 balin postfix/smtpd[32542]: E98EB17E8010: client=rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] Apr 12 20:49:26 balin postfix/cleanup[6768]: E98EB17E8010: message-id= Apr 12 20:49:26 balin postfix/qmgr[17060]: E98EB17E8010: from=, size=1414, nrcpt=1 (queue active) Apr 12 20:49:26 balin postfix/local[19795]: E98EB17E8010: to=, orig_to=, relay=local, delay=0.52, delays=0.51/0/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -Y) Apr 12 20:49:26 balin postfix/qmgr[17060]: E98EB17E8010: removed Apr 12 20:49:26 balin postfix/smtpd[32542]: disconnect from rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] I was thinking wether or not it is an issue with the aliases. But I have another alias to the same account which is not hampered by the issue. Hmmmm. Having said that. The postmaster account is in effect a double aliases. Postmaster -> root -> hvdkooij But making it a direct alias did not matter at all. Other indirect aliases do not suffer from this. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIASceBvzDRVjxmYERAi4zAJ9WZocUh09fMyL7RsXlVc+rQyVmhgCfWNU9 qlQogRJzE8Xa2xS7nTIk6P8= =JyyW -----END PGP SIGNATURE----- From glenn.steen at gmail.com Sun Apr 13 00:23:48 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 13 00:24:24 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <48012788.8070401@vanderkooij.org> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> <48012788.8070401@vanderkooij.org> Message-ID: <223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com> On 12/04/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > > |> Nah, it likely is a regexp thing:-). > |> Your pattern > |> /.*/ > |> litteraly means "anything containing at least one character". So you > | Correction. It _should_ mean anything containing 0 or more characters, > | but seem to mean the above... Which will miss the empty string. Sigh. > | > |> need match the empty recipient as well with a separate > |> /^$/ HOLD > |> pattern in there, or else the empty sender (==MAILER-DAEMON, > |> postmaster or ...:-) will simply "fall through". > |> Try it and tell us how you fare! > > Tried that one. But it is not working. The recipient is in fact the > postmaster and it contains a sender as well. > > For example: > > Return-Path: > X-Original-To: postmaster@vanderkooij.org > Delivered-To: postmaster@vanderkooij.org > Received: from rrcs-72-43-49-109.nys.biz.rr.com > (rrcs-72-43-49-109.nys.biz.rr.com [72.43.49.109]) > by balin.waakhond.net (Postfix) with ESMTP id E98EB17E8010 > for ; Sat, 12 Apr 2008 20:49:25 +0200 > (CEST) > User-Agent: Microsoft-Entourage/12.1.0.080305 > Date: Sat, 12 Apr 2008 14:49:23 -0400 > Subject: Get more action today > From: bromee > To: "postmaster@vanderkooij.org" > Message-ID: > Thread-Topic: Get more action today > Thread-Index: AcicrGXHIUUszYsXR3ujRk1w1EMh9Q== > Mime-version: 1.0 > Content-type: multipart/alternative; > ~ boundary="B_4144125777_14746" > > And the mail log: > > Apr 12 20:49:25 balin postfix/smtpd[32542]: connect from > rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] > Apr 12 20:49:25 balin postfix/smtpd[32542]: E98EB17E8010: > client=rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] > Apr 12 20:49:26 balin postfix/cleanup[6768]: E98EB17E8010: > message-id= > Apr 12 20:49:26 balin postfix/qmgr[17060]: E98EB17E8010: > from=, size=1414, nrcpt=1 (queue active) > Apr 12 20:49:26 balin postfix/local[19795]: E98EB17E8010: > to=, orig_to=, > relay=local, delay=0.52, delays=0.51/0/0/0.01, dsn=2.0.0, status=sent > (delivered to command: /usr/bin/procmail -Y) > Apr 12 20:49:26 balin postfix/qmgr[17060]: E98EB17E8010: removed > Apr 12 20:49:26 balin postfix/smtpd[32542]: disconnect from > rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] > > > I was thinking wether or not it is an issue with the aliases. But I have > another alias to the same account which is not hampered by the issue. > > Hmmmm. Having said that. The postmaster account is in effect a double > aliases. Postmaster -> root -> hvdkooij > > But making it a direct alias did not matter at all. Other indirect > aliases do not suffer from this. > > Hugo. > Hm, strange.... I'll have to test a bit .... But first I need get some sleep... I've been working since 08.30 (which is about 17 hours back) non-stop... Oracle/AIX/nitty-gritty little details playing havoc with a simple upgrade that should've been 4hours work (including everything...). Sigh. Email is so much simpler:-):-). Well, apart from your mini-mystery ...:/ What I'm trying to say... is that in my current shape, I'm no real help to you:( Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Sat Apr 12 20:48:16 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Sun Apr 13 05:13:06 2008 Subject: Got a very interesting problem.. Message-ID: <200804121948.m3CJmRG0015874@mxt.1bigthink.com> Hello All, I prefer to lurk, but I have this problem that showed up on my mail server. I searched and found only that it was mail related, but could not find documentation to that effect. I confirmed it to be sendmail or MailScanner related by turning off my milters, then turning off MailScanner and monitoring the logs. The problem disappeared. It occurs every minute or so: Apr 11 17:25:51 mxt root: Process did not exit cleanly, returned 255 with signal 0 Apr 11 17:26:26 mxt last message repeated 2 times Apr 11 17:27:38 mxt last message repeated 5 times Apr 11 17:28:48 mxt last message repeated 5 times Apr 11 17:29:54 mxt last message repeated 5 times I queried the CentOS list group on how to find it and was introduced to strace. I attached strace to my spawning MailScanner process and think I found it. Here is strace on the 'master' MailScanner process. The return of 255 with signal 0 occurs very early. [root@mxt ~]# strace -p 18353 Process 18353 attached - interrupt to quit waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0) = 25008 --- SIGCHLD (Child exited) @ 0 (0) --- ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfbc3b48) = -1 ENOTTY (Inappropriate ioctl for device) open("/etc/passwd", O_RDONLY) = 5 fcntl64(5, F_GETFD) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 fstat64(5, {st_mode=S_IFREG|0644, st_size=14180, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6e000 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096 close(5) = 0 munmap(0xb7f6e000, 4096) = 0 time(NULL) = 1207951242 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 time(NULL) = 1207951242 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 select(8, [3], NULL, [3], {0, 0}) = 0 (Timeout) write(3, "<12>Apr 11 18:00:42 root: Proces"..., 84) = 84 stat64("/var/spool/MailScanner/incoming/25008", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25008", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 11 entries */, 4096) = 456 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 8 entries */, 4096) = 256 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz") = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt") = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt") = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961") = 0 stat64("/var/spool/MailScanner/incoming/25008", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25008") = 0 gettimeofday({1207951243, 813076}, NULL) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f61708) = 25627 time(NULL) = 1207951243 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({5, 0}, {5, 0}) = 0 time(NULL) = 1207951248 waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0) = 25328 --- SIGCHLD (Child exited) @ 0 (0) --- ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfbc3b48) = -1 ENOTTY (Inappropriate ioctl for device) open("/etc/passwd", O_RDONLY) = 5 fcntl64(5, F_GETFD) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 fstat64(5, {st_mode=S_IFREG|0644, st_size=14180, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6e000 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096 close(5) = 0 munmap(0xb7f6e000, 4096) = 0 time(NULL) = 1207951249 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 time(NULL) = 1207951249 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 select(8, [3], NULL, [3], {0, 0}) = 0 (Timeout) write(3, "<12>Apr 11 18:00:49 root: Proces"..., 84) = 84 stat64("/var/spool/MailScanner/incoming/25328", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 23 entries */, 4096) = 1000 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header", {st_mode=S_IFREG|0600, st_size=1136, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header", {st_mode=S_IFREG|0600, st_size=1136, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header", {st_mode=S_IFREG|0600, st_size=1136, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header", {st_mode=S_IFREG|0600, st_size=1136, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header", {st_mode=S_IFREG|0600, st_size=1002, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header", {st_mode=S_IFREG|0600, st_size=1002, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header", {st_mode=S_IFREG|0600, st_size=1002, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header", {st_mode=S_IFREG|0600, st_size=1002, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 3 entries */, 4096) = 88 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt", {st_mode=S_IFREG|0600, st_size=25, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt", {st_mode=S_IFREG|0600, st_size=25, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt", {st_mode=S_IFREG|0600, st_size=25, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt", {st_mode=S_IFREG|0600, st_size=25, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt", {st_mode=S_IFREG|0600, st_size=627, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt", {st_mode=S_IFREG|0600, st_size=627, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt", {st_mode=S_IFREG|0600, st_size=627, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt", {st_mode=S_IFREG|0600, st_size=627, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html", {st_mode=S_IFREG|0600, st_size=1056, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html", {st_mode=S_IFREG|0600, st_size=1056, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html", {st_mode=S_IFREG|0600, st_size=1056, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html", {st_mode=S_IFREG|0600, st_size=1056, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt") = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message", {st_mode=S_IFREG|0660, st_size=4325, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message", {st_mode=S_IFREG|0660, st_size=4325, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message", {st_mode=S_IFREG|0660, st_size=4325, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message", {st_mode=S_IFREG|0660, st_size=4325, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header", {st_mode=S_IFREG|0600, st_size=1599, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header", {st_mode=S_IFREG|0600, st_size=1599, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header", {st_mode=S_IFREG|0600, st_size=1599, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header", {st_mode=S_IFREG|0600, st_size=1599, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message", {st_mode=S_IFREG|0660, st_size=9864, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message", {st_mode=S_IFREG|0660, st_size=9864, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message", {st_mode=S_IFREG|0660, st_size=9864, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message", {st_mode=S_IFREG|0660, st_size=9864, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message", {st_mode=S_IFREG|0660, st_size=2835, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message", {st_mode=S_IFREG|0660, st_size=2835, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message", {st_mode=S_IFREG|0660, st_size=2835, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message", {st_mode=S_IFREG|0660, st_size=2835, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message", {st_mode=S_IFREG|0660, st_size=28083, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message", {st_mode=S_IFREG|0660, st_size=28083, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message", {st_mode=S_IFREG|0660, st_size=28083, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message", {st_mode=S_IFREG|0660, st_size=28083, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header", {st_mode=S_IFREG|0600, st_size=1251, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header", {st_mode=S_IFREG|0600, st_size=1251, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header", {st_mode=S_IFREG|0600, st_size=1251, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header", {st_mode=S_IFREG|0600, st_size=1251, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message", {st_mode=S_IFREG|0660, st_size=1276, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message", {st_mode=S_IFREG|0660, st_size=1276, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message", {st_mode=S_IFREG|0660, st_size=1276, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message", {st_mode=S_IFREG|0660, st_size=1276, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message", {st_mode=S_IFREG|0660, st_size=7176, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message", {st_mode=S_IFREG|0660, st_size=7176, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message", {st_mode=S_IFREG|0660, st_size=7176, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message", {st_mode=S_IFREG|0660, st_size=7176, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m2HD11FU028158", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 5 entries */, 4096) = 168 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt", {st_mode=S_IFREG|0600, st_size=896, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt", {st_mode=S_IFREG|0600, st_size=896, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt", {st_mode=S_IFREG|0600, st_size=896, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt", {st_mode=S_IFREG|0600, st_size=896, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt", {st_mode=S_IFREG|0600, st_size=481, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt", {st_mode=S_IFREG|0600, st_size=481, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt", {st_mode=S_IFREG|0600, st_size=481, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt", {st_mode=S_IFREG|0600, st_size=481, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html", {st_mode=S_IFREG|0600, st_size=7187, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html", {st_mode=S_IFREG|0600, st_size=7187, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html", {st_mode=S_IFREG|0600, st_size=7187, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html", {st_mode=S_IFREG|0600, st_size=7187, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html") = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m2HD11FU028158") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt", {st_mode=S_IFREG|0600, st_size=186, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt", {st_mode=S_IFREG|0600, st_size=186, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt", {st_mode=S_IFREG|0600, st_size=186, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt", {st_mode=S_IFREG|0600, st_size=186, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg", {st_mode=S_IFREG|0600, st_size=159, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg", {st_mode=S_IFREG|0600, st_size=159, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg", {st_mode=S_IFREG|0600, st_size=159, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg", {st_mode=S_IFREG|0600, st_size=159, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header", {st_mode=S_IFREG|0600, st_size=1375, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header", {st_mode=S_IFREG|0600, st_size=1375, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header", {st_mode=S_IFREG|0600, st_size=1375, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header", {st_mode=S_IFREG|0600, st_size=1375, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header", {st_mode=S_IFREG|0600, st_size=912, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header", {st_mode=S_IFREG|0600, st_size=912, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header", {st_mode=S_IFREG|0600, st_size=912, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header", {st_mode=S_IFREG|0600, st_size=912, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header", {st_mode=S_IFREG|0600, st_size=969, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header", {st_mode=S_IFREG|0600, st_size=969, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header", {st_mode=S_IFREG|0600, st_size=969, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header", {st_mode=S_IFREG|0600, st_size=969, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message", {st_mode=S_IFREG|0660, st_size=2065, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message", {st_mode=S_IFREG|0660, st_size=2065, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message", {st_mode=S_IFREG|0660, st_size=2065, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message", {st_mode=S_IFREG|0660, st_size=2065, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt", {st_mode=S_IFREG|0600, st_size=2379, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt", {st_mode=S_IFREG|0600, st_size=2379, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt", {st_mode=S_IFREG|0600, st_size=2379, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt", {st_mode=S_IFREG|0600, st_size=2379, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html", {st_mode=S_IFREG|0600, st_size=24287, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html", {st_mode=S_IFREG|0600, st_size=24287, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html", {st_mode=S_IFREG|0600, st_size=24287, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html", {st_mode=S_IFREG|0600, st_size=24287, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt", {st_mode=S_IFREG|0600, st_size=374, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt", {st_mode=S_IFREG|0600, st_size=374, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt", {st_mode=S_IFREG|0600, st_size=374, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt", {st_mode=S_IFREG|0600, st_size=374, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html", {st_mode=S_IFREG|0600, st_size=4997, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html", {st_mode=S_IFREG|0600, st_size=4997, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html", {st_mode=S_IFREG|0600, st_size=4997, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html", {st_mode=S_IFREG|0600, st_size=4997, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485") = 0 stat64("/var/spool/MailScanner/incoming/25328", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328") = 0 gettimeofday({1207951249, 134264}, NULL) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f61708) = 25647 time(NULL) = 1207951249 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({5, 0}, {5, 0}) = 0 time(NULL) = 1207951254 waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0) = 25541 --- SIGCHLD (Child exited) @ 0 (0) --- ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfbc3b48) = -1 ENOTTY (Inappropriate ioctl for device) open("/etc/passwd", O_RDONLY) = 5 fcntl64(5, F_GETFD) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 fstat64(5, {st_mode=S_IFREG|0644, st_size=14180, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6e000 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096 close(5) = 0 munmap(0xb7f6e000, 4096) = 0 time(NULL) = 1207951255 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 time(NULL) = 1207951255 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 select(8, [3], NULL, [3], {0, 0}) = 0 (Timeout) write(3, "<12>Apr 11 18:00:55 root: Proces"..., 84) = 84 stat64("/var/spool/MailScanner/incoming/25541", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25541", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 11 entries */, 4096) = 456 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 8 entries */, 4096) = 256 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz") = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html") = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt") = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961") = 0 stat64("/var/spool/MailScanner/incoming/25541", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25541") = 0 gettimeofday({1207951255, 359886}, NULL) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f61708) = 25667 time(NULL) = 1207951255 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({5, 0}, {5, 0}) = 0 time(NULL) = 1207951260 waitpid(-1, Process 18353 detached The server was acting this way prior to yum updates and a MailScanner 4.65 --> 4.68 update. I was running CentOS 5.1, now running CentOS 5 Final, all rpms updated. No funky repositories! This does not occur on my CentOS 4.x systems, same Mailscanner/SpamAssassin/ClamAV versions, different dovecot, sendmail versions. Sendmail 8.13.8 dovecot 1.01 MailScanner 4.68.8-1 ClamAV 092.1 SpamAssassin 3.2.4 milter-null (tested turned off) milter-greylist (tested turned off) Thanks, Glenn Parsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sun Apr 13 09:19:35 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Apr 13 09:20:19 2008 Subject: Got a very interesting problem.. In-Reply-To: <200804121948.m3CJmRG0015874@mxt.1bigthink.com> References: <200804121948.m3CJmRG0015874@mxt.1bigthink.com> Message-ID: <4801C217.8020807@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dnsadmin 1bigthink.com wrote: ..... | The server was acting this way prior to yum updates and a MailScanner | 4.65 --> 4.68 update. I was running CentOS 5.1, now running CentOS 5 | Final, all rpms updated. No funky repositories! | | This does not occur on my CentOS 4.x systems, same | Mailscanner/SpamAssassin/ClamAV versions, different dovecot, sendmail | versions. | | Sendmail 8.13.8 | dovecot 1.01 | MailScanner 4.68.8-1 | ClamAV 092.1 | SpamAssassin 3.2.4 | milter-null (tested turned off) | milter-greylist (tested turned off) Well. You forgot to include rather important details. This Centos 5 system is running a 64bit installation if my reading of the strace output is correct. But does that also apply to all the other software? Do you run a 64bit version of Centos 4 as well? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIAcIVBvzDRVjxmYERAg1zAJ9+ZclboJ1lsiadgcO+CQ+rD0IhqACgoyrQ Dechba1gdeebC0P2APNzTc4= =yPzK -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sun Apr 13 10:12:54 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Apr 13 10:13:28 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> <48012788.8070401@vanderkooij.org> <223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com> Message-ID: <4801CE96.8060202@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: | On 12/04/2008, Hugo van der Kooij wrote: |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Glenn Steen wrote: |> |> |> Nah, it likely is a regexp thing:-). |> |> Your pattern |> |> /.*/ |> |> litteraly means "anything containing at least one character". So you |> | Correction. It _should_ mean anything containing 0 or more characters, |> | but seem to mean the above... Which will miss the empty string. Sigh. |> | |> |> need match the empty recipient as well with a separate |> |> /^$/ HOLD |> |> pattern in there, or else the empty sender (==MAILER-DAEMON, |> |> postmaster or ...:-) will simply "fall through". |> |> Try it and tell us how you fare! |> |> Tried that one. But it is not working. The recipient is in fact the |> postmaster and it contains a sender as well. |> |> For example: |> |> Return-Path: |> X-Original-To: postmaster@vanderkooij.org |> Delivered-To: postmaster@vanderkooij.org |> Received: from rrcs-72-43-49-109.nys.biz.rr.com |> (rrcs-72-43-49-109.nys.biz.rr.com [72.43.49.109]) |> by balin.waakhond.net (Postfix) with ESMTP id E98EB17E8010 |> for ; Sat, 12 Apr 2008 20:49:25 +0200 |> (CEST) |> User-Agent: Microsoft-Entourage/12.1.0.080305 |> Date: Sat, 12 Apr 2008 14:49:23 -0400 |> Subject: Get more action today |> From: bromee |> To: "postmaster@vanderkooij.org" |> Message-ID: |> Thread-Topic: Get more action today |> Thread-Index: AcicrGXHIUUszYsXR3ujRk1w1EMh9Q== |> Mime-version: 1.0 |> Content-type: multipart/alternative; |> ~ boundary="B_4144125777_14746" |> |> And the mail log: |> |> Apr 12 20:49:25 balin postfix/smtpd[32542]: connect from |> rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] |> Apr 12 20:49:25 balin postfix/smtpd[32542]: E98EB17E8010: |> client=rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] |> Apr 12 20:49:26 balin postfix/cleanup[6768]: E98EB17E8010: |> message-id= |> Apr 12 20:49:26 balin postfix/qmgr[17060]: E98EB17E8010: |> from=, size=1414, nrcpt=1 (queue active) |> Apr 12 20:49:26 balin postfix/local[19795]: E98EB17E8010: |> to=, orig_to=, |> relay=local, delay=0.52, delays=0.51/0/0/0.01, dsn=2.0.0, status=sent |> (delivered to command: /usr/bin/procmail -Y) |> Apr 12 20:49:26 balin postfix/qmgr[17060]: E98EB17E8010: removed |> Apr 12 20:49:26 balin postfix/smtpd[32542]: disconnect from |> rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] |> |> |> I was thinking wether or not it is an issue with the aliases. But I have |> another alias to the same account which is not hampered by the issue. |> |> Hmmmm. Having said that. The postmaster account is in effect a double |> aliases. Postmaster -> root -> hvdkooij |> |> But making it a direct alias did not matter at all. Other indirect |> aliases do not suffer from this. |> |> Hugo. |> | Hm, strange.... I'll have to test a bit .... But first I need get some | sleep... I've been working since 08.30 (which is about 17 hours back) | non-stop... Oracle/AIX/nitty-gritty little details playing havoc with | a simple upgrade that should've been 4hours work (including | everything...). Sigh. | Email is so much simpler:-):-). Well, apart from your mini-mystery ...:/ | What I'm trying to say... is that in my current shape, I'm no real help to you:( Well. It will not stop me from looking a bit further. (Please enjoy some sweet dreams while you sleep.) So I picked up the source RPM for postfix and started to grep for postmaster. The following remark struck me as interresting: ~ * By default, Postfix probe messages have "postmaster@$myorigin" as the ~ sender address. This is SAFE because the Postfix SMTP server does not ~ reject mail for this address. So I throw in the following line back into header check: /^To:.*postmaster@vanderkooij.org/ HOLD Now I need to sit back and wait ....... It looks we got ourself a winner here. The added header check works like a charm. So it looks like we found an alternative to the HOLD everything ~ method. So I now need to sit down and describe the method in a bit more details so other people can enjoy it too if they like. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIAc6TBvzDRVjxmYERAnyOAJ9wZ4y3sRPRvw2VM9m5oo3FxhWeQwCeJxUg jkTINgDNMP/LON9qPRwJe9s= =5AZL -----END PGP SIGNATURE----- From glenn.steen at gmail.com Sun Apr 13 11:12:29 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 13 11:13:08 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <4801CE96.8060202@vanderkooij.org> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> <48012788.8070401@vanderkooij.org> <223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com> <4801CE96.8060202@vanderkooij.org> Message-ID: <223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com> On 13/04/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > | On 12/04/2008, Hugo van der Kooij wrote: > |> -----BEGIN PGP SIGNED MESSAGE----- > |> Hash: SHA1 > |> > |> Glenn Steen wrote: > |> > |> |> Nah, it likely is a regexp thing:-). > |> |> Your pattern > |> |> /.*/ > |> |> litteraly means "anything containing at least one character". So > you > |> | Correction. It _should_ mean anything containing 0 or more > characters, > |> | but seem to mean the above... Which will miss the empty string. Sigh. > |> | > |> |> need match the empty recipient as well with a separate > |> |> /^$/ HOLD > |> |> pattern in there, or else the empty sender (==MAILER-DAEMON, > |> |> postmaster or ...:-) will simply "fall through". > |> |> Try it and tell us how you fare! > |> > |> Tried that one. But it is not working. The recipient is in fact the > |> postmaster and it contains a sender as well. > |> > |> For example: > |> > |> Return-Path: > |> X-Original-To: postmaster@vanderkooij.org > |> Delivered-To: postmaster@vanderkooij.org > |> Received: from rrcs-72-43-49-109.nys.biz.rr.com > |> (rrcs-72-43-49-109.nys.biz.rr.com [72.43.49.109]) > |> by balin.waakhond.net (Postfix) with ESMTP id E98EB17E8010 > |> for ; Sat, 12 Apr 2008 20:49:25 > +0200 > |> (CEST) > |> User-Agent: Microsoft-Entourage/12.1.0.080305 > |> Date: Sat, 12 Apr 2008 14:49:23 -0400 > |> Subject: Get more action today > |> From: bromee > |> To: "postmaster@vanderkooij.org" > |> Message-ID: > |> Thread-Topic: Get more action today > |> Thread-Index: AcicrGXHIUUszYsXR3ujRk1w1EMh9Q== > |> Mime-version: 1.0 > |> Content-type: multipart/alternative; > |> ~ boundary="B_4144125777_14746" > |> > |> And the mail log: > |> > |> Apr 12 20:49:25 balin postfix/smtpd[32542]: connect from > |> rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] > |> Apr 12 20:49:25 balin postfix/smtpd[32542]: E98EB17E8010: > |> client=rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] > |> Apr 12 20:49:26 balin postfix/cleanup[6768]: E98EB17E8010: > |> message-id= > |> Apr 12 20:49:26 balin postfix/qmgr[17060]: E98EB17E8010: > |> from=, size=1414, nrcpt=1 (queue active) > |> Apr 12 20:49:26 balin postfix/local[19795]: E98EB17E8010: > |> to=, orig_to=, > |> relay=local, delay=0.52, delays=0.51/0/0/0.01, dsn=2.0.0, status=sent > |> (delivered to command: /usr/bin/procmail -Y) > |> Apr 12 20:49:26 balin postfix/qmgr[17060]: E98EB17E8010: removed > |> Apr 12 20:49:26 balin postfix/smtpd[32542]: disconnect from > |> rrcs-72-43-49-109.nys.biz.rr.com[72.43.49.109] > |> > |> > |> I was thinking wether or not it is an issue with the aliases. But I > have > |> another alias to the same account which is not hampered by the issue. > |> > |> Hmmmm. Having said that. The postmaster account is in effect a double > |> aliases. Postmaster -> root -> hvdkooij > |> > |> But making it a direct alias did not matter at all. Other indirect > |> aliases do not suffer from this. > |> > |> Hugo. > |> > | Hm, strange.... I'll have to test a bit .... But first I need get some > | sleep... I've been working since 08.30 (which is about 17 hours back) > | non-stop... Oracle/AIX/nitty-gritty little details playing havoc with > | a simple upgrade that should've been 4hours work (including > | everything...). Sigh. > | Email is so much simpler:-):-). Well, apart from your mini-mystery ...:/ > | What I'm trying to say... is that in my current shape, I'm no real > help to you:( > > Well. It will not stop me from looking a bit further. (Please enjoy some > sweet dreams while you sleep.) So I picked up the source RPM for postfix > and started to grep for postmaster. > > The following remark struck me as interresting: > ~ * By default, Postfix probe messages have "postmaster@$myorigin" as the > ~ sender address. This is SAFE because the Postfix SMTP server does not > ~ reject mail for this address. > > So I throw in the following line back into header check: > /^To:.*postmaster@vanderkooij.org/ HOLD > > Now I need to sit back and wait ....... > > It looks we got ourself a winner here. The added header check works like > a charm. So it looks like we found an alternative to the HOLD everything > ~ method. So I now need to sit down and describe the method in a bit more > details so other people can enjoy it too if they like. > > Hugo. > Splendid! This should definitely go into the wiki... As a well-annotated alternative to the HOLD all method. Cheers (from a slightly less sleepy...:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sun Apr 13 14:07:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 13 14:07:56 2008 Subject: Idea: add %user% and %domain% to new recipients? Message-ID: <48020582.30609@ecs.soton.ac.uk> How about in the Spam Actions or other places when a recipient is added to the list of recipients for a message, you could specify _USER_ and _DOMAIN_, and substitute those into the new address? As an example, this would quickly give you a sorted spam archive: Archive Mail = spam-archive-_USER__at__DOMAIN_@my.domain.com This would auto-forward a message addressed to foobar@example.com to spam-archive-foobar_at_example.com@my.domain.com Or Archive Mail = /var/spool/MailScanner/archive/_DOMAIN_ Or Spam Actions = spam-archive-_USER__at__DOMAIN_@spamarchive.my.domain.com where your mailertable (or your MTA's equivalent) delivers *@spamarchive.my.domain.com to a database server that delivers spam-archive-*@spamarchive.my.domain.com using procmail into a database that presents a web page to the user for them to be able to retrieve their spam. Obviously, with a message with multiple recipients, it would have to add multiple corresponding recipients to the message. So the "Mail Archive =" example above would add 3 new recipients to a message that originally had 3 recipients. Sound useful? The only extra thing that might need implementing is a "mkdir -p" function, and there is a problem that the current spec says that if the "Archive Mail" destination does not exist, it is treated as a directory containing message files. If it's a file that does exist, then it's easy as that is an mbox file. So I might need a new config option along the lines of "Automatically Create Mail Archive As = " followed by "file" or "mbox" or "dir" or "directory", as you might want to auto-create them as mbox files. Currently this decision is not a problem as the directory can only contain a fixed string or the date, which is predictable and so can be created in advance by a cron job. What would I do for the same problem occurring in "Spam Actions" and its relations? Again, we end up with an unpredictable name. I don't *think* it's a problem this time as it can only be a directory, but I would still have to create the directory structure if it doesn't exist. Please let me know if I'm wrong. It should be fairly easy to implement, and might prove to be very useful for big sites or those with complex setups. Should remove the need for Custom Functions in quite a few situations. And it *doesn't* add any more MailScanner.conf settings, just adds more flexibility to those that are already there, which is always a good thing :-) What else have I missed here? What do you think? Useful to you? Please let me know if you think you might find it useful, and what you think of the idea. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Sun Apr 13 14:42:42 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sun Apr 13 14:43:43 2008 Subject: Idea: add %user% and %domain% to new recipients? In-Reply-To: <48020582.30609@ecs.soton.ac.uk> References: <48020582.30609@ecs.soton.ac.uk> Message-ID: <3BB64A8E-6B60-4313-9C56-665BB074E955@nkpanama.com> Incredibly so. On Apr 13, 2008, at 8:07 AM, Julian Field wrote: > Sound useful? From hvdkooij at vanderkooij.org Sun Apr 13 17:20:29 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Apr 13 17:21:14 2008 Subject: Idea: add %user% and %domain% to new recipients? In-Reply-To: <3BB64A8E-6B60-4313-9C56-665BB074E955@nkpanama.com> References: <48020582.30609@ecs.soton.ac.uk> <3BB64A8E-6B60-4313-9C56-665BB074E955@nkpanama.com> Message-ID: <480232CD.2090406@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | Incredibly so. What impact would it have on MailWatch? To be honest I am only running MailWatch v1 and may never switch to MailWatch v2 on account of the license change and database backend change. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIAjLLBvzDRVjxmYERAvt3AJ9PS1bwgSQlwAjPV/1Rwrc/D3tUnACfYK4O WU1cyO+D1XObEE2O/LmGhuI= =S9/S -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sun Apr 13 18:45:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 13 18:46:34 2008 Subject: Idea: add %user% and %domain% to new recipients? In-Reply-To: <480232CD.2090406@vanderkooij.org> References: <48020582.30609@ecs.soton.ac.uk> <3BB64A8E-6B60-4313-9C56-665BB074E955@nkpanama.com> <480232CD.2090406@vanderkooij.org> Message-ID: <480246C8.8060608@ecs.soton.ac.uk> Hugo van der Kooij wrote: > * PGP Signed by an unverified key: 04/13/08 at 17:20:27 > > Alex Neuman wrote: > | Incredibly so. > > What impact would it have on MailWatch? Not a clue. You would have to ask Steve Freegard that, or try it and see. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Sun Apr 13 19:30:18 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Sun Apr 13 19:31:06 2008 Subject: Got a very interesting problem.. Message-ID: <200804131830.m3DIUTHo022503@mxt.1bigthink.com> Hello All, I prefer to lurk, but I have this problem that showed up on my mail server. I searched and found only that it was mail related, but could not find documentation to that effect. I confirmed it to be sendmail or MailScanner related by turning off my milters, then turning off MailScanner and monitoring the logs. The problem disappeared. It occurs every minute or so: Apr 11 17:25:51 mxt root: Process did not exit cleanly, returned 255 with signal 0 Apr 11 17:26:26 mxt last message repeated 2 times Apr 11 17:27:38 mxt last message repeated 5 times Apr 11 17:28:48 mxt last message repeated 5 times Apr 11 17:29:54 mxt last message repeated 5 times I queried the CentOS list group on how to find it and was introduced to strace. I attached strace to my spawning MailScanner process and think I found it. Here is strace on the 'master' MailScanner process. The return of 255 with signal 0 occurs very early. [root@mxt ~]# strace -p 18353 Process 18353 attached - interrupt to quit waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0) = 25008 --- SIGCHLD (Child exited) @ 0 (0) --- ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfbc3b48) = -1 ENOTTY (Inappropriate ioctl for device) open("/etc/passwd", O_RDONLY) = 5 fcntl64(5, F_GETFD) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 fstat64(5, {st_mode=S_IFREG|0644, st_size=14180, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6e000 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096 close(5) = 0 munmap(0xb7f6e000, 4096) = 0 time(NULL) = 1207951242 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 time(NULL) = 1207951242 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 select(8, [3], NULL, [3], {0, 0}) = 0 (Timeout) write(3, "<12>Apr 11 18:00:42 root: Proces"..., 84) = 84 stat64("/var/spool/MailScanner/incoming/25008", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25008", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 11 entries */, 4096) = 456 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 8 entries */, 4096) = 256 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/oledata.mso") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image002.gif") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/header.htm") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-5.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/msg-25008-6.html") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703/image001.wmz") = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.header") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.header") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001.message") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-4.html") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001/msg-25008-3.txt") = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25008/m3BLjI4q019001") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.message") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m3BLIBtF013703.message") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961.header") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-2.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961/msg-25008-1.txt") = 0 stat64("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25008/m2EJSo5Z029961") = 0 stat64("/var/spool/MailScanner/incoming/25008", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25008") = 0 gettimeofday({1207951243, 813076}, NULL) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f61708) = 25627 time(NULL) = 1207951243 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({5, 0}, {5, 0}) = 0 time(NULL) = 1207951248 waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0) = 25328 --- SIGCHLD (Child exited) @ 0 (0) --- ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfbc3b48) = -1 ENOTTY (Inappropriate ioctl for device) open("/etc/passwd", O_RDONLY) = 5 fcntl64(5, F_GETFD) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 fstat64(5, {st_mode=S_IFREG|0644, st_size=14180, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6e000 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096 close(5) = 0 munmap(0xb7f6e000, 4096) = 0 time(NULL) = 1207951249 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 time(NULL) = 1207951249 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 select(8, [3], NULL, [3], {0, 0}) = 0 (Timeout) write(3, "<12>Apr 11 18:00:49 root: Proces"..., 84) = 84 stat64("/var/spool/MailScanner/incoming/25328", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 23 entries */, 4096) = 1000 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header", {st_mode=S_IFREG|0600, st_size=1136, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header", {st_mode=S_IFREG|0600, st_size=1136, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header", {st_mode=S_IFREG|0600, st_size=1136, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header", {st_mode=S_IFREG|0600, st_size=1136, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header", {st_mode=S_IFREG|0600, st_size=1002, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header", {st_mode=S_IFREG|0600, st_size=1002, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header", {st_mode=S_IFREG|0600, st_size=1002, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header", {st_mode=S_IFREG|0600, st_size=1002, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 3 entries */, 4096) = 88 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt", {st_mode=S_IFREG|0600, st_size=25, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt", {st_mode=S_IFREG|0600, st_size=25, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt", {st_mode=S_IFREG|0600, st_size=25, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt", {st_mode=S_IFREG|0600, st_size=25, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508/msg-25328-2.txt") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt", {st_mode=S_IFREG|0600, st_size=627, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt", {st_mode=S_IFREG|0600, st_size=627, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt", {st_mode=S_IFREG|0600, st_size=627, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt", {st_mode=S_IFREG|0600, st_size=627, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-8.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html", {st_mode=S_IFREG|0600, st_size=1056, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html", {st_mode=S_IFREG|0600, st_size=1056, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html", {st_mode=S_IFREG|0600, st_size=1056, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html", {st_mode=S_IFREG|0600, st_size=1056, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984/msg-25328-9.html") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-15.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962/msg-25328-14.txt") = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message", {st_mode=S_IFREG|0660, st_size=4325, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message", {st_mode=S_IFREG|0660, st_size=4325, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message", {st_mode=S_IFREG|0660, st_size=4325, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message", {st_mode=S_IFREG|0660, st_size=4325, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header", {st_mode=S_IFREG|0600, st_size=1599, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header", {st_mode=S_IFREG|0600, st_size=1599, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header", {st_mode=S_IFREG|0600, st_size=1599, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header", {st_mode=S_IFREG|0600, st_size=1599, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message", {st_mode=S_IFREG|0660, st_size=9864, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message", {st_mode=S_IFREG|0660, st_size=9864, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message", {st_mode=S_IFREG|0660, st_size=9864, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message", {st_mode=S_IFREG|0660, st_size=9864, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message", {st_mode=S_IFREG|0660, st_size=2835, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message", {st_mode=S_IFREG|0660, st_size=2835, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message", {st_mode=S_IFREG|0660, st_size=2835, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message", {st_mode=S_IFREG|0660, st_size=2835, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message", {st_mode=S_IFREG|0660, st_size=28083, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message", {st_mode=S_IFREG|0660, st_size=28083, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message", {st_mode=S_IFREG|0660, st_size=28083, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message", {st_mode=S_IFREG|0660, st_size=28083, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header", {st_mode=S_IFREG|0600, st_size=1251, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header", {st_mode=S_IFREG|0600, st_size=1251, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header", {st_mode=S_IFREG|0600, st_size=1251, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header", {st_mode=S_IFREG|0600, st_size=1251, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message", {st_mode=S_IFREG|0660, st_size=1276, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message", {st_mode=S_IFREG|0660, st_size=1276, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message", {st_mode=S_IFREG|0660, st_size=1276, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message", {st_mode=S_IFREG|0660, st_size=1276, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLHD4K013508.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message", {st_mode=S_IFREG|0660, st_size=7176, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message", {st_mode=S_IFREG|0660, st_size=7176, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message", {st_mode=S_IFREG|0660, st_size=7176, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message", {st_mode=S_IFREG|0660, st_size=7176, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m2HD11FU028158", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 5 entries */, 4096) = 168 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt", {st_mode=S_IFREG|0600, st_size=896, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt", {st_mode=S_IFREG|0600, st_size=896, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt", {st_mode=S_IFREG|0600, st_size=896, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt", {st_mode=S_IFREG|0600, st_size=896, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-3.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt", {st_mode=S_IFREG|0600, st_size=481, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt", {st_mode=S_IFREG|0600, st_size=481, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt", {st_mode=S_IFREG|0600, st_size=481, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt", {st_mode=S_IFREG|0600, st_size=481, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-5.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html", {st_mode=S_IFREG|0600, st_size=7187, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html", {st_mode=S_IFREG|0600, st_size=7187, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html", {st_mode=S_IFREG|0600, st_size=7187, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html", {st_mode=S_IFREG|0600, st_size=7187, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2HD11FU028158/msg-25328-4.html") = 0 stat64("/var/spool/MailScanner/incoming/25328/m2HD11FU028158", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m2HD11FU028158") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt", {st_mode=S_IFREG|0600, st_size=186, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt", {st_mode=S_IFREG|0600, st_size=186, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt", {st_mode=S_IFREG|0600, st_size=186, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt", {st_mode=S_IFREG|0600, st_size=186, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-12.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg", {st_mode=S_IFREG|0600, st_size=159, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg", {st_mode=S_IFREG|0600, st_size=159, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg", {st_mode=S_IFREG|0600, st_size=159, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg", {st_mode=S_IFREG|0600, st_size=159, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348/msg-25328-13.msg") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header", {st_mode=S_IFREG|0600, st_size=1375, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header", {st_mode=S_IFREG|0600, st_size=1375, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header", {st_mode=S_IFREG|0600, st_size=1375, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header", {st_mode=S_IFREG|0600, st_size=1375, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header", {st_mode=S_IFREG|0600, st_size=912, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header", {st_mode=S_IFREG|0600, st_size=912, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header", {st_mode=S_IFREG|0600, st_size=912, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header", {st_mode=S_IFREG|0600, st_size=912, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLvTxM024984.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header", {st_mode=S_IFREG|0600, st_size=969, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header", {st_mode=S_IFREG|0600, st_size=969, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header", {st_mode=S_IFREG|0600, st_size=969, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header", {st_mode=S_IFREG|0600, st_size=969, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m2EJSoVq029962.header") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message", {st_mode=S_IFREG|0660, st_size=2065, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message", {st_mode=S_IFREG|0660, st_size=2065, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message", {st_mode=S_IFREG|0660, st_size=2065, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message", {st_mode=S_IFREG|0660, st_size=2065, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL2CKR010348.message") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt", {st_mode=S_IFREG|0600, st_size=2379, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt", {st_mode=S_IFREG|0600, st_size=2379, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt", {st_mode=S_IFREG|0600, st_size=2379, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt", {st_mode=S_IFREG|0600, st_size=2379, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-10.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html", {st_mode=S_IFREG|0600, st_size=24287, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html", {st_mode=S_IFREG|0600, st_size=24287, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html", {st_mode=S_IFREG|0600, st_size=24287, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html", {st_mode=S_IFREG|0600, st_size=24287, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458/msg-25328-11.html") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BL7OKA011458") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt", {st_mode=S_IFREG|0600, st_size=374, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt", {st_mode=S_IFREG|0600, st_size=374, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt", {st_mode=S_IFREG|0600, st_size=374, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt", {st_mode=S_IFREG|0600, st_size=374, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-6.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html", {st_mode=S_IFREG|0600, st_size=4997, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html", {st_mode=S_IFREG|0600, st_size=4997, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html", {st_mode=S_IFREG|0600, st_size=4997, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html", {st_mode=S_IFREG|0600, st_size=4997, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485/msg-25328-7.html") = 0 stat64("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328/m3BLQMVw015485") = 0 stat64("/var/spool/MailScanner/incoming/25328", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25328") = 0 gettimeofday({1207951249, 134264}, NULL) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f61708) = 25647 time(NULL) = 1207951249 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({5, 0}, {5, 0}) = 0 time(NULL) = 1207951254 waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], 0) = 25541 --- SIGCHLD (Child exited) @ 0 (0) --- ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfbc3b48) = -1 ENOTTY (Inappropriate ioctl for device) open("/etc/passwd", O_RDONLY) = 5 fcntl64(5, F_GETFD) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 fstat64(5, {st_mode=S_IFREG|0644, st_size=14180, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6e000 read(5, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 4096 close(5) = 0 munmap(0xb7f6e000, 4096) = 0 time(NULL) = 1207951255 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 time(NULL) = 1207951255 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 select(8, [3], NULL, [3], {0, 0}) = 0 (Timeout) write(3, "<12>Apr 11 18:00:55 root: Proces"..., 84) = 84 stat64("/var/spool/MailScanner/incoming/25541", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25541", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 11 entries */, 4096) = 456 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 8 entries */, 4096) = 256 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html", {st_mode=S_IFREG|0600, st_size=93932, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-6.html") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso", {st_mode=S_IFREG|0600, st_size=7395, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/oledata.mso") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif", {st_mode=S_IFREG|0600, st_size=8046, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image002.gif") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm", {st_mode=S_IFREG|0600, st_size=13046, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/header.htm") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt", {st_mode=S_IFREG|0600, st_size=1225, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/msg-25541-5.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz", {st_mode=S_IFREG|0600, st_size=2279, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703/image001.wmz") = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header", {st_mode=S_IFREG|0600, st_size=1111, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.header") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header", {st_mode=S_IFREG|0600, st_size=866, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.header") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message", {st_mode=S_IFREG|0660, st_size=3268, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001.message") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt", {st_mode=S_IFREG|0600, st_size=304, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-3.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html", {st_mode=S_IFREG|0600, st_size=1677, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001/msg-25541-4.html") = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25541/m3BLjI4q019001") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message", {st_mode=S_IFREG|0660, st_size=4331, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.message") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message", {st_mode=S_IFREG|0660, st_size=141549, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m3BLIBtF013703.message") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header", {st_mode=S_IFREG|0600, st_size=975, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961.header") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5 fstat64(5, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 fcntl64(5, F_SETFD, FD_CLOEXEC) = 0 getdents64(5, /* 4 entries */, 4096) = 128 getdents64(5, /* 0 entries */, 4096) = 0 close(5) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt", {st_mode=S_IFREG|0600, st_size=2982, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-2.txt") = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 lstat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt", {st_mode=S_IFREG|0600, st_size=3312, ...}) = 0 unlink("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961/msg-25541-1.txt") = 0 stat64("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25541/m2EJSo5Z029961") = 0 stat64("/var/spool/MailScanner/incoming/25541", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 rmdir("/var/spool/MailScanner/incoming/25541") = 0 gettimeofday({1207951255, 359886}, NULL) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7f61708) = 25667 time(NULL) = 1207951255 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({5, 0}, {5, 0}) = 0 time(NULL) = 1207951260 waitpid(-1, Process 18353 detached The server was acting this way prior to yum updates and a MailScanner 4.65 --> 4.68 update. I was running CentOS 5.1, now running CentOS 5 Final, all rpms updated. No funky repositories! This does not occur on my CentOS 4.x systems, same Mailscanner/SpamAssassin/ClamAV versions, different dovecot, sendmail versions. Sendmail 8.13.8 dovecot 1.01 MailScanner 4.68.8-1 ClamAV 092.1 SpamAssassin 3.2.4 milter-null (tested turned off) milter-greylist (tested turned off) Thanks, Glenn Parsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.freegard at fsl.com Sun Apr 13 22:12:59 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Sun Apr 13 22:13:40 2008 Subject: Idea: add %user% and %domain% to new recipients? In-Reply-To: <480246C8.8060608@ecs.soton.ac.uk> References: <48020582.30609@ecs.soton.ac.uk> <3BB64A8E-6B60-4313-9C56-665BB074E955@nkpanama.com> <480232CD.2090406@vanderkooij.org> <480246C8.8060608@ecs.soton.ac.uk> Message-ID: <4802775B.3050208@fsl.com> Julian Field wrote: > > > Hugo van der Kooij wrote: >> * PGP Signed by an unverified key: 04/13/08 at 17:20:27 >> >> Alex Neuman wrote: >> | Incredibly so. >> >> What impact would it have on MailWatch? > Not a clue. You would have to ask Steve Freegard that, or try it and see. It shouldn't have any impact on v1 or v2 as MailWatch stores the location of the file according to the MailScanner variables (which will have the expanded location in them) so the setting of this should be completely transparent to MailWatch. Regards, Steve. From MailScanner at ecs.soton.ac.uk Mon Apr 14 01:29:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 01:30:29 2008 Subject: Idea: add %user% and %domain% to new recipients? In-Reply-To: <4802775B.3050208@fsl.com> References: <48020582.30609@ecs.soton.ac.uk> <3BB64A8E-6B60-4313-9C56-665BB074E955@nkpanama.com> <480232CD.2090406@vanderkooij.org> <480246C8.8060608@ecs.soton.ac.uk> <4802775B.3050208@fsl.com> Message-ID: <4802A575.7030701@ecs.soton.ac.uk> Steve Freegard wrote: > Julian Field wrote: >> >> >> Hugo van der Kooij wrote: >>> * PGP Signed by an unverified key: 04/13/08 at 17:20:27 >>> >>> Alex Neuman wrote: >>> | Incredibly so. >>> >>> What impact would it have on MailWatch? >> Not a clue. You would have to ask Steve Freegard that, or try it and >> see. > > It shouldn't have any impact on v1 or v2 as MailWatch stores the > location of the file according to the MailScanner variables (which > will have the expanded location in them) so the setting of this should > be completely transparent to MailWatch. That's great news. Thanks Steve. New beta to follow shortly... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Apr 14 05:58:30 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Apr 14 05:59:17 2008 Subject: Got a very interesting problem.. In-Reply-To: <200804131830.m3DIUTHo022503@mxt.1bigthink.com> References: <200804131830.m3DIUTHo022503@mxt.1bigthink.com> Message-ID: <4802E476.4010504@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dnsadmin 1bigthink.com wrote: | I prefer to lurk, but I have this problem that showed up on my mail | server. I now see your problem. Your users are having an admin who resends messages. You just lost some kudo points. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIAuRzBvzDRVjxmYERAt1ZAJ9mhrsRHSkHH40j1nVC3Grjt8SOgACdF0KL t4R7IPK6gdmUWrz1GPur7hY= =+rbq -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Mon Apr 14 06:46:30 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Apr 14 06:47:05 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> <48012788.8070401@vanderkooij.org> <223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com> <4801CE96.8060202@vanderkooij.org> <223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com> Message-ID: <4802EFB6.2000706@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: | On 13/04/2008, Hugo van der Kooij wrote: | This should definitely go into the wiki... As a well-annotated | alternative to the HOLD all method. Well. I am not a wiki kind of person. So I just added it to my MailScanner page: http://hugo.vanderkooij.org/email/mailscanner.htm#HOLD But if someone wants to use this to add it to a wiki then you can add it ~ provided you link back to the source as I will not update the wiki. Hugo. PS: Alex that should answer your question as well. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIAu+xBvzDRVjxmYERAn7xAJ90UiQPa0Rdu+TAGcu4GFABjUbhMgCgqUSF rFjLo0mbZdKC+Omy10AbfjA= =sI7C -----END PGP SIGNATURE----- From zeman at JULI.CZ Mon Apr 14 07:11:53 2008 From: zeman at JULI.CZ (Petr Zeman) Date: Mon Apr 14 07:13:41 2008 Subject: MailScanner process virus checking of messages marked as SPAM In-Reply-To: References: <47FF6528.2080907@juli.cz> Message-ID: <4802F5A9.6060605@juli.cz> Thanks for answer, using clamd. Problem is in Kaspersky. Kaspersky scanner start scanning files aprox. 5 sec. after his call (loading antivir bases? testing memory?, sleeping?, nothing is reported). Is available connector to kavmonitor deamon in MailScanner? I trying kavdaemonmodule without success. Petr Zeman JULI Motorenwerk, s.r.o. organizace a informatika tel. 547 124 199 zeman@juli.cz Scott Silva napsal(a): > on 4-11-2008 6:18 AM Petr Zeman spake the following: >> Hello, >> >> i am using MailScanner 4.61.2 with SpamAssassin enabled and with 2 >> antivirus scanners (kaspersky and clamav). 90% of all e-mails is SPAM >> and server is heavy loaded. When i searching why, i found in log: >> >> Apr 11 14:17:40 mail MailScanner[4940]: New Batch: Scanning 1 >> messages, 1743 bytes >> Apr 11 14:17:40 mail MailScanner[4940]: Spam Checks: Starting >> Apr 11 14:17:46 mail MailScanner[4940]: Message m3BCHYfn006104 from >> 60.52.94.167 (pesseist_1980@1370wbtn.com) to juli.cz is spam, >> SpamAssassin (not cached, score=10.147, required 5, BAYES_99 3.50, >> DCC_CHECK 2.17, DIGEST_MULTIPLE 0.00, HTML_MESSAGE 0.00, >> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, >> RAZOR2_CHECK 0.50, URIBL_JP_SURBL 1.50, URIBL_SC_SURBL 0.47) >> Apr 11 14:17:46 mail MailScanner[4940]: Spam Checks: Found 1 spam >> messages >> Apr 11 14:17:46 mail MailScanner[4940]: Spam Actions: message >> m3BCHYfn006104 actions are store,header >> Apr 11 14:17:46 mail MailScanner[4940]: >> mailscanner@lists.mailscanner.info and Content Scanning: Starting >> Apr 11 14:17:53 mail MailScanner[4940]: Logging message m3BCHYfn006104 >> to SQL >> >> MailScanner process virus checking of messages marked as SPAM. Is >> possible disable this? >> >> Sorry for my bad english. >> > Have you thought about using one of the alternates for clamav like > clamavmodule or clamd? They have much lower loads. > From ms-list at alexb.ch Mon Apr 14 09:33:49 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Apr 14 09:34:28 2008 Subject: MS+Postfix, Selective HOLD In-Reply-To: <4802EFB6.2000706@vanderkooij.org> References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> <48012788.8070401@vanderkooij.org> <223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com> <4801CE96.8060202@vanderkooij.org> <223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com> <4802EFB6.2000706@vanderkooij.org> Message-ID: <480316ED.3060909@alexb.ch> On 4/14/2008 7:46 AM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > | On 13/04/2008, Hugo van der Kooij wrote: > > | This should definitely go into the wiki... As a well-annotated > | alternative to the HOLD all method. > > Well. I am not a wiki kind of person. So I just added it to my > MailScanner page: http://hugo.vanderkooij.org/email/mailscanner.htm#HOLD > > But if someone wants to use this to add it to a wiki then you can add it > ~ provided you link back to the source as I will not update the wiki. > > Hugo. > > PS: Alex that should answer your question as well. Got it! thanks! Alex From telecaadmin at gmail.com Mon Apr 14 10:26:45 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Apr 14 10:27:35 2008 Subject: tmpfs question In-Reply-To: <4800829B.5010800@ecs.soton.ac.uk> References: <4800829B.5010800@ecs.soton.ac.uk> Message-ID: <48032355.3040103@gmail.com> >> I figured I'd give the tmpfs trick a try. The wiki says to add this to >> /etc/fstab: >> >> none /var/spool/MailScanner/incoming tmpfs defaults 0 0 >> >> I don't see where it assigns a specific amount of ram. Does it just >> take what it needs? How do you limit it so the system doesn't start >> swapping? >> > It just takes what it needs. You don't need to limit it, it will work it > all out for itself. Ah, almost right! Docs say that without any mount options 1/2 of system memory can be used by tmpfs mountpoints. If you want to restrict the maximum size to 1GB just use e.g. #> mount tmpfs /var/spool/MailScanner/incoming -t tmpfs -o size=1g man-page will list all options. Really *IN USE* (as in, not available to others) is only as much as you really have on the tmpfs. If memory is scarce tmpfs is fully swap-backed. Cheers, Ronny From gordonwong at wharftt.com Mon Apr 14 12:24:23 2008 From: gordonwong at wharftt.com (Gordon Wong) Date: Mon Apr 14 12:31:08 2008 Subject: MailScanner: extracting attachments References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> Message-ID: Seems the problem occurs when you set "Debug Spamassassin = yes". Hope it helps. ^^ Gordon From dnsadmin at 1bigthink.com Mon Apr 14 14:45:35 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Apr 14 14:46:27 2008 Subject: Got a very interesting problem.. In-Reply-To: <4801C217.8020807@vanderkooij.org> References: <200804121948.m3CJmRG0015874@mxt.1bigthink.com> <4801C217.8020807@vanderkooij.org> Message-ID: <200804141345.m3EDjfh8021971@mxt.1bigthink.com> At 04:19 AM 4/13/2008, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >dnsadmin 1bigthink.com wrote: > >..... > >| The server was acting this way prior to yum updates and a MailScanner >| 4.65 --> 4.68 update. I was running CentOS 5.1, now running CentOS 5 >| Final, all rpms updated. No funky repositories! >| >| This does not occur on my CentOS 4.x systems, same >| Mailscanner/SpamAssassin/ClamAV versions, different dovecot, sendmail >| versions. >| >| Sendmail 8.13.8 >| dovecot 1.01 >| MailScanner 4.68.8-1 >| ClamAV 092.1 >| SpamAssassin 3.2.4 >| milter-null (tested turned off) >| milter-greylist (tested turned off) > >Well. You forgot to include rather important details. This Centos 5 >system is running a 64bit installation if my reading of the strace >output is correct. But does that also apply to all the other software? >Do you run a 64bit version of Centos 4 as well? > >Hugo. Hello Hugo, No. No 64 bit systems here. Thanks, Glenn Parsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Mon Apr 14 14:47:09 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Apr 14 14:47:30 2008 Subject: Got a very interesting problem.. In-Reply-To: <4802E476.4010504@vanderkooij.org> References: <200804131830.m3DIUTHo022503@mxt.1bigthink.com> <4802E476.4010504@vanderkooij.org> Message-ID: <200804141347.m3EDlF0s022241@mxt.1bigthink.com> At 12:58 AM 4/14/2008, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >dnsadmin 1bigthink.com wrote: > >| I prefer to lurk, but I have this problem that showed up on my mail >| server. > >I now see your problem. Your users are having an admin who resends >messages. You just lost some kudo points. > >Hugo. Hello Hugo, I don't quite understand your response.. could you please apply clue-by-four to brain? Thanks, Glenn Parsons -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 14 14:54:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 14:54:54 2008 Subject: MailScanner: extracting attachments In-Reply-To: References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> Message-ID: <48036205.20905@ecs.soton.ac.uk> Do not set that unless you also set "Debug = yes". Much better to specify both of them on the command-line. "MailScanner --help" will show you the command-line options available. Gordon Wong wrote: > Seems the problem occurs when you set "Debug Spamassassin = yes". > Hope it helps. ^^ > > Gordon > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Mon Apr 14 15:00:32 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Apr 14 15:01:06 2008 Subject: Backscatter & challenge response In-Reply-To: <20080412070836.02bfe50c@scorpio> References: <002f01c89bad$63026d10$29074730$@co.uk> <47FFD079.8080800@vanderkooij.org> <20080412070836.02bfe50c@scorpio> Message-ID: <2baac6140804140700k4d362e65v93694e2431001129@mail.gmail.com> > > > > | I've been looking at a selection I've been sent through this > > morning and | there doesn't seem to be anything consistent about them > > and there not | hitting many spamassasin rules. > > > > I considere them hostile spam senders and blacklist them accordingly. > > I agree totally. I bounce any mail from a known 'challenge response' > user. The entire concept of 'challenge response' is flawed and a huge > waste of time and bandwidth. > > > -- What has everyone been doing to stop these? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080414/1ec8b4db/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 14 15:06:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 15:07:14 2008 Subject: New beta 4.69.3 released Message-ID: <480364FA.3020800@ecs.soton.ac.uk> I have released a new beta version of MailScanner, 4.69.3. The main new features in this beta are: - New keywords available in "Spam Actions" (and its relations) and "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" email address in "Spam Actions" and in the archive location and forwarding addresses in "Archive Mail". This lets you build all sorts of fancy systems that use procmail to deliver messages directly into spam databases and mail archives that are sorted by recipient address, and clever things like that. - New MailScanner.conf setting "Missing Mail Archive Is =" which lets you specify whether a destination in "Archive Mail =" is an mbox-format file or a directory. This used not to be necessary as you could predict the name of the next mbox file as it could only contain fixed strings or the date, so you could create the mbox file in advance if you wanted to deliver to that format. However, now it can be based on the sender and/or recipients of the message, it cannot be predicted so has to be told which type to use if the archive location is not present. It will automatically create all necessary complete directories trees to be able to archive the mail in your requested location. Please let me know if this works for you okay, and also if there are any necessary facilities I have not provided for this to be most useful to you. The only one that immediately comes to mind is to be able to specify an arbitrary directory location in the "store" spam action. Do you need that ability to do that too? Cheers folks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gwong at linktechit.com Mon Apr 14 15:22:34 2008 From: gwong at linktechit.com (Gregory Wong) Date: Mon Apr 14 15:23:16 2008 Subject: Unable to sa-compile Message-ID: Hi everyone, I am running Postfix w/ MailScanner, Spamassassassin, Pyzor, Razor, DCC, etc. When I run sa-update and then sa-compile, I get the following error message: root@smtp1:~# sa-compile [1942] info: config: dcc_path "/usr/local/bin/dccproc" isn't an executable [1942] info: config: SpamAssassin failed to parse line, "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: dcc_path /usr/local/bin/dccproc [1942] info: generic: base extraction starting. this can take a while... [1942] info: generic: extracting from rules of type body_0 100% [===========================================] 8.27 rules/sec 00m55s DONE 100% [===========================================] 104.01 bases/sec 00m09s DONE [1942] info: body_0: 681 base strings extracted in 66 seconds sa-compile: not compiling; 'spamassassin --lint' check failed! Any ideas on how to resolve it? I can't seem to find where the DCC executable is. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080414/5cd6a3b8/attachment.html From dgottsc at emory.edu Mon Apr 14 15:38:18 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Mon Apr 14 15:39:04 2008 Subject: Spamassassin rules based on IP Message-ID: Hi All, Does anyone know if it is possible to have MailScanner use different spamassassin rules based on IP? For example, I'd like one IP subnet to use certain .cf files, and another use different .cf files. I'd searched, but can't seem to find a method to do this. Thanks for any help. David Gottschalk UTS Email Team david.gottschalk@emory.edu This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From alex at nkpanama.com Mon Apr 14 15:51:25 2008 From: alex at nkpanama.com (Alex Neuman) Date: Mon Apr 14 15:51:58 2008 Subject: New beta 4.69.3 released In-Reply-To: <480364FA.3020800@ecs.soton.ac.uk> References: <480364FA.3020800@ecs.soton.ac.uk> Message-ID: <91A66E16-8199-45B4-BEC4-689A0F157C4B@nkpanama.com> I can see where it could be useful. On Apr 14, 2008, at 9:06 AM, Julian Field wrote: > Please let me know if this works for you okay, and also if there are > any necessary facilities I have not provided for this to be most > useful to you. The only one that immediately comes to mind is to be > able to specify an arbitrary directory location in the "store" spam > action. Do you need that ability to do that too? From davejones70 at gmail.com Mon Apr 14 15:57:39 2008 From: davejones70 at gmail.com (Dave Jones) Date: Mon Apr 14 15:58:14 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804140757s363ad1a6yfdca933f34ca1260@mail.gmail.com> >Dave Jones wrote: >> >Dave Jones wrote: >> >>> Dave Jones wrote: >> >>> >> >>>> Can someone post a sample of a working inline.sig.html? I am getting >> >>>> an email with the attached jpg file but it only shows an image box of >> >>>> 186 x 23 with no image inside it. Am I missing something in my html >> >>>> file that puts it inline within the body? >> >>>> >> >>>> _*MailScanner.conf*_ >> >>>> Attach Image To Signature = yes >> >>>> Inline HTML Signature = %rules-dir%/inline-html >> -signature.rules >> >>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >> >>>> Signature Image Filename = signature.jpg >> >>>> >> >>>> _*cat inline-html-signature.rules*_ >> >>>> From: me mydomain.com > mydomain.com > >> >>>> %report-dir%/inline.oneteam.sig.html >> >>>> FromOrTo: default no >> >>>> >> >>>> _*cat signature-image-filename.rules *_ >> >>>> From: me mydomain.com > mydomain.com > >> >>>> %report-dir%/OneTeam.jpg >> >>>> FromOrTo: default no >> >>>> >> >>>> _*cat inline.oneteam.sig.html*_ >> >>>> >> >>>> >> >>> You need to call it src="cid:signature.jpg" >> >>> >> >> >> >> I made my "inline.oneteam.sig.html" have "> >> src="cid:signature.jpg>" " but now the src= text value is getting >> >> dropped off when I view the source of the email. This is a snip of >> >> the end of the source: >> >> >> >> >> >> >> >> >> >That's because you've got the quotes in the wrong place. >> >src="cid:signature.jpg" >> >just as I said last time, so the whole thing looks like >> > >> My apologies for the previous bad posting. I had the real file >> exactly as you have it above and still get the resulting HTML dropping >> the src= value inside the img tag. >Here is my (working fine) setup. Remember that MailScanner will always >add a text signature to a plain-text message, and will only add an HTML >signature to the HTML part of an HTML message. So if you are using >Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >of the message. You can do this by adding a bold space on the last line >of the message. That's enough to trigger it and doesn't show up visibly >in the resulting message. >Dave ---- if you want to add this to the Wiki, it might be a good idea. >Just register yourself and add it in the configuration section. >***** MailScanner.conf: >Inline HTML Signature = %rules-dir%/inline.html.sig.rules >Inline Text Signature = %rules-dir%/inline.text.sig.rules >Signature Image Filename = %report-dir%/jules/julessig.png >Signature Image Filename = julessig.png >Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >***** %rules-dir%/inline.html.sig.rules: >From: sysjkf@ecs.soton.ac.uk >/etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >From: *@jules.fm >/etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >***** %rules-dir%/inline.text.sig.rules: >From: sysjkf@ecs.soton.ac.uk >/etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >From: *@jules.fm >/etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >***** %rules-dir%/attach.image.to.sig.rules: >From: sysjkf@ecs.soton.ac.uk yes >From: *@jules.fm yes >FromOrTo: default no >***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >
>
--  >
sysjkf@ecs.soton.ac.uk >***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >
>
--  >
Jules@Jules.FM >***** /etc/MailScanner/reports/ECS/inline.sig.html: >
-- >
This message has been scanned for viruses and >
dangerous content by >MailScanner, and is >
believed to be clean. >***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >Jules >-- >sysjkf@ecs.soton.ac.uk >***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >-- >Jules@Jules.FM >***** /etc/MailScanner/reports/ECS/inline.sig.txt: >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >***** THAT'S IT! ***** >Jules Thanks for the detailed configs. I had my settings correct and nearly identical to your settings. The problem still exists that the image is not getting displayed inline on a number of different email clients (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my quarantine (I save everything that is not high spam on my low-volume server at home) and the inline.html file is getting appended properly. Now it appears to be the "Content-ID:" multipart header is not getting generated in the MIME encoding so there is nothing to match my src="cid:signature.jpg" img tag. Could this be the problem? Working inline email image: ------_=_NextPart_001_01C89E3C.224B45D2 Content-Type: image/gif; name="image001.gif" Content-Transfer-Encoding: base64 Content-ID: Content-Description: image001.gif Content-Location: image001.gif Non-working inline email image: ------------=_1208183216-10649-0 Content-Type: image/jpeg; name="signature.jpg" Content-Disposition: attachment; filename="signature.jpg" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Mailer: MIME-tools 5.425 (Entity 5.425) -- Dave Jones From shuttlebox at gmail.com Mon Apr 14 16:09:40 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 14 16:10:13 2008 Subject: MailScanner: extracting attachments In-Reply-To: <48036205.20905@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> <48036205.20905@ecs.soton.ac.uk> Message-ID: <625385e30804140809t77f81191wf8913d7706076e93@mail.gmail.com> On Mon, Apr 14, 2008 at 3:54 PM, Julian Field wrote: > Do not set that unless you also set "Debug = yes". Much better to specify > both of them on the command-line. "MailScanner --help" will show you the > command-line options available. Would it be possible to change it so --debug-sa always sets --debug as well? So whether the user issues: # MailScanner --debug --debug-sa or # MailScanner --debug-sa it will be interpreted the same. If I understand it correctly they are meant to be used together so it would be best to eliminate the possibility to use an unsupported combination. -- /peter From MailScanner at ecs.soton.ac.uk Mon Apr 14 16:10:42 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 16:11:30 2008 Subject: Unable to sa-compile In-Reply-To: References: Message-ID: <480373F2.2060405@ecs.soton.ac.uk> In which case you probably aren't using DCC. So comment out the DCC lines from your /etc/mail/spamassassin/*pre and /etc/MailScanner/spam.assassin.prefs.conf files. Then do another "spamassassin --lint" to be sure it completes without printing any errors. Gregory Wong wrote: > Hi everyone, > > I am running Postfix w/ MailScanner, Spamassassassin, Pyzor, Razor, > DCC, etc. When I run sa-update and then sa-compile, I get the > following error message: > > root@smtp1:~# sa-compile > [1942] info: config: dcc_path "/usr/local/bin/dccproc" isn't an executable > [1942] info: config: SpamAssassin failed to parse line, > "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: > dcc_path /usr/local/bin/dccproc > [1942] info: generic: base extraction starting. this can take a while... > [1942] info: generic: extracting from rules of type body_0 > 100% [===========================================] 8.27 rules/sec > 00m55s DONE > 100% [===========================================] 104.01 bases/sec > 00m09s DONE > [1942] info: body_0: 681 base strings extracted in 66 seconds > sa-compile: not compiling; 'spamassassin --lint' check failed! > > Any ideas on how to resolve it? I can?t seem to find where the DCC > executable is. > > Thanks. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Mon Apr 14 16:12:43 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Apr 14 16:13:26 2008 Subject: New beta 4.69.3 released In-Reply-To: <480364FA.3020800@ecs.soton.ac.uk> References: <480364FA.3020800@ecs.soton.ac.uk> Message-ID: <4803746B.0@alexb.ch> On 4/14/2008 4:06 PM, Julian Field wrote: > I have released a new beta version of MailScanner, 4.69.3. > > The main new features in this beta are: > > - New keywords available in "Spam Actions" (and its relations) and > "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, > _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" email > address in "Spam Actions" and in the archive location and forwarding > addresses in "Archive Mail". This lets you build all sorts of fancy > systems that use procmail to deliver messages directly into spam > databases and mail archives that are sorted by recipient address, and > clever things like that. > - New MailScanner.conf setting "Missing Mail Archive Is =" which lets > you specify whether a destination in "Archive Mail =" is an mbox-format > file or a directory. This used not to be necessary as you could predict > the name of the next mbox file as it could only contain fixed strings or > the date, so you could create the mbox file in advance if you wanted to > deliver to that format. However, now it can be based on the sender > and/or recipients of the message, it cannot be predicted so has to be > told which type to use if the archive location is not present. It will > automatically create all necessary complete directories trees to be able > to archive the mail in your requested location. > > Please let me know if this works for you okay, and also if there are any > necessary facilities I have not provided for this to be most useful to > you. The only one that immediately comes to mind is to be able to > specify an arbitrary directory location in the "store" spam action. Do > you need that ability to do that too? > Cool Question: Will your IMAPspam custom function work with this? If yes - could you release it to the community? thanks Alex From peter at farrows.org Mon Apr 14 16:29:49 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Apr 14 16:30:41 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804140757s363ad1a6yfdca933f34ca1260@mail.gmail.com> References: <67a55ed50804140757s363ad1a6yfdca933f34ca1260@mail.gmail.com> Message-ID: <4803786D.9000002@farrows.org> Dave Jones wrote: >> Dave Jones wrote: >> >>>> Dave Jones wrote: >>>> >>>>>> Dave Jones wrote: >>>>>> >>>>>> >>>>>>> Can someone post a sample of a working inline.sig.html? I am getting >>>>>>> an email with the attached jpg file but it only shows an image box of >>>>>>> 186 x 23 with no image inside it. Am I missing something in my html >>>>>>> file that puts it inline within the body? >>>>>>> >>>>>>> _*MailScanner.conf*_ >>>>>>> Attach Image To Signature = yes >>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>> >>> -signature.rules >>> >>>>>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>>>>> Signature Image Filename = signature.jpg >>>>>>> >>>>>>> _*cat inline-html-signature.rules*_ >>>>>>> From: me mydomain.com >>>>>> >>> mydomain.com > >>> >>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>> FromOrTo: default no >>>>>>> >>>>>>> _*cat signature-image-filename.rules *_ >>>>>>> From: me mydomain.com >>>>>> >>> mydomain.com > >>> >>>>>>> %report-dir%/OneTeam.jpg >>>>>>> FromOrTo: default no >>>>>>> >>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>> >>>>>>> >>>>>>> >>>>>> You need to call it src="cid:signature.jpg" >>>>>> >>>>>> >>>>> I made my "inline.oneteam.sig.html" have ">>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>> dropped off when I view the source of the email. This is a snip of >>>>> the end of the source: >>>>> >>>>> >>>>> >>>>> >>>>> >>>> That's because you've got the quotes in the wrong place. >>>> src="cid:signature.jpg" >>>> just as I said last time, so the whole thing looks like >>>> >>>> >>> My apologies for the previous bad posting. I had the real file >>> exactly as you have it above and still get the resulting HTML dropping >>> the src= value inside the img tag. >>> >> Here is my (working fine) setup. Remember that MailScanner will always >> add a text signature to a plain-text message, and will only add an HTML >> signature to the HTML part of an HTML message. So if you are using >> Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >> of the message. You can do this by adding a bold space on the last line >> of the message. That's enough to trigger it and doesn't show up visibly >> in the resulting message. >> > > >> Dave ---- if you want to add this to the Wiki, it might be a good idea. >> Just register yourself and add it in the configuration section. >> > > >> ***** MailScanner.conf: >> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >> Inline Text Signature = %rules-dir%/inline.text.sig.rules >> Signature Image Filename = %report-dir%/jules/julessig.png >> Signature Image Filename = julessig.png >> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >> > > >> ***** %rules-dir%/inline.html.sig.rules: >> From: sysjkf@ecs.soton.ac.uk >> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >> From: *@jules.fm >> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >> > > >> ***** %rules-dir%/inline.text.sig.rules: >> From: sysjkf@ecs.soton.ac.uk >> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >> From: *@jules.fm >> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >> > > >> ***** %rules-dir%/attach.image.to.sig.rules: >> From: sysjkf@ecs.soton.ac.uk yes >> From: *@jules.fm yes >> FromOrTo: default no >> > > >> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>
>>
--  >>
sysjkf@ecs.soton.ac.uk >> > > >> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>
>>
--  >>
Jules@Jules.FM >> > > >> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>
-- >>
This message has been scanned for viruses and >>
dangerous content by >> MailScanner, and is >>
believed to be clean. >> > > >> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >> Jules >> -- >> sysjkf@ecs.soton.ac.uk >> > > >> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >> -- >> Jules@Jules.FM >> > > >> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > >> ***** THAT'S IT! ***** >> > > >> Jules >> > Thanks for the detailed configs. I had my settings correct and nearly > identical to your settings. The problem still exists that the image > is not getting displayed inline on a number of different email clients > (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my > quarantine (I save everything that is not high spam on my low-volume > server at home) and the inline.html file is getting appended properly. > Now it appears to be the "Content-ID:" multipart header is not > getting generated in the MIME encoding so there is nothing to match my > src="cid:signature.jpg" img tag. Could this be the problem? > > Working inline email image: > ------_=_NextPart_001_01C89E3C.224B45D2 > Content-Type: image/gif; > name="image001.gif" > Content-Transfer-Encoding: base64 > Content-ID: > Content-Description: image001.gif > Content-Location: image001.gif > > Non-working inline email image: > ------------=_1208183216-10649-0 > Content-Type: image/jpeg; name="signature.jpg" > Content-Disposition: attachment; filename="signature.jpg" > Content-Transfer-Encoding: base64 > MIME-Version: 1.0 > X-Mailer: MIME-tools 5.425 (Entity 5.425) > > > Just for the record, Mine displays an empty box too... Gave up trying to make it work.. P. -- horizontal ruler Peter Farrow Inexcom Logo Inexcom Ltd Office: 08450 949 747 Fax: 01249 461 548 Mobile: 07799605617 Skype: martinfarrow Web: www.inexcom.co.uk Registered in England and Wales, number:05598456 -------------- next part -------------- Skipped content of type multipart/related From lists at openenterprise.ca Mon Apr 14 16:46:11 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Mon Apr 14 16:46:49 2008 Subject: qmail and plesk environment - getting listed on spamhaus Message-ID: <48037C43.8050304@openenterprise.ca> I have a client running a plesk/qmail hosting service who is having some trouble with getting their shared ip listed on spamhaus. I am looking into various solutions to suggest to them, possibly including ms if it can be integrated into the plesk environment. For now I would like to try and determine why they keep getting listed on spamhaus. Can anyone suggest some tips or a starting point to determine why they might keep getting listed? I will be reviewing their maillogs to see if there is any mass mailings going out from any of their hosted domains on the shared ip to start. From MailScanner at ecs.soton.ac.uk Mon Apr 14 16:50:08 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 16:50:52 2008 Subject: New beta 4.69.3 released In-Reply-To: <4803746B.0@alexb.ch> References: <480364FA.3020800@ecs.soton.ac.uk> <4803746B.0@alexb.ch> Message-ID: <48037D30.2060305@ecs.soton.ac.uk> Alex Broens wrote: > On 4/14/2008 4:06 PM, Julian Field wrote: >> I have released a new beta version of MailScanner, 4.69.3. >> >> The main new features in this beta are: >> >> - New keywords available in "Spam Actions" (and its relations) and >> "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, >> _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" email >> address in "Spam Actions" and in the archive location and forwarding >> addresses in "Archive Mail". This lets you build all sorts of fancy >> systems that use procmail to deliver messages directly into spam >> databases and mail archives that are sorted by recipient address, and >> clever things like that. >> - New MailScanner.conf setting "Missing Mail Archive Is =" which lets >> you specify whether a destination in "Archive Mail =" is an >> mbox-format file or a directory. This used not to be necessary as you >> could predict the name of the next mbox file as it could only contain >> fixed strings or the date, so you could create the mbox file in >> advance if you wanted to deliver to that format. However, now it can >> be based on the sender and/or recipients of the message, it cannot be >> predicted so has to be told which type to use if the archive location >> is not present. It will automatically create all necessary complete >> directories trees to be able to archive the mail in your requested >> location. >> >> Please let me know if this works for you okay, and also if there are >> any necessary facilities I have not provided for this to be most >> useful to you. The only one that immediately comes to mind is to be >> able to specify an arbitrary directory location in the "store" spam >> action. Do you need that ability to do that too? >> > > Cool > > Question: Will your IMAPspam custom function work with this? Any idea who I wrote it for or what it does? I can't remember this at all, sorry. > If yes - could you release it to the community? That depends on the person who paid for it agreeing to it. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 14 16:54:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 16:54:39 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804140757s363ad1a6yfdca933f34ca1260@mail.gmail.com> References: <67a55ed50804140757s363ad1a6yfdca933f34ca1260@mail.gmail.com> Message-ID: <48037E2F.7020702@ecs.soton.ac.uk> Dave Jones wrote: >> Dave Jones wrote: >> >>>> Dave Jones wrote: >>>> >>>>>> Dave Jones wrote: >>>>>> >>>>>> >>>>>>> Can someone post a sample of a working inline.sig.html? I am getting >>>>>>> an email with the attached jpg file but it only shows an image box of >>>>>>> 186 x 23 with no image inside it. Am I missing something in my html >>>>>>> file that puts it inline within the body? >>>>>>> >>>>>>> _*MailScanner.conf*_ >>>>>>> Attach Image To Signature = yes >>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>> >>> -signature.rules >>> >>>>>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>>>>> Signature Image Filename = signature.jpg >>>>>>> >>>>>>> _*cat inline-html-signature.rules*_ >>>>>>> From: me mydomain.com >>>>>> >>> mydomain.com > >>> >>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>> FromOrTo: default no >>>>>>> >>>>>>> _*cat signature-image-filename.rules *_ >>>>>>> From: me mydomain.com >>>>>> >>> mydomain.com > >>> >>>>>>> %report-dir%/OneTeam.jpg >>>>>>> FromOrTo: default no >>>>>>> >>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>> >>>>>>> >>>>>>> >>>>>> You need to call it src="cid:signature.jpg" >>>>>> >>>>>> >>>>> I made my "inline.oneteam.sig.html" have ">>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>> dropped off when I view the source of the email. This is a snip of >>>>> the end of the source: >>>>> >>>>> >>>>> >>>>> >>>>> >>>> That's because you've got the quotes in the wrong place. >>>> src="cid:signature.jpg" >>>> just as I said last time, so the whole thing looks like >>>> >>>> >>> My apologies for the previous bad posting. I had the real file >>> exactly as you have it above and still get the resulting HTML dropping >>> the src= value inside the img tag. >>> >> Here is my (working fine) setup. Remember that MailScanner will always >> add a text signature to a plain-text message, and will only add an HTML >> signature to the HTML part of an HTML message. So if you are using >> Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >> of the message. You can do this by adding a bold space on the last line >> of the message. That's enough to trigger it and doesn't show up visibly >> in the resulting message. >> > > >> Dave ---- if you want to add this to the Wiki, it might be a good idea. >> Just register yourself and add it in the configuration section. >> > > >> ***** MailScanner.conf: >> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >> Inline Text Signature = %rules-dir%/inline.text.sig.rules >> Signature Image Filename = %report-dir%/jules/julessig.png >> Signature Image Filename = julessig.png >> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >> > > >> ***** %rules-dir%/inline.html.sig.rules: >> From: sysjkf@ecs.soton.ac.uk >> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >> From: *@jules.fm >> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >> > > >> ***** %rules-dir%/inline.text.sig.rules: >> From: sysjkf@ecs.soton.ac.uk >> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >> From: *@jules.fm >> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >> > > >> ***** %rules-dir%/attach.image.to.sig.rules: >> From: sysjkf@ecs.soton.ac.uk yes >> From: *@jules.fm yes >> FromOrTo: default no >> > > >> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>
>>
--  >>
sysjkf@ecs.soton.ac.uk >> > > >> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>
>>
--  >>
Jules@Jules.FM >> > > >> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>
-- >>
This message has been scanned for viruses and >>
dangerous content by >> MailScanner, and is >>
believed to be clean. >> > > >> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >> Jules >> -- >> sysjkf@ecs.soton.ac.uk >> > > >> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >> -- >> Jules@Jules.FM >> > > >> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > > >> ***** THAT'S IT! ***** >> > > >> Jules >> > Thanks for the detailed configs. I had my settings correct and nearly > identical to your settings. The problem still exists that the image > is not getting displayed inline on a number of different email clients > (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my > quarantine (I save everything that is not high spam on my low-volume > server at home) and the inline.html file is getting appended properly. > Now it appears to be the "Content-ID:" multipart header is not > getting generated in the MIME encoding so there is nothing to match my > src="cid:signature.jpg" img tag. Could this be the problem? > > Working inline email image: > ------_=_NextPart_001_01C89E3C.224B45D2 > Content-Type: image/gif; > name="image001.gif" > Content-Transfer-Encoding: base64 > Content-ID: > Content-Description: image001.gif > Content-Location: image001.gif > > Non-working inline email image: > ------------=_1208183216-10649-0 > Content-Type: image/jpeg; name="signature.jpg" > Content-Disposition: attachment; filename="signature.jpg" > Content-Transfer-Encoding: base64 > MIME-Version: 1.0 > X-Mailer: MIME-tools 5.425 (Entity 5.425) > That's odd, as I get the extra header Content-ID: added as well. And I'm running the same version of MIME-tools as you are. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 14 17:01:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 17:01:53 2008 Subject: {Disarmed} Re: Graphic inline Signature In-Reply-To: <4803786D.9000002@farrows.org> References: <67a55ed50804140757s363ad1a6yfdca933f34ca1260@mail.gmail.com> <4803786D.9000002@farrows.org> Message-ID: <48037FE1.1070905@ecs.soton.ac.uk> Peter Farrow wrote: > Dave Jones wrote: >>> Dave Jones wrote: >>> >>>>> Dave Jones wrote: >>>>> >>>>>>> Dave Jones wrote: >>>>>>> >>>>>>> >>>>>>>> Can someone post a sample of a working inline.sig.html? I am getting >>>>>>>> an email with the attached jpg file but it only shows an image box of >>>>>>>> 186 x 23 with no image inside it. Am I missing something in my html >>>>>>>> file that puts it inline within the body? >>>>>>>> >>>>>>>> _*MailScanner.conf*_ >>>>>>>> Attach Image To Signature = yes >>>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>>> >>>> -signature.rules >>>> >>>>>>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>>>>>> Signature Image Filename = signature.jpg >>>>>>>> >>>>>>>> _*cat inline-html-signature.rules*_ >>>>>>>> From: me mydomain.com >>>>>>> >>>> mydomain.com > >>>> >>>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>>> FromOrTo: default no >>>>>>>> >>>>>>>> _*cat signature-image-filename.rules *_ >>>>>>>> From: me mydomain.com >>>>>>> >>>> mydomain.com > >>>> >>>>>>>> %report-dir%/OneTeam.jpg >>>>>>>> FromOrTo: default no >>>>>>>> >>>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> You need to call it src="cid:signature.jpg" >>>>>>> >>>>>>> >>>>>> I made my "inline.oneteam.sig.html" have ">>>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>>> dropped off when I view the source of the email. This is a snip of >>>>>> the end of the source: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> That's because you've got the quotes in the wrong place. >>>>> src="cid:signature.jpg" >>>>> just as I said last time, so the whole thing looks like >>>>> >>>>> >>>> My apologies for the previous bad posting. I had the real file >>>> exactly as you have it above and still get the resulting HTML dropping >>>> the src= value inside the img tag. >>>> >>> Here is my (working fine) setup. Remember that MailScanner will always >>> add a text signature to a plain-text message, and will only add an HTML >>> signature to the HTML part of an HTML message. So if you are using >>> Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >>> of the message. You can do this by adding a bold space on the last line >>> of the message. That's enough to trigger it and doesn't show up visibly >>> in the resulting message. >>> >> >> >>> Dave ---- if you want to add this to the Wiki, it might be a good idea. >>> Just register yourself and add it in the configuration section. >>> >> >> >>> ***** MailScanner.conf: >>> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >>> Inline Text Signature = %rules-dir%/inline.text.sig.rules >>> Signature Image Filename = %report-dir%/jules/julessig.png >>> Signature Image Filename = julessig.png >>> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >>> >> >> >>> ***** %rules-dir%/inline.html.sig.rules: >>> From: sysjkf@ecs.soton.ac.uk >>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >>> From: *@jules.fm >>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >>> >> >> >>> ***** %rules-dir%/inline.text.sig.rules: >>> From: sysjkf@ecs.soton.ac.uk >>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >>> From: *@jules.fm >>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >>> >> >> >>> ***** %rules-dir%/attach.image.to.sig.rules: >>> From: sysjkf@ecs.soton.ac.uk yes >>> From: *@jules.fm yes >>> FromOrTo: default no >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>>
>>>
--  >>>
sysjkf@ecs.soton.ac.uk >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>
>>>
--  >>>
Jules@Jules.FM >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>>
-- >>>
This message has been scanned for viruses and >>>
dangerous content by >>> MailScanner, and is >>>
believed to be clean. >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >>> Jules >>> -- >>> sysjkf@ecs.soton.ac.uk >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >>> -- >>> Jules@Jules.FM >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >> >> >>> ***** THAT'S IT! ***** >>> >> >> >>> Jules >>> >> Thanks for the detailed configs. I had my settings correct and nearly >> identical to your settings. The problem still exists that the image >> is not getting displayed inline on a number of different email clients >> (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my >> quarantine (I save everything that is not high spam on my low-volume >> server at home) and the inline.html file is getting appended properly. >> Now it appears to be the "Content-ID:" multipart header is not >> getting generated in the MIME encoding so there is nothing to match my >> src="cid:signature.jpg" img tag. Could this be the problem? >> >> Working inline email image: >> ------_=_NextPart_001_01C89E3C.224B45D2 >> Content-Type: image/gif; >> name="image001.gif" >> Content-Transfer-Encoding: base64 >> Content-ID: >> Content-Description: image001.gif >> Content-Location: image001.gif >> >> Non-working inline email image: >> ------------=_1208183216-10649-0 >> Content-Type: image/jpeg; name="signature.jpg" >> Content-Disposition: attachment; filename="signature.jpg" >> Content-Transfer-Encoding: base64 >> MIME-Version: 1.0 >> X-Mailer: MIME-tools 5.425 (Entity 5.425) >> >> >> > Just for the record, > > Mine displays an empty box too... > > Gave up trying to make it work.. Works great for me (inevitably). The only suggestion I have is to edit /usr/lib/MailScanner/MailScanner/Message.pm. Around line 4407 there should be a line that says this: Id => '<' . $internalname . '>'); Change that to 'Content-Id:' => '<' . $internalname . '>'); Then service MailScanner restart and let me know if this helps at all. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Mon Apr 14 17:17:29 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Apr 14 17:18:06 2008 Subject: New beta 4.69.3 released In-Reply-To: <48037D30.2060305@ecs.soton.ac.uk> References: <480364FA.3020800@ecs.soton.ac.uk> <4803746B.0@alexb.ch> <48037D30.2060305@ecs.soton.ac.uk> Message-ID: <48038399.2090009@alexb.ch> On 4/14/2008 5:50 PM, Julian Field wrote: > > > Alex Broens wrote: >> On 4/14/2008 4:06 PM, Julian Field wrote: >>> I have released a new beta version of MailScanner, 4.69.3. >>> >>> The main new features in this beta are: >>> >>> - New keywords available in "Spam Actions" (and its relations) and >>> "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, >>> _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" email >>> address in "Spam Actions" and in the archive location and forwarding >>> addresses in "Archive Mail". This lets you build all sorts of fancy >>> systems that use procmail to deliver messages directly into spam >>> databases and mail archives that are sorted by recipient address, and >>> clever things like that. >>> - New MailScanner.conf setting "Missing Mail Archive Is =" which lets >>> you specify whether a destination in "Archive Mail =" is an >>> mbox-format file or a directory. This used not to be necessary as you >>> could predict the name of the next mbox file as it could only contain >>> fixed strings or the date, so you could create the mbox file in >>> advance if you wanted to deliver to that format. However, now it can >>> be based on the sender and/or recipients of the message, it cannot be >>> predicted so has to be told which type to use if the archive location >>> is not present. It will automatically create all necessary complete >>> directories trees to be able to archive the mail in your requested >>> location. >>> >>> Please let me know if this works for you okay, and also if there are >>> any necessary facilities I have not provided for this to be most >>> useful to you. The only one that immediately comes to mind is to be >>> able to specify an arbitrary directory location in the "store" spam >>> action. Do you need that ability to do that too? >>> >> >> Cool >> >> Question: Will your IMAPspam custom function work with this? > Any idea who I wrote it for or what it does? I can't remember this at > all, sorry. You wrote it for me. (I sent you the latest version you sent me, last night) >> If yes - could you release it to the community? > That depends on the person who paid for it agreeing to it. I paid for it, agree to releasing :-) Alex From ms-list at alexb.ch Mon Apr 14 17:23:17 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Apr 14 17:23:34 2008 Subject: New beta 4.69.3 released In-Reply-To: <48037D30.2060305@ecs.soton.ac.uk> References: <480364FA.3020800@ecs.soton.ac.uk> <4803746B.0@alexb.ch> <48037D30.2060305@ecs.soton.ac.uk> Message-ID: <480384F5.1080500@alexb.ch> On 4/14/2008 5:50 PM, Julian Field wrote: > > > Alex Broens wrote: >> On 4/14/2008 4:06 PM, Julian Field wrote: >>> I have released a new beta version of MailScanner, 4.69.3. >>> >>> The main new features in this beta are: >>> >>> - New keywords available in "Spam Actions" (and its relations) and >>> "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, >>> _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" email >>> address in "Spam Actions" and in the archive location and forwarding >>> addresses in "Archive Mail". This lets you build all sorts of fancy >>> systems that use procmail to deliver messages directly into spam >>> databases and mail archives that are sorted by recipient address, and >>> clever things like that. >>> - New MailScanner.conf setting "Missing Mail Archive Is =" which lets >>> you specify whether a destination in "Archive Mail =" is an >>> mbox-format file or a directory. This used not to be necessary as you >>> could predict the name of the next mbox file as it could only contain >>> fixed strings or the date, so you could create the mbox file in >>> advance if you wanted to deliver to that format. However, now it can >>> be based on the sender and/or recipients of the message, it cannot be >>> predicted so has to be told which type to use if the archive location >>> is not present. It will automatically create all necessary complete >>> directories trees to be able to archive the mail in your requested >>> location. >>> >>> Please let me know if this works for you okay, and also if there are >>> any necessary facilities I have not provided for this to be most >>> useful to you. The only one that immediately comes to mind is to be >>> able to specify an arbitrary directory location in the "store" spam >>> action. Do you need that ability to do that too? >>> >> >> Cool >> >> Question: Will your IMAPspam custom function work with this? > Any idea who I wrote it for or what it does? adding: It was designed to store spam (or ham) in a remote IMAP account/folder to avoid having mabox/files on MailScanner boxes. Back in 2006, when your wrote it, it required a massive MS hack to make it work. I gave up hacking through MS releases to keep it running. MS' new action features seem to fit the concept way better so it may be of use again. Alex From prandal at herefordshire.gov.uk Mon Apr 14 17:33:14 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Apr 14 17:34:12 2008 Subject: ClamAV 0.93 released Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> Release Name: 0.93 Notes: This release introduces many new features and engine enhancements, please see the ChangeLog for the list of major changes. The most visible one is the new logic in scan limits which affects some command line and config options of clamscan and clamd. Please see clamscan(1) and clamd.conf(5) and the example config file for more information on the new options. Changes: * libclamav: - New logic in scan limits: provides much more efficient protection against DoS attacks but also results in different command line and config options to clamscan and clamd (see below) - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator, entity converter - Improved filetype detection; filetype definitions can be remotely updated - Support for .cld containers (which replace .inc directories) - Improved pattern matcher and signature formats - More efficient scanning of HTML files - Many other improvements * clamd: - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion, ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles, ArchiveMaxCompressionRatio, ArchiveBlockMax * clamscan: - NEW CMDLINE OPTIONS: --max-filesize, --max-scansize - REMOVED OPTIONS: --block-max, --max-space, --max-ratio * freshclam: - NEW CONFIG OPTION CompressLocalDatabase - NEW CMDLINE SWITCH --no-warnings - main.inc and daily.inc directories are no longer used by ClamAV; please remove them manually from your database directory Cheers, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080414/58225f33/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 14 18:05:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 18:06:32 2008 Subject: New beta 4.69.3 released In-Reply-To: <480384F5.1080500@alexb.ch> References: <480364FA.3020800@ecs.soton.ac.uk> <4803746B.0@alexb.ch> <48037D30.2060305@ecs.soton.ac.uk> <480384F5.1080500@alexb.ch> Message-ID: <48038EE5.7070606@ecs.soton.ac.uk> Alex Broens wrote: > On 4/14/2008 5:50 PM, Julian Field wrote: >> >> >> Alex Broens wrote: >>> On 4/14/2008 4:06 PM, Julian Field wrote: >>>> I have released a new beta version of MailScanner, 4.69.3. >>>> >>>> The main new features in this beta are: >>>> >>>> - New keywords available in "Spam Actions" (and its relations) and >>>> "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, >>>> _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" >>>> email address in "Spam Actions" and in the archive location and >>>> forwarding addresses in "Archive Mail". This lets you build all >>>> sorts of fancy systems that use procmail to deliver messages >>>> directly into spam databases and mail archives that are sorted by >>>> recipient address, and clever things like that. >>>> - New MailScanner.conf setting "Missing Mail Archive Is =" which >>>> lets you specify whether a destination in "Archive Mail =" is an >>>> mbox-format file or a directory. This used not to be necessary as >>>> you could predict the name of the next mbox file as it could only >>>> contain fixed strings or the date, so you could create the mbox >>>> file in advance if you wanted to deliver to that format. However, >>>> now it can be based on the sender and/or recipients of the message, >>>> it cannot be predicted so has to be told which type to use if the >>>> archive location is not present. It will automatically create all >>>> necessary complete directories trees to be able to archive the mail >>>> in your requested location. >>>> >>>> Please let me know if this works for you okay, and also if there >>>> are any necessary facilities I have not provided for this to be >>>> most useful to you. The only one that immediately comes to mind is >>>> to be able to specify an arbitrary directory location in the >>>> "store" spam action. Do you need that ability to do that too? >>>> >>> >>> Cool >>> >>> Question: Will your IMAPspam custom function work with this? >> Any idea who I wrote it for or what it does? > adding: > > It was designed to store spam (or ham) in a remote IMAP > account/folder to avoid having mabox/files on MailScanner boxes. > > Back in 2006, when your wrote it, it required a massive MS hack to > make it work. I gave up hacking through MS releases to keep it running. > > MS' new action features seem to fit the concept way better so it may > be of use again. I'm not quite sure how these 2 things are related. The IMAPspam code I wrote for you uses an IMAP client to store the message in the user's mailboxes. The new code I have written doesn't have anything to do with IMAP clients. I'm slightly puzzled. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gwong at linktechit.com Mon Apr 14 18:06:28 2008 From: gwong at linktechit.com (Gregory Wong) Date: Mon Apr 14 18:07:11 2008 Subject: Unable to sa-compile In-Reply-To: <480373F2.2060405@ecs.soton.ac.uk> Message-ID: I'll make that change and see how it goes. Just curious but I have the dcc-client installed. Is DCC that the sa-compile is looking for different from the dcc-client. I can run 'cdcc info' and get the following output: root@smtp1:~# cdcc info # 04/14/08 13:05:10 EDT /var/lib/dcc/map # Re-resolve names after 14:07:19 # 151.20 ms threshold, 181.55 ms average 12 total, 12 working servers IPv6 on dcc1.dcc-servers.net,- anon # ::ffff:64.124.52.232,- dcc-servers ID 1049 # 100% of 32 requests ok 195.17 ms RTT 100 ms queue wait # ::ffff:136.161.101.6,- dcc-servers.net ID 102 # 94% of 32 requests ok 181.20 ms RTT 100 ms queue wait # ::ffff:142.27.70.211,- CollegeOfNewCaledonia ID 1189 # 100% of 12 requests ok 218.19 ms RTT 100 ms queue wait # ::ffff:208.201.249.233,- sonic.net ID 1117 # 100% of 32 requests ok 188.98 ms RTT 100 ms queue wait # * ::ffff:216.134.200.215,- ID 1113 # 100% of 32 requests ok 119.88 ms RTT 100 ms queue wait dcc2.dcc-servers.net,- anon # ::ffff:136.199.199.102,- URT ID 1060 # 100% of 32 requests ok 229.96 ms RTT 100 ms queue wait # ::ffff:192.84.137.21,- INFN-TO ID 1233 # 100% of 32 requests ok 236.94 ms RTT 100 ms queue wait # ::ffff:193.166.171.33,- HP_X86_64_8CPU ID 1245 # 100% of 1 requests ok 245.32 ms RTT 100 ms queue wait # ::ffff:208.201.249.232,- sonic.net ID 1156 # 100% of 32 requests ok 190.91 ms RTT 100 ms queue wait dcc3.dcc-servers.net,- anon # ::ffff:192.135.10.194,- debian ID 1169 # 88% of 32 requests ok 475.50 ms RTT 100 ms queue wait dcc4.dcc-servers.net,- anon dcc5.dcc-servers.net,- anon # ::ffff:195.20.8.232,- EATSERVER ID 1166 # 100% of 3 requests ok 151.20 ms RTT 10 ms queue wait # ::ffff:203.81.36.6,- PacNet-SG ID 1358 # 100% of 4 requests ok 392.86 ms RTT 100 ms queue wait On 4/14/08 11:10 AM, "Julian Field" wrote: In which case you probably aren't using DCC. So comment out the DCC lines from your /etc/mail/spamassassin/*pre and /etc/MailScanner/spam.assassin.prefs.conf files. Then do another "spamassassin --lint" to be sure it completes without printing any errors. Gregory Wong wrote: > Hi everyone, > > I am running Postfix w/ MailScanner, Spamassassassin, Pyzor, Razor, > DCC, etc. When I run sa-update and then sa-compile, I get the > following error message: > > root@smtp1:~# sa-compile > [1942] info: config: dcc_path "/usr/local/bin/dccproc" isn't an executable > [1942] info: config: SpamAssassin failed to parse line, > "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: > dcc_path /usr/local/bin/dccproc > [1942] info: generic: base extraction starting. this can take a while... > [1942] info: generic: extracting from rules of type body_0 > 100% [===========================================] 8.27 rules/sec > 00m55s DONE > 100% [===========================================] 104.01 bases/sec > 00m09s DONE > [1942] info: body_0: 681 base strings extracted in 66 seconds > sa-compile: not compiling; 'spamassassin --lint' check failed! > > Any ideas on how to resolve it? I can't seem to find where the DCC > executable is. > > Thanks. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080414/e4b69f05/attachment.html From steve.freegard at fsl.com Mon Apr 14 18:09:13 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Apr 14 18:09:52 2008 Subject: qmail and plesk environment - getting listed on spamhaus In-Reply-To: <48037C43.8050304@openenterprise.ca> References: <48037C43.8050304@openenterprise.ca> Message-ID: <48038FB9.3040009@fsl.com> Johnny Stork wrote: > I have a client running a plesk/qmail hosting service who is having some > trouble with getting their shared ip listed on spamhaus. I am looking > into various solutions to suggest to them, possibly including ms if it > can be integrated into the plesk environment. For now I would like to > try and determine why they keep getting listed on spamhaus. Can anyone > suggest some tips or a starting point to determine why they might keep > getting listed? This isn't really the place to ask this - but I'll answer it anyway. There are 3 Spamhaus lists; SBL, XBL and the PBL. If you query zen.spamhaus.org then you will get a result from all three lists which are determined by the returned IP. 127.0.0.2 = SBL 127.0.0.4 = XBL 127.0.0.10/11 = PBL Most likely they are being listed on either the SBL or XBL. If they are listed on the SBL, then this is most likely due to spam originating from this system and was most likely a manual listing by Spamhaus. The Spamhaus web site will give you more information on the listing and tell you what you need to do to get de-listed. If they are listed on the XBL, then this was most likely an automated listing and is either caused by a hacked formmail.pl or PHP script being used to send mail or it is caused by qmail sending a HELO as 'localhost' or 'localhost.localdomain' or the machine has been hacked and has an open-proxy installed on it. You can find out more about this by going to cbl.abuseat.org (which is the actual data provider for the XBL list) and requesting a de-list. The web site will then walk you through the possible causes. Regards, Steve. From davejones70 at gmail.com Mon Apr 14 18:14:55 2008 From: davejones70 at gmail.com (Dave Jones) Date: Mon Apr 14 18:15:30 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> Peter Farrow wrote: > Dave Jones wrote: >>> Dave Jones wrote: >>> >>>>> Dave Jones wrote: >>>>> >>>>>>> Dave Jones wrote: >>>>>>> >>>>>>> >>>>>>>> Can someone post a sample of a working inline.sig.html? I am getting >>>>>>>> an email with the attached jpg file but it only shows an image box of >>>>>>>> 186 x 23 with no image inside it. Am I missing something in my html >>>>>>>> file that puts it inline within the body? >>>>>>>> >>>>>>>> _*MailScanner.conf*_ >>>>>>>> Attach Image To Signature = yes >>>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>>> >>>> -signature.rules >>>> >>>>>>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>>>>>> Signature Image Filename = signature.jpg >>>>>>>> >>>>>>>> _*cat inline-html-signature.rules*_ >>>>>>>> From: me mydomain.com >>>>>>> >>>> mydomain.com > >>>> >>>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>>> FromOrTo: default no >>>>>>>> >>>>>>>> _*cat signature-image-filename.rules *_ >>>>>>>> From: me mydomain.com >>>>>>> >>>> mydomain.com > >>>> >>>>>>>> %report-dir%/OneTeam.jpg >>>>>>>> FromOrTo: default no >>>>>>>> >>>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> You need to call it src="cid:signature.jpg" >>>>>>> >>>>>>> >>>>>> I made my "inline.oneteam.sig.html" have ">>>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>>> dropped off when I view the source of the email. This is a snip of >>>>>> the end of the source: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> That's because you've got the quotes in the wrong place. >>>>> src="cid:signature.jpg" >>>>> just as I said last time, so the whole thing looks like >>>>> >>>>> >>>> My apologies for the previous bad posting. I had the real file >>>> exactly as you have it above and still get the resulting HTML dropping >>>> the src= value inside the img tag. >>>> >>> Here is my (working fine) setup. Remember that MailScanner will always >>> add a text signature to a plain-text message, and will only add an HTML >>> signature to the HTML part of an HTML message. So if you are using >>> Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >>> of the message. You can do this by adding a bold space on the last line >>> of the message. That's enough to trigger it and doesn't show up visibly >>> in the resulting message. >>> >> >> >>> Dave ---- if you want to add this to the Wiki, it might be a good idea. >>> Just register yourself and add it in the configuration section. >>> >> >> >>> ***** MailScanner.conf: >>> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >>> Inline Text Signature = %rules-dir%/inline.text.sig.rules >>> Signature Image Filename = %report-dir%/jules/julessig.png >>> Signature Image Filename = julessig.png >>> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >>> >> >> >>> ***** %rules-dir%/inline.html.sig.rules: >>> From: sysjkf ecs.soton.ac.uk >>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >>> From: *@jules.fm >>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >>> >> >> >>> ***** %rules-dir%/inline.text.sig.rules: >>> From: sysjkf ecs.soton.ac.uk >>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >>> From: *@jules.fm >>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >>> >> >> >>> ***** %rules-dir%/attach.image.to.sig.rules: >>> From: sysjkf ecs.soton.ac.uk yes >>> From: *@jules.fm yes >>> FromOrTo: default no >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>>
>>>
--  >>>
sysjkf ecs.soton.ac.uk >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>
>>>
--  >>>
Jules Jules.FM >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>>
-- >>>
This message has been scanned for viruses and >>>
dangerous content by >>> MailScanner, and is >>>
believed to be clean. >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >>> Jules >>> -- >>> sysjkf ecs.soton.ac.uk >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >>> -- >>> Jules Jules.FM >>> >> >> >>> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >> >> >>> ***** THAT'S IT! ***** >>> >> >> >>> Jules >>> >> Thanks for the detailed configs. I had my settings correct and nearly >> identical to your settings. The problem still exists that the image >> is not getting displayed inline on a number of different email clients >> (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my >> quarantine (I save everything that is not high spam on my low-volume >> server at home) and the inline.html file is getting appended properly. >> Now it appears to be the "Content-ID:" multipart header is not >> getting generated in the MIME encoding so there is nothing to match my >> src="cid:signature.jpg" img tag. Could this be the problem? >> >> Working inline email image: >> ------_=_NextPart_001_01C89E3C.224B45D2 >> Content-Type: image/gif; >> name="image001.gif" >> Content-Transfer-Encoding: base64 >> Content-ID: 01C89E12.38C00F50> >> Content-Description: image001.gif >> Content-Location: image001.gif >> >> Non-working inline email image: >> ------------=_1208183216-10649-0 >> Content-Type: image/jpeg; name="signature.jpg" >> Content-Disposition: attachment; filename="signature.jpg" >> Content-Transfer-Encoding: base64 >> MIME-Version: 1.0 >> X-Mailer: MIME-tools 5.425 (Entity 5.425) >> >> >> > Just for the record, > > Mine displays an empty box too... > > Gave up trying to make it work.. >Works great for me (inevitably). The only suggestion I have is to edit />usr/lib/MailScanner/MailScanner/Message.pm. Around line 4407 there >should be a line that says this: > Id => '<' . $internalname . >'>'); >Change that to > 'Content-Id:' => '<' . >$internalname . '>'); >Then > service MailScanner restart > >and let me know if this helps at all. > >Jules Running MS ver 4.66.5 and I don't see any line similar to that in the file: # grep \$internalname * Message.pm: my $internalname = MailScanner::Config::Value('attachimageinternalname', $this); Message.pm: Filename => $internalname, # P.S. This is a great feature that I really want to get working since our other major commercial software applications are not able to do it. Julian, I am working hard to get my manager to send some money your way but I work for a fortune 500 company that requires a PO. This feature could help motivate him to go through all of the internal paperwork. Sorry if it sounds backwards (or like ransom -- :) ). You already deserve some compensation but it seems easier to spend millions with a big contract rather than small amounts that may be deemed less important to the company. -- Dave Jones From vernon at comp-wiz.com Mon Apr 14 18:20:31 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Mon Apr 14 18:21:19 2008 Subject: ClamAV 0.93 released In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> Message-ID: <056e01c89e53$d8e35370$8aa9fa50$@com> OK I suppose this is as good time to ask this question as any. My system has been complaining about the fact that ClamAV needs to be updated. I have found that the best version to use with MailScanner and my system (Fedora Core 6 or up). However the version on the MailScanner download site is version 0.92.1. Is this version ever going to change? Is it wise to go away from that build or stick with what is there? Thanks From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: Monday, April 14, 2008 12:33 PM To: mailscanner@lists.mailscanner.info Subject: ClamAV 0.93 released Release Name: 0.93 Notes: This release introduces many new features and engine enhancements, please see the ChangeLog for the list of major changes. The most visible one is the new logic in scan limits which affects some command line and config options of clamscan and clamd. Please see clamscan(1) and clamd.conf(5) and the example config file for more information on the new options. Changes: * libclamav: - New logic in scan limits: provides much more efficient protection against DoS attacks but also results in different command line and config options to clamscan and clamd (see below) - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator, entity converter - Improved filetype detection; filetype definitions can be remotely updated - Support for .cld containers (which replace .inc directories) - Improved pattern matcher and signature formats - More efficient scanning of HTML files - Many other improvements * clamd: - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion, ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles, ArchiveMaxCompressionRatio, ArchiveBlockMax * clamscan: - NEW CMDLINE OPTIONS: --max-filesize, --max-scansize - REMOVED OPTIONS: --block-max, --max-space, --max-ratio * freshclam: - NEW CONFIG OPTION CompressLocalDatabase - NEW CMDLINE SWITCH --no-warnings - main.inc and daily.inc directories are no longer used by ClamAV; please remove them manually from your database directory Cheers, Phil -- This message has been scanned for viruses and dangerous content at www.comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080414/e60674e1/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 14 18:55:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 18:56:39 2008 Subject: ClamAV 0.93 released In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> Message-ID: <48039AA2.9050905@ecs.soton.ac.uk> I have upgraded the ClamAV+SpamAssassin distribution available at www.mailscanner.info. Note that this new version does *NOT* work with the 'clamavmodule' virus scanner. So don't upgrade if you're running the clamavmodule scanner. Randal, Phil wrote: > > *Release Name: 0.93* > *Notes:* > This release introduces many new features and engine enhancements, > please see the ChangeLog for the list of major changes. The most > visible one is the new logic in scan limits which affects some command > line and config options of clamscan and clamd. Please see clamscan(1) > and clamd.conf(5) and the example config file for more information on > the new options. > > *Changes:* > * libclamav: > - New logic in scan limits: provides much more efficient > protection against > DoS attacks but also results in different command line and > config options > to clamscan and clamd (see below) > - New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text > normalisator, > entity converter > - Improved filetype detection; filetype definitions can be > remotely updated > - Support for .cld containers (which replace .inc directories) > - Improved pattern matcher and signature formats > - More efficient scanning of HTML files > - Many other improvements > > * clamd: > - NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, > MaxFiles > - ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: > MailMaxRecursion, > ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles, > ArchiveMaxCompressionRatio, ArchiveBlockMax > > * clamscan: > - NEW CMDLINE OPTIONS: --max-filesize, --max-scansize > - REMOVED OPTIONS: --block-max, --max-space, --max-ratio > > * freshclam: > - NEW CONFIG OPTION CompressLocalDatabase > - NEW CMDLINE SWITCH --no-warnings > - main.inc and daily.inc directories are no longer used by ClamAV; > please > remove them manually from your database directory > > Cheers, > > Phil > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 14 19:12:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 19:13:05 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> References: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> Message-ID: <48039E86.2070607@ecs.soton.ac.uk> Dave Jones wrote: > Peter Farrow wrote: > >> Dave Jones wrote: >> >>>> Dave Jones wrote: >>>> >>>> >>>>>> Dave Jones wrote: >>>>>> >>>>>> >>>>>>>> Dave Jones wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Can someone post a sample of a working inline.sig.html? I am getting >>>>>>>>> an email with the attached jpg file but it only shows an image box of >>>>>>>>> 186 x 23 with no image inside it. Am I missing something in my html >>>>>>>>> file that puts it inline within the body? >>>>>>>>> >>>>>>>>> _*MailScanner.conf*_ >>>>>>>>> Attach Image To Signature = yes >>>>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>>>> >>>>>>>>> >>>>> -signature.rules >>>>> >>>>> >>>>>>>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>>>>>>> Signature Image Filename = signature.jpg >>>>>>>>> >>>>>>>>> _*cat inline-html-signature.rules*_ >>>>>>>>> From: me mydomain.com >>>>>>>> >>>>>>>>> >>>>> mydomain.com > >>>>> >>>>> >>>>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>>>> FromOrTo: default no >>>>>>>>> >>>>>>>>> _*cat signature-image-filename.rules *_ >>>>>>>>> From: me mydomain.com >>>>>>>> >>>>>>>>> >>>>> mydomain.com > >>>>> >>>>> >>>>>>>>> %report-dir%/OneTeam.jpg >>>>>>>>> FromOrTo: default no >>>>>>>>> >>>>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> You need to call it src="cid:signature.jpg" >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> I made my "inline.oneteam.sig.html" have ">>>>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>>>> dropped off when I view the source of the email. This is a snip of >>>>>>> the end of the source: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> That's because you've got the quotes in the wrong place. >>>>>> src="cid:signature.jpg" >>>>>> just as I said last time, so the whole thing looks like >>>>>> >>>>>> >>>>>> >>>>> My apologies for the previous bad posting. I had the real file >>>>> exactly as you have it above and still get the resulting HTML dropping >>>>> the src= value inside the img tag. >>>>> >>>>> >>>> Here is my (working fine) setup. Remember that MailScanner will always >>>> add a text signature to a plain-text message, and will only add an HTML >>>> signature to the HTML part of an HTML message. So if you are using >>>> Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >>>> of the message. You can do this by adding a bold space on the last line >>>> of the message. That's enough to trigger it and doesn't show up visibly >>>> in the resulting message. >>>> >>>> >>> >>>> Dave ---- if you want to add this to the Wiki, it might be a good idea. >>>> Just register yourself and add it in the configuration section. >>>> >>>> >>> >>>> ***** MailScanner.conf: >>>> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >>>> Inline Text Signature = %rules-dir%/inline.text.sig.rules >>>> Signature Image Filename = %report-dir%/jules/julessig.png >>>> Signature Image Filename = julessig.png >>>> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >>>> >>>> >>> >>>> ***** %rules-dir%/inline.html.sig.rules: >>>> From: sysjkf ecs.soton.ac.uk >>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >>>> From: *@jules.fm >>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >>>> >>>> >>> >>>> ***** %rules-dir%/inline.text.sig.rules: >>>> From: sysjkf ecs.soton.ac.uk >>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >>>> From: *@jules.fm >>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >>>> >>>> >>> >>>> ***** %rules-dir%/attach.image.to.sig.rules: >>>> From: sysjkf ecs.soton.ac.uk yes >>>> From: *@jules.fm yes >>>> FromOrTo: default no >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>>>
>>>>
--  >>>>
sysjkf ecs.soton.ac.uk >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>>
>>>>
--  >>>>
Jules Jules.FM >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>>>
-- >>>>
This message has been scanned for viruses and >>>>
dangerous content by >>>> >>> > "www.mailscanner.info" claiming to > be* "http://www.mailscanner.info/">MailScanner, and is > >>>>
believed to be clean. >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >>>> Jules >>>> -- >>>> sysjkf ecs.soton.ac.uk >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >>>> -- >>>> Jules Jules.FM >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> >>> >>>> ***** THAT'S IT! ***** >>>> >>>> >>> >>>> Jules >>>> >>>> >>> Thanks for the detailed configs. I had my settings correct and nearly >>> identical to your settings. The problem still exists that the image >>> is not getting displayed inline on a number of different email clients >>> (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my >>> quarantine (I save everything that is not high spam on my low-volume >>> server at home) and the inline.html file is getting appended properly. >>> Now it appears to be the "Content-ID:" multipart header is not >>> getting generated in the MIME encoding so there is nothing to match my >>> src="cid:signature.jpg" img tag. Could this be the problem? >>> >>> Working inline email image: >>> ------_=_NextPart_001_01C89E3C.224B45D2 >>> Content-Type: image/gif; >>> name="image001.gif" >>> Content-Transfer-Encoding: base64 >>> Content-ID: 01C89E12.38C00F50> >>> Content-Description: image001.gif >>> Content-Location: image001.gif >>> >>> Non-working inline email image: >>> ------------=_1208183216-10649-0 >>> Content-Type: image/jpeg; name="signature.jpg" >>> Content-Disposition: attachment; filename="signature.jpg" >>> Content-Transfer-Encoding: base64 >>> MIME-Version: 1.0 >>> X-Mailer: MIME-tools 5.425 (Entity 5.425) >>> >>> >>> >>> >> Just for the record, >> >> Mine displays an empty box too... >> >> Gave up trying to make it work.. >> Works great for me (inevitably). The only suggestion I have is to edit >> > />usr/lib/MailScanner/MailScanner/Message.pm. Around line 4407 there > >> should be a line that says this: >> Id => '<' . $internalname . >> '>'); >> Change that to >> 'Content-Id:' => '<' . >> $internalname . '>'); >> Then >> service MailScanner restart >> >> and let me know if this helps at all. >> >> Jules >> > > Running MS ver 4.66.5 and I don't see any line similar to that in the file: > Aha! That explains it. Upgrade to the latest release and you'll find I fixed it all. You need the most recent stable release at least (4.68). > # grep \$internalname * > Message.pm: my $internalname = > MailScanner::Config::Value('attachimageinternalname', $this); > Message.pm: Filename => > $internalname, > # > > P.S. This is a great feature that I really want to get working since > our other major commercial software applications are not able to do > it. Julian, I am working hard to get my manager to send some money > your way but I work for a fortune 500 company that requires a PO. > This feature could help motivate him to go through all of the internal > paperwork. Sorry if it sounds backwards (or like ransom -- :) ). You > already deserve some compensation but it seems easier to spend > millions with a big contract rather than small amounts that may be > deemed less important to the company. > Feel free to spend millions with me! :-) I can always come up with a nice support contract for you. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Mon Apr 14 20:36:30 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Apr 14 20:37:08 2008 Subject: ClamAV 0.93 released In-Reply-To: <48039AA2.9050905@ecs.soton.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > I have upgraded the ClamAV+SpamAssassin distribution available at > www.mailscanner.info. > > Note that this new version does *NOT* work with the 'clamavmodule' > virus scanner. So don't upgrade if you're running the clamavmodule > scanner. Will it in the future? Was just about to install the SA/ClamAV bundle and wanted to use clamavmodule. Got lots of horsepower, so it't not a showstopper if there's some major technical issues with it. Doing it the old fashioned way outta be fine if needed... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ms-list at alexb.ch Mon Apr 14 20:39:15 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Apr 14 20:39:57 2008 Subject: New beta 4.69.3 released In-Reply-To: <48038EE5.7070606@ecs.soton.ac.uk> References: <480364FA.3020800@ecs.soton.ac.uk> <4803746B.0@alexb.ch> <48037D30.2060305@ecs.soton.ac.uk> <480384F5.1080500@alexb.ch> <48038EE5.7070606@ecs.soton.ac.uk> Message-ID: <4803B2E3.3040707@alexb.ch> On 4/14/2008 7:05 PM, Julian Field wrote: > > > Alex Broens wrote: >> On 4/14/2008 5:50 PM, Julian Field wrote: >>> >>> >>> Alex Broens wrote: >>>> On 4/14/2008 4:06 PM, Julian Field wrote: >>>>> I have released a new beta version of MailScanner, 4.69.3. >>>>> >>>>> The main new features in this beta are: >>>>> >>>>> - New keywords available in "Spam Actions" (and its relations) and >>>>> "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, >>>>> _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" >>>>> email address in "Spam Actions" and in the archive location and >>>>> forwarding addresses in "Archive Mail". This lets you build all >>>>> sorts of fancy systems that use procmail to deliver messages >>>>> directly into spam databases and mail archives that are sorted by >>>>> recipient address, and clever things like that. >>>>> - New MailScanner.conf setting "Missing Mail Archive Is =" which >>>>> lets you specify whether a destination in "Archive Mail =" is an >>>>> mbox-format file or a directory. This used not to be necessary as >>>>> you could predict the name of the next mbox file as it could only >>>>> contain fixed strings or the date, so you could create the mbox >>>>> file in advance if you wanted to deliver to that format. However, >>>>> now it can be based on the sender and/or recipients of the message, >>>>> it cannot be predicted so has to be told which type to use if the >>>>> archive location is not present. It will automatically create all >>>>> necessary complete directories trees to be able to archive the mail >>>>> in your requested location. >>>>> >>>>> Please let me know if this works for you okay, and also if there >>>>> are any necessary facilities I have not provided for this to be >>>>> most useful to you. The only one that immediately comes to mind is >>>>> to be able to specify an arbitrary directory location in the >>>>> "store" spam action. Do you need that ability to do that too? >>>>> >>>> >>>> Cool >>>> >>>> Question: Will your IMAPspam custom function work with this? >>> Any idea who I wrote it for or what it does? >> adding: >> >> It was designed to store spam (or ham) in a remote IMAP >> account/folder to avoid having mabox/files on MailScanner boxes. >> >> Back in 2006, when your wrote it, it required a massive MS hack to >> make it work. I gave up hacking through MS releases to keep it running. >> >> MS' new action features seem to fit the concept way better so it may >> be of use again. > I'm not quite sure how these 2 things are related. The IMAPspam code I > wrote for you uses an IMAP client to store the message in the user's > mailboxes. The new code I have written doesn't have anything to do with > IMAP clients. > > I'm slightly puzzled. Yes - indeed, it has nothign to do with the new feature except: Back when you wrote it actions weren't preprared to handle custom functions. According to you, now they do, right? If yes, and you can get it to work, I'd like to to give it away to the wiki, or anyone who may want to use it. If you can't get it to work, it was useless. thanks Alex From lists at openenterprise.ca Mon Apr 14 20:45:44 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Mon Apr 14 20:46:23 2008 Subject: qmail and plesk environment - getting listed on spamhaus In-Reply-To: <48038FB9.3040009@fsl.com> References: <48037C43.8050304@openenterprise.ca> <48038FB9.3040009@fsl.com> Message-ID: <4803B468.5040304@openenterprise.ca> Thanks Steve :) I am not familiar with qmail so I am sort of in the dark on their system but am trying to do what I can to determine their problem. The problem now is that it appears they have already been delisted so I have to go through it with only historical info. Steve Freegard wrote: > Johnny Stork wrote: >> I have a client running a plesk/qmail hosting service who is having >> some trouble with getting their shared ip listed on spamhaus. I am >> looking into various solutions to suggest to them, possibly including >> ms if it can be integrated into the plesk environment. For now I >> would like to try and determine why they keep getting listed on >> spamhaus. Can anyone suggest some tips or a starting point to >> determine why they might keep getting listed? > > This isn't really the place to ask this - but I'll answer it anyway. > > There are 3 Spamhaus lists; SBL, XBL and the PBL. If you query > zen.spamhaus.org then you will get a result from all three lists which > are determined by the returned IP. > > 127.0.0.2 = SBL > 127.0.0.4 = XBL > 127.0.0.10/11 = PBL > > Most likely they are being listed on either the SBL or XBL. If they > are listed on the SBL, then this is most likely due to spam > originating from this system and was most likely a manual listing by > Spamhaus. The Spamhaus web site will give you more information on the > listing and tell you what you need to do to get de-listed. > > If they are listed on the XBL, then this was most likely an automated > listing and is either caused by a hacked formmail.pl or PHP script > being used to send mail or it is caused by qmail sending a HELO as > 'localhost' or 'localhost.localdomain' or the machine has been hacked > and has an open-proxy installed on it. You can find out more about > this by going to cbl.abuseat.org (which is the actual data provider > for the XBL list) and requesting a de-list. The web site will then > walk you through the possible causes. > > Regards, > Steve. From MailScanner at ecs.soton.ac.uk Mon Apr 14 20:59:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 21:00:22 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> Message-ID: <4803B7A9.4020101@ecs.soton.ac.uk> Kevin Miller wrote: > Julian Field wrote: > >> I have upgraded the ClamAV+SpamAssassin distribution available at >> www.mailscanner.info. >> >> Note that this new version does *NOT* work with the 'clamavmodule' >> virus scanner. So don't upgrade if you're running the clamavmodule >> scanner. >> > > Will it in the future? Was just about to install the SA/ClamAV bundle > and wanted to use clamavmodule. Got lots of horsepower, so it't not a > showstopper if there's some major technical issues with it. Doing it > the old fashioned way outta be fine if needed... > I hope it will work in the future, but that depends on the maintainer of Mail::ClamAV. In the mean time, clamd should work. You can get that from http://dag.wieers.com/rpm/packages/clamav. You'll have to adjust virus.scanners.conf to tell it where to find clam though (/usr). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From william at raidbr.com.br Mon Apr 14 21:12:42 2008 From: william at raidbr.com.br (William A. Knob) Date: Mon Apr 14 21:13:15 2008 Subject: Attachment for include on blacklist Message-ID: <4803BABA.5060907@raidbr.com.br> Hi people, I need an "strange stuff".. MailScanner can "attach" inside the body of the spam messages a "checkbox" for the users include that mail inside the blacklist? Regards, -- *William A. Knob - Divis?o Desenvolvimento* Raidbr Solu??es em Inform?tica Ltda. Rua Jos? Albino Reuse, 1125. Cinquenten?rio. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br From Kevin_Miller at ci.juneau.ak.us Mon Apr 14 21:28:11 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Apr 14 21:28:51 2008 Subject: SA/Clam-AV installation Message-ID: I just tried to run the install script for the new clamav and spamassassin packages and encountered a couple of errors: The first is this: ============================================================ config.status: creating clamav-config.h config.status: executing depfiles commands configure: WARNING: ****** WARNING: ****** You are either cross compiling to a different host or ****** you have manually disabled important configure checks. ****** Please be aware that this build may be badly broken. ****** DO NOT REPORT BUGS BASED ON THIS BUILD !!! ============================================================ I'm compiling on the target host (SSHed in), and haven't knowlingly disabled any configure checks. The second problem was this: ============================================================ ClamAV.xs:365: error: for each function it appears in.) make[1]: *** [ClamAV.o] Error 1 make[1]: Leaving directory `/tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 178 BEGIN failed--compilation aborted at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 556. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 25 ============================================================ It seems that it was trying to access /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV but that directory doesn't exist. /tmp/clamav-0.93 does exist. Should I just try running install from inside it again? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Kevin_Miller at ci.juneau.ak.us Mon Apr 14 21:30:03 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Apr 14 21:30:13 2008 Subject: ClamAV 0.93 released In-Reply-To: <4803B7A9.4020101@ecs.soton.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <4803B7A9.4020101@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Kevin Miller wrote: >> Julian Field wrote: >> >>> I have upgraded the ClamAV+SpamAssassin distribution available at >>> www.mailscanner.info. >>> >>> Note that this new version does *NOT* work with the 'clamavmodule' >>> virus scanner. So don't upgrade if you're running the clamavmodule >>> scanner. >>> >> >> Will it in the future? Was just about to install the SA/ClamAV >> bundle and wanted to use clamavmodule. Got lots of horsepower, so >> it't not a showstopper if there's some major technical issues with >> it. Doing it the old fashioned way outta be fine if needed... >> > I hope it will work in the future, but that depends on the maintainer > of Mail::ClamAV. > In the mean time, clamd should work. You can get that from > http://dag.wieers.com/rpm/packages/clamav. > You'll have to adjust virus.scanners.conf to tell it where to find > clam though (/usr). Nah, I'm using SUSE; the dag wieers rpms are for Redhat based. Maybe I outta jump ship... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Mon Apr 14 21:40:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 21:41:04 2008 Subject: New beta 4.69.3 released In-Reply-To: <4803B2E3.3040707@alexb.ch> References: <480364FA.3020800@ecs.soton.ac.uk> <4803746B.0@alexb.ch> <48037D30.2060305@ecs.soton.ac.uk> <480384F5.1080500@alexb.ch> <48038EE5.7070606@ecs.soton.ac.uk> <4803B2E3.3040707@alexb.ch> Message-ID: <4803C131.3090804@ecs.soton.ac.uk> Alex Broens wrote: > On 4/14/2008 7:05 PM, Julian Field wrote: >> >> >> Alex Broens wrote: >>> On 4/14/2008 5:50 PM, Julian Field wrote: >>>> >>>> >>>> Alex Broens wrote: >>>>> On 4/14/2008 4:06 PM, Julian Field wrote: >>>>>> I have released a new beta version of MailScanner, 4.69.3. >>>>>> >>>>>> The main new features in this beta are: >>>>>> >>>>>> - New keywords available in "Spam Actions" (and its relations) >>>>>> and "Archive Mail" in MailScanner.conf. These let you put >>>>>> _FROMUSER_, _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the >>>>>> "forward" email address in "Spam Actions" and in the archive >>>>>> location and forwarding addresses in "Archive Mail". This lets >>>>>> you build all sorts of fancy systems that use procmail to deliver >>>>>> messages directly into spam databases and mail archives that are >>>>>> sorted by recipient address, and clever things like that. >>>>>> - New MailScanner.conf setting "Missing Mail Archive Is =" which >>>>>> lets you specify whether a destination in "Archive Mail =" is an >>>>>> mbox-format file or a directory. This used not to be necessary as >>>>>> you could predict the name of the next mbox file as it could only >>>>>> contain fixed strings or the date, so you could create the mbox >>>>>> file in advance if you wanted to deliver to that format. However, >>>>>> now it can be based on the sender and/or recipients of the >>>>>> message, it cannot be predicted so has to be told which type to >>>>>> use if the archive location is not present. It will automatically >>>>>> create all necessary complete directories trees to be able to >>>>>> archive the mail in your requested location. >>>>>> >>>>>> Please let me know if this works for you okay, and also if there >>>>>> are any necessary facilities I have not provided for this to be >>>>>> most useful to you. The only one that immediately comes to mind >>>>>> is to be able to specify an arbitrary directory location in the >>>>>> "store" spam action. Do you need that ability to do that too? >>>>>> >>>>> >>>>> Cool >>>>> >>>>> Question: Will your IMAPspam custom function work with this? >>>> Any idea who I wrote it for or what it does? >>> adding: >>> >>> It was designed to store spam (or ham) in a remote IMAP >>> account/folder to avoid having mabox/files on MailScanner boxes. >>> >>> Back in 2006, when your wrote it, it required a massive MS hack to >>> make it work. I gave up hacking through MS releases to keep it running. >>> >>> MS' new action features seem to fit the concept way better so it may >>> be of use again. >> I'm not quite sure how these 2 things are related. The IMAPspam code >> I wrote for you uses an IMAP client to store the message in the >> user's mailboxes. The new code I have written doesn't have anything >> to do with IMAP clients. >> >> I'm slightly puzzled. > > Yes - indeed, it has nothign to do with the new feature except: > > Back when you wrote it actions weren't preprared to handle custom > functions. > According to you, now they do, right? Yes, they do. > > If yes, and you can get it to work, I'd like to to give it away to the > wiki, or anyone who may want to use it. Great, thanks. > > If you can't get it to work, it was useless. I'm sure I can :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 14 21:42:48 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 21:43:06 2008 Subject: New beta 4.69.3 released In-Reply-To: <480364FA.3020800@ecs.soton.ac.uk> References: <480364FA.3020800@ecs.soton.ac.uk> Message-ID: <4803C1C8.4050305@ecs.soton.ac.uk> I have now added arbitrary directory paths to the "store" Spam Action, so you can specify Spam Actions like store-/var/spool/MailScanner/quarantine/_TOUSER_._TODOMAIN_ and it will store the spam/high-scoring-spam/non-spam in an arbitrary directory you specify, which can include the keywords _DATE_, _FROMUSER_, _FROMDOMAIN_, _TOUSER_, _TODOMAIN_. Julian Field wrote: > I have released a new beta version of MailScanner, 4.69.3. > > The main new features in this beta are: > > - New keywords available in "Spam Actions" (and its relations) and > "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, > _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" email > address in "Spam Actions" and in the archive location and forwarding > addresses in "Archive Mail". This lets you build all sorts of fancy > systems that use procmail to deliver messages directly into spam > databases and mail archives that are sorted by recipient address, and > clever things like that. > - New MailScanner.conf setting "Missing Mail Archive Is =" which lets > you specify whether a destination in "Archive Mail =" is an > mbox-format file or a directory. This used not to be necessary as you > could predict the name of the next mbox file as it could only contain > fixed strings or the date, so you could create the mbox file in > advance if you wanted to deliver to that format. However, now it can > be based on the sender and/or recipients of the message, it cannot be > predicted so has to be told which type to use if the archive location > is not present. It will automatically create all necessary complete > directories trees to be able to archive the mail in your requested > location. > > Please let me know if this works for you okay, and also if there are > any necessary facilities I have not provided for this to be most > useful to you. The only one that immediately comes to mind is to be > able to specify an arbitrary directory location in the "store" spam > action. Do you need that ability to do that too? > > Cheers folks! > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kgoods at cropusainsurance.com Mon Apr 14 21:58:37 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Mon Apr 14 22:04:37 2008 Subject: OT - MailScanner to deliver email copies to two downstream machin es. Message-ID: <13C0059880FDD3118DC600508B6D4A6D01BACC2D@aiainsurance.com> I'm currently evaluating replacing our Exchange server (5.5) with Zimbra. Have the Zimbra server set up and ready to go and have imported a couple accounts using the same domain on the Zimbra server as the existing domain on the Exchange server. Right now my MX records point to my MailScanner box which relays to the Exchange server. What I would like to do for these two accounts is to also send a duplicate copy of all emails to the Zimbra server. They would of course have to be routed via the ip addresses of the servers since DNS records for the internal servers would complicate things. I don't care about the email headers, just want a copy of the emails to be routed to both servers. I fully understand that "email doesn't work this way" but was hoping to fudge it to do a little testing on the Zimbra server with (nearly) identical emails in both systems. Is this something that MailScanner can do or would I be better off handling it with Sendmail or another tool? And if so, could anyone point me in the right direction? I've been Googling all morning and can't seem to hit on the right search terms to accomplish this task. Thanks in advance! Ken Goods Network Administrator CropUSA Insurance, Inc. From MailScanner at ecs.soton.ac.uk Mon Apr 14 22:07:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 14 22:07:57 2008 Subject: SA/Clam-AV installation In-Reply-To: References: Message-ID: <4803C77B.8080401@ecs.soton.ac.uk> Kevin Miller wrote: > I just tried to run the install script for the new clamav and > spamassassin packages and encountered a couple of errors: > > The first is this: > ============================================================ > config.status: creating clamav-config.h > config.status: executing depfiles commands > configure: WARNING: > ****** WARNING: > ****** You are either cross compiling to a different host or > ****** you have manually disabled important configure checks. > ****** Please be aware that this build may be badly broken. > ****** DO NOT REPORT BUGS BASED ON THIS BUILD !!! > ============================================================ > > I'm compiling on the target host (SSHed in), and haven't knowlingly > disabled any configure checks. > That's expected. I have to disable that check or else it won't build. > The second problem was this: > ============================================================ > ClamAV.xs:365: error: for each function it appears in.) > make[1]: *** [ClamAV.o] Error 1 > make[1]: Leaving directory > `/tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV' > > A problem was encountered while attempting to compile and install your > Inline > C code. The command that failed was: > make > > The build directory was: > /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV > > To debug the problem, cd to the build directory, and inspect the output > files. > > at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 178 > BEGIN failed--compilation aborted at > /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 556. > Compilation failed in require. > BEGIN failed--compilation aborted. > make: *** [ClamAV.inl] Error 25 > ============================================================ > > It seems that it was trying to access > /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV but that directory > doesn't exist. /tmp/clamav-0.93 does exist. Should I just try running > install from inside it again? > As I said in my post a few hours ago, Mail::ClamAV won't build with ClamAV 0.93 at the moment. See my very recent thread. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Apr 14 22:17:04 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 14 22:17:49 2008 Subject: MailScanner folder In-Reply-To: <3411CC12BB577F4FAEAC8A694780866B13C42A@ITMAIL.town.barnstable.ma.us> References: <20080411191603.7BF7.EE63E960@remedial-teacher.nl><3411CC12BB577F4FAEAC8A694780866B13C428@ITMAIL.town.barnstable.ma.us> <4800E592.9060103@ecs.soton.ac.uk> <3411CC12BB577F4FAEAC8A694780866B13C42A@ITMAIL.town.barnstable.ma.us> Message-ID: on 4-12-2008 10:11 AM Ghetti, Ron spake the following: > > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field > Sent: Sat 4/12/2008 12:38 PM > To: MailScanner discussion > Subject: Re: MailScanner folder > > > > Installed "from the website": what website? How did you install it? > What do you get when you run > /opt/MailScanner/bin/MailScanner -v > /opt/MailScanner/bin/MailScanner --lint > ? > > > Hi, > thanks for the quick reply, much appreciated. > > > to make a long story short, I've inherited this site and done some upgrades. > latest version from here: > http://www.mailscanner.info/files/4/tar/MailScanner-install-4.68.8-1.tar.gz > > ran install.sh per the readme > > upgraded spam assassin also, which went pretty well I believe. > > Your predecessor probably installed from a Debian repository, and the version you used was not. Therefore you probably do have 2 installations. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080414/175e0d90/signature.bin From adc at dc-uoit.net Mon Apr 14 23:01:07 2008 From: adc at dc-uoit.net (Andrei Caraman) Date: Mon Apr 14 23:01:49 2008 Subject: OT - MailScanner to deliver email copies to two downstream machines. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01BACC2D@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01BACC2D@aiainsurance.com> Message-ID: <20080414220107.GC6265@logger.dc-uoit.net> On Mon, Apr 14, 2008 at 01:58:37PM -0700, Ken Goods wrote: > I'm currently evaluating replacing our Exchange server (5.5) with Zimbra. > Have the Zimbra server set up and ready to go and have imported a couple > accounts using the same domain on the Zimbra server as the existing domain > on the Exchange server. Right now my MX records point to my MailScanner box > which relays to the Exchange server. What I would like to do for these two > accounts is to also send a duplicate copy of all emails to the Zimbra > server. They would of course have to be routed via the ip addresses of the > servers since DNS records for the internal servers would complicate things. This is just an ideea, I haven't tried it: Assuming your domain is example.net, use "Non Spam Actions = deliver forward user@duplicates.example.net" which will send all messages to a single mailbox (user). Now the new 4.69.3 beta has this new feature: - New keywords available in "Spam Actions" (and its relations) and "Archive Mail" in MailScanner.conf. These let you put _FROMUSER_, _FROMDOMAIN_, _TOUSER_, _TODOMAIN_ and _DATE_ in the "forward" email address in "Spam Actions" and in the archive location and forwarding addresses in "Archive Mail". This lets you build all sorts of fancy systems that use procmail to deliver messages directly into spam databases and mail archives that are sorted by recipient address, and clever things like that. so you could in fact use "Non Spam Actions = deliver forward _TOUSER_@duplicates.example.net" By now you only need to make sure duplicates.example.net mail is sent to your zimbra box. Assuming zimbra is at 192.168.2.3, with sendmail, you could put in mailertable a line like duplicates.example.net esmtp:[192.168.2.3] > Is this something that MailScanner can do or would I be better off handling > it with Sendmail or another tool? And if so, could anyone point me in the > right direction? I've been Googling all morning and can't seem to hit on the > right search terms to accomplish this task. I think this would work, but I need to stress again I have NOT tested it. I haven't even installed the new beta. Of course, I may be dead wrong, in which case I expect someone smarter than me to put things right :)) Good luck, adc From shuttlebox at gmail.com Mon Apr 14 23:21:52 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 14 23:22:26 2008 Subject: OT - MailScanner to deliver email copies to two downstream machin es. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01BACC2D@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01BACC2D@aiainsurance.com> Message-ID: <625385e30804141521j59b39944q736510865a790c@mail.gmail.com> On Mon, Apr 14, 2008 at 10:58 PM, Ken Goods wrote: > I'm currently evaluating replacing our Exchange server (5.5) with Zimbra. > Have the Zimbra server set up and ready to go and have imported a couple > accounts using the same domain on the Zimbra server as the existing domain > on the Exchange server. Right now my MX records point to my MailScanner box > which relays to the Exchange server. What I would like to do for these two > accounts is to also send a duplicate copy of all emails to the Zimbra > server. They would of course have to be routed via the ip addresses of the > servers since DNS records for the internal servers would complicate things. http://www.milter.info/sendmail/roundhouse/ -- /peter From peter at farrows.org Tue Apr 15 01:02:58 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Apr 15 01:03:50 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> References: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> Message-ID: <4803F0B2.6010303@farrows.org> Dave Jones wrote: > Peter Farrow wrote: > >> Dave Jones wrote: >> >>>> Dave Jones wrote: >>>> >>>> >>>>>> Dave Jones wrote: >>>>>> >>>>>> >>>>>>>> Dave Jones wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Can someone post a sample of a working inline.sig.html? I am getting >>>>>>>>> an email with the attached jpg file but it only shows an image box of >>>>>>>>> 186 x 23 with no image inside it. Am I missing something in my html >>>>>>>>> file that puts it inline within the body? >>>>>>>>> >>>>>>>>> _*MailScanner.conf*_ >>>>>>>>> Attach Image To Signature = yes >>>>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>>>> >>>>>>>>> >>>>> -signature.rules >>>>> >>>>> >>>>>>>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>>>>>>> Signature Image Filename = signature.jpg >>>>>>>>> >>>>>>>>> _*cat inline-html-signature.rules*_ >>>>>>>>> From: me mydomain.com >>>>>>>> >>>>>>>>> >>>>> mydomain.com > >>>>> >>>>> >>>>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>>>> FromOrTo: default no >>>>>>>>> >>>>>>>>> _*cat signature-image-filename.rules *_ >>>>>>>>> From: me mydomain.com >>>>>>>> >>>>>>>>> >>>>> mydomain.com > >>>>> >>>>> >>>>>>>>> %report-dir%/OneTeam.jpg >>>>>>>>> FromOrTo: default no >>>>>>>>> >>>>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> You need to call it src="cid:signature.jpg" >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> I made my "inline.oneteam.sig.html" have ">>>>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>>>> dropped off when I view the source of the email. This is a snip of >>>>>>> the end of the source: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> That's because you've got the quotes in the wrong place. >>>>>> src="cid:signature.jpg" >>>>>> just as I said last time, so the whole thing looks like >>>>>> >>>>>> >>>>>> >>>>> My apologies for the previous bad posting. I had the real file >>>>> exactly as you have it above and still get the resulting HTML dropping >>>>> the src= value inside the img tag. >>>>> >>>>> >>>> Here is my (working fine) setup. Remember that MailScanner will always >>>> add a text signature to a plain-text message, and will only add an HTML >>>> signature to the HTML part of an HTML message. So if you are using >>>> Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >>>> of the message. You can do this by adding a bold space on the last line >>>> of the message. That's enough to trigger it and doesn't show up visibly >>>> in the resulting message. >>>> >>>> >>> >>>> Dave ---- if you want to add this to the Wiki, it might be a good idea. >>>> Just register yourself and add it in the configuration section. >>>> >>>> >>> >>>> ***** MailScanner.conf: >>>> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >>>> Inline Text Signature = %rules-dir%/inline.text.sig.rules >>>> Signature Image Filename = %report-dir%/jules/julessig.png >>>> Signature Image Filename = julessig.png >>>> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >>>> >>>> >>> >>>> ***** %rules-dir%/inline.html.sig.rules: >>>> From: sysjkf ecs.soton.ac.uk >>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >>>> From: *@jules.fm >>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >>>> >>>> >>> >>>> ***** %rules-dir%/inline.text.sig.rules: >>>> From: sysjkf ecs.soton.ac.uk >>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >>>> From: *@jules.fm >>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >>>> >>>> >>> >>>> ***** %rules-dir%/attach.image.to.sig.rules: >>>> From: sysjkf ecs.soton.ac.uk yes >>>> From: *@jules.fm yes >>>> FromOrTo: default no >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>>>
>>>>
--  >>>>
sysjkf ecs.soton.ac.uk >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>>
>>>>
--  >>>>
Jules Jules.FM >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>>>
-- >>>>
This message has been scanned for viruses and >>>>
dangerous content by >>>> >>> > "www.mailscanner.info" claiming to > be* "http://www.mailscanner.info/">MailScanner, and is > >>>>
believed to be clean. >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >>>> Jules >>>> -- >>>> sysjkf ecs.soton.ac.uk >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >>>> -- >>>> Jules Jules.FM >>>> >>>> >>> >>>> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> >>> >>>> ***** THAT'S IT! ***** >>>> >>>> >>> >>>> Jules >>>> >>>> >>> Thanks for the detailed configs. I had my settings correct and nearly >>> identical to your settings. The problem still exists that the image >>> is not getting displayed inline on a number of different email clients >>> (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my >>> quarantine (I save everything that is not high spam on my low-volume >>> server at home) and the inline.html file is getting appended properly. >>> Now it appears to be the "Content-ID:" multipart header is not >>> getting generated in the MIME encoding so there is nothing to match my >>> src="cid:signature.jpg" img tag. Could this be the problem? >>> >>> Working inline email image: >>> ------_=_NextPart_001_01C89E3C.224B45D2 >>> Content-Type: image/gif; >>> name="image001.gif" >>> Content-Transfer-Encoding: base64 >>> Content-ID: 01C89E12.38C00F50> >>> Content-Description: image001.gif >>> Content-Location: image001.gif >>> >>> Non-working inline email image: >>> ------------=_1208183216-10649-0 >>> Content-Type: image/jpeg; name="signature.jpg" >>> Content-Disposition: attachment; filename="signature.jpg" >>> Content-Transfer-Encoding: base64 >>> MIME-Version: 1.0 >>> X-Mailer: MIME-tools 5.425 (Entity 5.425) >>> >>> >>> >>> >> Just for the record, >> >> Mine displays an empty box too... >> >> Gave up trying to make it work.. >> Works great for me (inevitably). The only suggestion I have is to edit >> > />usr/lib/MailScanner/MailScanner/Message.pm. Around line 4407 there > >> should be a line that says this: >> Id => '<' . $internalname . >> '>'); >> Change that to >> 'Content-Id:' => '<' . >> $internalname . '>'); >> Then >> service MailScanner restart >> >> and let me know if this helps at all. >> >> Jules >> > > Running MS ver 4.66.5 and I don't see any line similar to that in the file: > > # grep \$internalname * > Message.pm: my $internalname = > MailScanner::Config::Value('attachimageinternalname', $this); > Message.pm: Filename => > $internalname, > # > > P.S. This is a great feature that I really want to get working since > our other major commercial software applications are not able to do > it. Julian, I am working hard to get my manager to send some money > your way but I work for a fortune 500 company that requires a PO. > This feature could help motivate him to go through all of the internal > paperwork. Sorry if it sounds backwards (or like ransom -- :) ). You > already deserve some compensation but it seems easier to spend > millions with a big contract rather than small amounts that may be > deemed less important to the company. > I am running 4.65.3-1 and I have similar lines to that above but not the one mention at 4407... P. -- horizontal ruler Peter Farrow Inexcom Logo Inexcom Ltd Office: 08450 949 747 Fax: 01249 461 548 Mobile: 07799605617 Skype: martinfarrow Web: www.inexcom.co.uk Registered in England and Wales, number:05598456 -------------- next part -------------- Skipped content of type multipart/related From ugob at lubik.ca Tue Apr 15 03:01:55 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Tue Apr 15 03:03:18 2008 Subject: help wiht MailScanner please In-Reply-To: <113374.3471.qm@web36404.mail.mud.yahoo.com> References: <113374.3471.qm@web36404.mail.mud.yahoo.com> Message-ID: roberto martin castillo ramos wrote: > > Hello, > > I have installed the MailScanner4.64.3 in Centos5, but once installed > all the emails that are good enter like Spam, but when the MailScanner > was not installed all emails that are good enter well, > > How I can do so that the good emails do not enter like Spam once > installed the MailScanner, Are you using ORDB in your spam list? From gordonwong at wharftt.com Tue Apr 15 04:39:59 2008 From: gordonwong at wharftt.com (Gordon Wong) Date: Tue Apr 15 04:41:02 2008 Subject: MailScanner: extracting attachments References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> <48036205.20905@ecs.soton.ac.uk> Message-ID: Julian Field ecs.soton.ac.uk> writes: > > Do not set that unless you also set "Debug = yes". Much better to > specify both of them on the command-line. "MailScanner --help" will show > you the command-line options available. > > Gordon Wong wrote: > > Seems the problem occurs when you set "Debug Spamassassin = yes". > > Hope it helps. ^^ > > > > Gordon > > > > > > Jules > Just seen the diffs from Devon's two conf files and find that one file sets "Debug Spamassassin = yes" and the other "Debug Spamassassin = no". ^^ btw, why the problem occurs when I set "Debug = no" and "Debug Spamassassin = yes" at the same time? (To be more specific, not only the MailScanner process will stop at extracting attachments, but also its child process hangs at command: awk {printf "%s %s\n", strftime("%T"), $0} (see the thread "Trouble with Mailscanner after upgrading to 4.68 (plz help)" from "test" on 6 Apr 10:29)) Thanks for teaching. ^^ From hvdkooij at vanderkooij.org Tue Apr 15 06:04:04 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 15 06:04:58 2008 Subject: Backscatter & challenge response In-Reply-To: <2baac6140804140700k4d362e65v93694e2431001129@mail.gmail.com> References: <002f01c89bad$63026d10$29074730$@co.uk> <47FFD079.8080800@vanderkooij.org> <20080412070836.02bfe50c@scorpio> <2baac6140804140700k4d362e65v93694e2431001129@mail.gmail.com> Message-ID: <48043744.4000406@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: | | I agree totally. I bounce any mail from a known 'challenge response' | user. The entire concept of 'challenge response' is flawed and a huge | waste of time and bandwidth. | What has everyone been doing to stop these? I can just speak for myself. But I found the following line in header checks took care of one of them: # No dirty autoresponders /^X-ChoiceMail-Registration-Request/ REJECT We are not buying into your ChoiceMail crap Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBDdCBvzDRVjxmYERArFRAJsE15i5UKyoZ+PADHb5CpMjFGr6vQCffPy5 2jrPg3jtkxluPCnNO4pxXWA= =hRi/ -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Apr 15 06:13:08 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 15 06:13:17 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> References: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> Message-ID: <48043964.2050609@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Jones wrote: | | P.S. This is a great feature that I really want to get working since | our other major commercial software applications are not able to do | it. Julian, I am working hard to get my manager to send some money | your way but I work for a fortune 500 company that requires a PO. | This feature could help motivate him to go through all of the internal | paperwork. Sorry if it sounds backwards (or like ransom -- :) ). You | already deserve some compensation but it seems easier to spend | millions with a big contract rather than small amounts that may be | deemed less important to the company. I suggest you work out some sort of support contract or fat consultancy fee to let Jules take care of this remotely. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBDljBvzDRVjxmYERAiwKAKCd2atHz0WcpdzGWBTRFJ/UPiMNxACgkgrq pYK1qxoIVHbtHrIYd/gRGiA= =Xx4u -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Apr 15 06:23:31 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 15 06:24:05 2008 Subject: Got a very interesting problem.. In-Reply-To: <200804141347.m3EDlF0s022241@mxt.1bigthink.com> References: <200804131830.m3DIUTHo022503@mxt.1bigthink.com> <4802E476.4010504@vanderkooij.org> <200804141347.m3EDlF0s022241@mxt.1bigthink.com> Message-ID: <48043BD3.6040903@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dnsadmin 1bigthink.com wrote: | At 12:58 AM 4/14/2008, you wrote: | |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> dnsadmin 1bigthink.com wrote: |> |> | I prefer to lurk, but I have this problem that showed up on my mail |> | server. |> |> I now see your problem. Your users are having an admin who resends |> messages. You just lost some kudo points. |> |> Hugo. | | Hello Hugo, | | I don't quite understand your response.. could you please apply | clue-by-four to brain? I seem to have this allergic reaction to duplicate messages. Like the fact that you did send the same message to the mailinglist twice. ~ * Once: Message-Id: <200804121948.m3CJmRG0015874@mxt.1bigthink.com> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sat, 12 Apr 2008 15:48:16 -0400 To: MailScanner mailing list From: "dnsadmin 1bigthink.com" ~ * Twice: Message-Id: <200804131830.m3DIUTHo022503@mxt.1bigthink.com> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sun, 13 Apr 2008 14:30:18 -0400 To: MailScanner mailing list From: "dnsadmin 1bigthink.com" Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBDvRBvzDRVjxmYERAhphAJ9XMti+QGrjpfIu3fmUGMbMmzE+WgCgqfhm tS2Aquwc9HXXHsWOpObE/b4= =xUUz -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Apr 15 06:26:58 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Apr 15 06:27:06 2008 Subject: Spamassassin rules based on IP In-Reply-To: References: Message-ID: <48043CA2.5040602@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gottschalk, David wrote: | Hi All, | Does anyone know if it is possible to have MailScanner use different spamassassin rules based on IP? For example, I'd like one IP subnet to use certain .cf files, and another use different .cf files. I'd searched, but can't seem to find a method to do this. You got to do this the other way around. You have 1 config with rules files and for (almost) each decision you can use a rule file and decide differently based on Sender IP, Sender and/or Recipient. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBDygBvzDRVjxmYERApnzAKC3p5uX2tGOASa4rLd8fjSYYSbwtgCff+rE hExMs3kuIlzulMxQBGF6W60= =qfiq -----END PGP SIGNATURE----- From holger-lists at noefer.org Tue Apr 15 08:21:58 2008 From: holger-lists at noefer.org (holger-lists@noefer.org) Date: Tue Apr 15 08:22:42 2008 Subject: ClamAV "Monitors for ClamAV Updates" Message-ID: <20080415092158.bwok4mr0o44g8wkc@www.noefer.org> Hello Jules, when the new clamavmodule works with the new ClamAV version 0.93 you need to update the following section in MailScanner.conf # ClamAVModule only: monitor each of these files for changes in size to # detect when a ClamAV update has happened. # This is only used by the "clamavmodule" virus scanner, not the "clamav" # scanner setting. Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd The *.inc directory are replaced by *.cld files. From the clamav changelog: - Support for .cld containers (which replace .inc directories) Best regards, Holger From MailScanner at ecs.soton.ac.uk Tue Apr 15 09:04:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 09:05:46 2008 Subject: OT - MailScanner to deliver email copies to two downstream machin es. In-Reply-To: <625385e30804141521j59b39944q736510865a790c@mail.gmail.com> References: <13C0059880FDD3118DC600508B6D4A6D01BACC2D@aiainsurance.com> <625385e30804141521j59b39944q736510865a790c@mail.gmail.com> Message-ID: <480461A9.10102@ecs.soton.ac.uk> shuttlebox wrote: > On Mon, Apr 14, 2008 at 10:58 PM, Ken Goods wrote: > >> I'm currently evaluating replacing our Exchange server (5.5) with Zimbra. >> Have the Zimbra server set up and ready to go and have imported a couple >> accounts using the same domain on the Zimbra server as the existing domain >> on the Exchange server. Right now my MX records point to my MailScanner box >> which relays to the Exchange server. What I would like to do for these two >> accounts is to also send a duplicate copy of all emails to the Zimbra >> server. They would of course have to be routed via the ip addresses of the >> servers since DNS records for the internal servers would complicate things. >> > > http://www.milter.info/sendmail/roundhouse/ > Or there's milter-bcc which I find a bit easier to use. If you want to do it in MailScanner, I would use a ruleset attached to "Archive Mail" which can take arbitrary email addresses. Then do the mailertable stuff someone has already told you about. I only suggest Archive Mail as it's just 1 option you need to set instead of 3 (spam actions, high-scoring spam actions and non-spam actions). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 15 09:06:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 09:07:01 2008 Subject: {Disarmed} Re: Graphic inline Signature In-Reply-To: <4803F0B2.6010303@farrows.org> References: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> <4803F0B2.6010303@farrows.org> Message-ID: <48046214.8040000@ecs.soton.ac.uk> Peter Farrow wrote: > Dave Jones wrote: >> Peter Farrow wrote: >> >>> Dave Jones wrote: >>> >>>>> Dave Jones wrote: >>>>> >>>>> >>>>>>> Dave Jones wrote: >>>>>>> >>>>>>> >>>>>>>>> Dave Jones wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Can someone post a sample of a working inline.sig.html? I am getting >>>>>>>>>> an email with the attached jpg file but it only shows an image box of >>>>>>>>>> 186 x 23 with no image inside it. Am I missing something in my html >>>>>>>>>> file that puts it inline within the body? >>>>>>>>>> >>>>>>>>>> _*MailScanner.conf*_ >>>>>>>>>> Attach Image To Signature = yes >>>>>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>>>>> >>>>>>>>>> >>>>>> -signature.rules >>>>>> >>>>>> >>>>>>>>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>>>>>>>> Signature Image Filename = signature.jpg >>>>>>>>>> >>>>>>>>>> _*cat inline-html-signature.rules*_ >>>>>>>>>> From: me mydomain.com >>>>>>>>> >>>>>>>>>> >>>>>> mydomain.com > >>>>>> >>>>>> >>>>>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>>>>> FromOrTo: default no >>>>>>>>>> >>>>>>>>>> _*cat signature-image-filename.rules *_ >>>>>>>>>> From: me mydomain.com >>>>>>>>> >>>>>>>>>> >>>>>> mydomain.com > >>>>>> >>>>>> >>>>>>>>>> %report-dir%/OneTeam.jpg >>>>>>>>>> FromOrTo: default no >>>>>>>>>> >>>>>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> You need to call it src="cid:signature.jpg" >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> I made my "inline.oneteam.sig.html" have ">>>>>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>>>>> dropped off when I view the source of the email. This is a snip of >>>>>>>> the end of the source: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> That's because you've got the quotes in the wrong place. >>>>>>> src="cid:signature.jpg" >>>>>>> just as I said last time, so the whole thing looks like >>>>>>> >>>>>>> >>>>>>> >>>>>> My apologies for the previous bad posting. I had the real file >>>>>> exactly as you have it above and still get the resulting HTML dropping >>>>>> the src= value inside the img tag. >>>>>> >>>>>> >>>>> Here is my (working fine) setup. Remember that MailScanner will always >>>>> add a text signature to a plain-text message, and will only add an HTML >>>>> signature to the HTML part of an HTML message. So if you are using >>>>> Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >>>>> of the message. You can do this by adding a bold space on the last line >>>>> of the message. That's enough to trigger it and doesn't show up visibly >>>>> in the resulting message. >>>>> >>>>> >>>> >>>>> Dave ---- if you want to add this to the Wiki, it might be a good idea. >>>>> Just register yourself and add it in the configuration section. >>>>> >>>>> >>>> >>>>> ***** MailScanner.conf: >>>>> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >>>>> Inline Text Signature = %rules-dir%/inline.text.sig.rules >>>>> Signature Image Filename = %report-dir%/jules/julessig.png >>>>> Signature Image Filename = julessig.png >>>>> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >>>>> >>>>> >>>> >>>>> ***** %rules-dir%/inline.html.sig.rules: >>>>> From: sysjkf ecs.soton.ac.uk >>>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >>>>> From: *@jules.fm >>>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >>>>> >>>>> >>>> >>>>> ***** %rules-dir%/inline.text.sig.rules: >>>>> From: sysjkf ecs.soton.ac.uk >>>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >>>>> From: *@jules.fm >>>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >>>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >>>>> >>>>> >>>> >>>>> ***** %rules-dir%/attach.image.to.sig.rules: >>>>> From: sysjkf ecs.soton.ac.uk yes >>>>> From: *@jules.fm yes >>>>> FromOrTo: default no >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>>>>
>>>>>
--  >>>>>
sysjkf ecs.soton.ac.uk >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>>>
>>>>>
--  >>>>>
Jules Jules.FM >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>>>>
-- >>>>>
This message has been scanned for viruses and >>>>>
dangerous content by >>>>> >>>> >> "www.mailscanner.info" claiming to >> be* *MailScanner has detected a possible fraud attempt from "www.mailscanner.info" claiming to be* "http://www.mailscanner.info/">MailScanner, and is >> >>>>>
believed to be clean. >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >>>>> Jules >>>>> -- >>>>> sysjkf ecs.soton.ac.uk >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >>>>> -- >>>>> Jules Jules.FM >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> >>>> >>>>> ***** THAT'S IT! ***** >>>>> >>>>> >>>> >>>>> Jules >>>>> >>>>> >>>> Thanks for the detailed configs. I had my settings correct and nearly >>>> identical to your settings. The problem still exists that the image >>>> is not getting displayed inline on a number of different email clients >>>> (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my >>>> quarantine (I save everything that is not high spam on my low-volume >>>> server at home) and the inline.html file is getting appended properly. >>>> Now it appears to be the "Content-ID:" multipart header is not >>>> getting generated in the MIME encoding so there is nothing to match my >>>> src="cid:signature.jpg" img tag. Could this be the problem? >>>> >>>> Working inline email image: >>>> ------_=_NextPart_001_01C89E3C.224B45D2 >>>> Content-Type: image/gif; >>>> name="image001.gif" >>>> Content-Transfer-Encoding: base64 >>>> Content-ID: 01C89E12.38C00F50> >>>> Content-Description: image001.gif >>>> Content-Location: image001.gif >>>> >>>> Non-working inline email image: >>>> ------------=_1208183216-10649-0 >>>> Content-Type: image/jpeg; name="signature.jpg" >>>> Content-Disposition: attachment; filename="signature.jpg" >>>> Content-Transfer-Encoding: base64 >>>> MIME-Version: 1.0 >>>> X-Mailer: MIME-tools 5.425 (Entity 5.425) >>>> >>>> >>>> >>>> >>> Just for the record, >>> >>> Mine displays an empty box too... >>> >>> Gave up trying to make it work.. >>> Works great for me (inevitably). The only suggestion I have is to edit >>> >> />usr/lib/MailScanner/MailScanner/Message.pm. Around line 4407 there >> >>> should be a line that says this: >>> Id => '<' . $internalname . >>> '>'); >>> Change that to >>> 'Content-Id:' => '<' . >>> $internalname . '>'); >>> Then >>> service MailScanner restart >>> >>> and let me know if this helps at all. >>> >>> Jules >>> >> >> Running MS ver 4.66.5 and I don't see any line similar to that in the file: >> >> # grep \$internalname * >> Message.pm: my $internalname = >> MailScanner::Config::Value('attachimageinternalname', $this); >> Message.pm: Filename => >> $internalname, >> # >> >> P.S. This is a great feature that I really want to get working since >> our other major commercial software applications are not able to do >> it. Julian, I am working hard to get my manager to send some money >> your way but I work for a fortune 500 company that requires a PO. >> This feature could help motivate him to go through all of the internal >> paperwork. Sorry if it sounds backwards (or like ransom -- :) ). You >> already deserve some compensation but it seems easier to spend >> millions with a big contract rather than small amounts that may be >> deemed less important to the company. >> > I am running 4.65.3-1 and I have similar lines to that above but not > the one mention at 4407... You need to upgrade to at least 4.68 to get this working. You shouldn't need the patch mentioned above, I suggested that before I discovered you were running old code that wouldn't work anyway. > horizontal ruler > > Peter Farrow > Inexcom Logo > Inexcom Ltd > Office: 08450 949 747 > Fax: 01249 461 548 > Mobile: 07799605617 > Skype: martinfarrow > Web: www.inexcom.co.uk > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 15 09:22:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 09:23:33 2008 Subject: MailScanner: extracting attachments In-Reply-To: References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> <48036205.20905@ecs.soton.ac.uk> Message-ID: <480465D7.4070705@ecs.soton.ac.uk> Gordon Wong wrote: > Julian Field ecs.soton.ac.uk> writes: > > >> Do not set that unless you also set "Debug = yes". Much better to >> specify both of them on the command-line. "MailScanner --help" will show >> you the command-line options available. >> >> Gordon Wong wrote: >> >>> Seems the problem occurs when you set "Debug Spamassassin = yes". >>> Hope it helps. ^^ >>> >>> Gordon >>> >>> >>> >> Jules >> >> > > > Just seen the diffs from Devon's two conf files and find that one file > sets "Debug Spamassassin = yes" and the other "Debug Spamassassin = no". > ^^ > > btw, why the problem occurs when I set "Debug = no" and "Debug Spamassassin = > yes" at the same time? > I've just added a couple of lines of code that force Debug SpamAssassin = no unless Debug = yes is set. This is in 4.69.4-2. This will be available for download by the time you get this. :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From P.G.M.Peters at utwente.nl Tue Apr 15 12:08:57 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Tue Apr 15 12:09:43 2008 Subject: Backscatter & challenge response In-Reply-To: <48043744.4000406@vanderkooij.org> References: <002f01c89bad$63026d10$29074730$@co.uk> <47FFD079.8080800@vanderkooij.org> <20080412070836.02bfe50c@scorpio> <2baac6140804140700k4d362e65v93694e2431001129@mail.gmail.com> <48043744.4000406@vanderkooij.org> Message-ID: <48048CC9.1030200@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote on 15-4-2008 7:04: > Devon Harding wrote: > | > | I agree totally. I bounce any mail from a known 'challenge response' > | user. The entire concept of 'challenge response' is flawed and a huge > | waste of time and bandwidth. > | What has everyone been doing to stop these? > > I can just speak for myself. But I found the following line in header > checks took care of one of them: > # No dirty autoresponders > /^X-ChoiceMail-Registration-Request/ REJECT We are not buying into > your ChoiceMail crap I reply to the message. They claim it is coming from me. I don't send out spam so it can't be spam. Perhaps it is something I send through a mailinglist. I don't know. So I make sure they get whatever their systems has blocked. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIBIzJelLo80lrIdIRAnloAJ9FlWzZ+etg6VIweRtVlCfFlMFKIwCcDX/5 OEJf9WwDCCrMJs1ztRXBJ8g= =M/qc -----END PGP SIGNATURE----- From P.G.M.Peters at utwente.nl Tue Apr 15 12:11:50 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Tue Apr 15 12:12:05 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> References: <47FF6F6C.3050508@utwente.nl> <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> Message-ID: <48048D76.5090503@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote on 11-4-2008 17:49: >> I am trying to set up a rule that will make MS scan all messages to and >> from a number of domains, except when they come in from a certain system. >> >> In fact something like this: >> >> FromTo: *@utwente.nl AND From: 130.89.2.4 no >> FromTo: *@utwente.nl yes > FromOrTo:, not FromTo: > ...:-) > >> And those lines are needed for each domain/IP combination. >> >> Putting those IP addresses in a separate From: line does not seem to >> work because MS uses the FromTo: line with the domain. No matter if I >> put the IP-line first or last. >> >> BTW: default is no. >> > Strange. How do you edit it? vim. :) I did some more testing but the end result seems to be: In MS the rules for the domain take precedence over rules for IP addresses. I might have looked at the source myself (if it is only 200 lines...) but I had to rearrange a data center last weekend. Twelve hours of heavy lifting of servers and cabinets on Saturday and 10 hours of heavy lifting of servers and rearranging patch cables on Sunday. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIBI12elLo80lrIdIRAqufAJ0Z4rgFAeUfzLKBEcjmDCFqlet2nACfQHR4 s5padvgHEqxIowGId87m9c0= =IdAN -----END PGP SIGNATURE----- From devonharding at gmail.com Tue Apr 15 12:16:45 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Apr 15 12:17:19 2008 Subject: MailScanner: extracting attachments In-Reply-To: <480465D7.4070705@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> <48036205.20905@ecs.soton.ac.uk> <480465D7.4070705@ecs.soton.ac.uk> Message-ID: <2baac6140804150416i398f6e24xf8e207854b5627e4@mail.gmail.com> > > > > > > Just seen the diffs from Devon's two conf files and find that one file > > sets "Debug Spamassassin = yes" and the other "Debug Spamassassin = no". > > ^^ > > > > btw, why the problem occurs when I set "Debug = no" and "Debug > > Spamassassin = yes" at the same time? > > > I've just added a couple of lines of code that force Debug SpamAssassin = > no unless Debug = yes is set. > > This is in 4.69.4-2. This will be available for download by the time you > get this. :-) > > Jules > > Wow, great catch guys, I avoided the upgrading of the couple of systems as I didn't want this to happen again. -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080415/9dc4b78e/attachment.html From devonharding at gmail.com Tue Apr 15 12:18:35 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Apr 15 12:19:09 2008 Subject: Backscatter & challenge response In-Reply-To: <48043744.4000406@vanderkooij.org> References: <002f01c89bad$63026d10$29074730$@co.uk> <47FFD079.8080800@vanderkooij.org> <20080412070836.02bfe50c@scorpio> <2baac6140804140700k4d362e65v93694e2431001129@mail.gmail.com> <48043744.4000406@vanderkooij.org> Message-ID: <2baac6140804150418x512b23bu49503660bce11c7f@mail.gmail.com> > > > I can just speak for myself. But I found the following line in header > checks took care of one of them: > # No dirty autoresponders > /^X-ChoiceMail-Registration-Request/ REJECT We are not buying into > your ChoiceMail crap > > Hugo. > Where do you place this? What file? /etc/mail/access? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080415/4b38d156/attachment.html From gerard at seibercom.net Tue Apr 15 13:03:08 2008 From: gerard at seibercom.net (Gerard) Date: Tue Apr 15 13:04:37 2008 Subject: Backscatter & challenge response In-Reply-To: <48048CC9.1030200@utwente.nl> References: <002f01c89bad$63026d10$29074730$@co.uk> <47FFD079.8080800@vanderkooij.org> <20080412070836.02bfe50c@scorpio> <2baac6140804140700k4d362e65v93694e2431001129@mail.gmail.com> <48043744.4000406@vanderkooij.org> <48048CC9.1030200@utwente.nl> Message-ID: <20080415080308.723c29bc@scorpio> On Tue, 15 Apr 2008 13:08:57 +0200 Peter Peters wrote: > Hugo van der Kooij wrote on 15-4-2008 7:04: > > Devon Harding wrote: > > > > > > I agree totally. I bounce any mail from a known 'challenge > > > response' user. The entire concept of 'challenge response' is > > > flawed and a huge waste of time and bandwidth. > > > > What has everyone been doing to stop these? > > > > I can just speak for myself. But I found the following line in > > header checks took care of one of them: > > # No dirty autoresponders > > /^X-ChoiceMail-Registration-Request/ REJECT We are not buying > > into your ChoiceMail crap > > I reply to the message. They claim it is coming from me. I don't send > out spam so it can't be spam. Perhaps it is something I send through a > mailinglist. I don't know. So I make sure they get whatever their > systems has blocked. I have experienced the same phenomenon myself. My personal feeling is that any idiot that is stupid enough to use a 'challenge response' and not even smart enough to 'white list' news groups and mail forums is not worth the time to play their stupid game. Screw the asshole. When he/she stops receiving any worthwhile email, perhaps they will realize what a complete idiot they have been. Again, they are probably not even that intelligent. -- Gerard gerard@seibercom.net It is exactly because a man cannot do a thing that he is a proper judge of it. Oscar Wilde -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080415/f6d007c7/signature.bin From dgottsc at emory.edu Tue Apr 15 13:06:45 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Tue Apr 15 13:07:25 2008 Subject: Spamassassin rules based on IP In-Reply-To: <48043CA2.5040602@vanderkooij.org> References: <48043CA2.5040602@vanderkooij.org> Message-ID: I'm not sure I'm following you. Are you saying create spamassassin rules that filter based on IP? David Gottschalk UTS Email Team david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij Sent: Tuesday, April 15, 2008 1:27 AM To: MailScanner discussion Subject: Re: Spamassassin rules based on IP -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gottschalk, David wrote: | Hi All, | Does anyone know if it is possible to have MailScanner use different spamassassin rules based on IP? For example, I'd like one IP subnet to use certain .cf files, and another use different .cf files. I'd searched, but can't seem to find a method to do this. You got to do this the other way around. You have 1 config with rules files and for (almost) each decision you can use a rule file and decide differently based on Sender IP, Sender and/or Recipient. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBDygBvzDRVjxmYERApnzAKC3p5uX2tGOASa4rLd8fjSYYSbwtgCff+rE hExMs3kuIlzulMxQBGF6W60= =qfiq -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From MailScanner at ecs.soton.ac.uk Tue Apr 15 14:32:31 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 14:33:21 2008 Subject: 4.69.4-2 Message-ID: <4804AE6F.2070302@ecs.soton.ac.uk> Just to let you know I put out a new beta this morning. 2 changes of any consequence: 1) "Debug SpamAssassin" will be set to no unless "Debug = yes" has been set. This should stop the problems some people have been seeing where MailScanner claimed to be stuck extracting attachments. 2) The "forward" spam action is improved. As well as things like "store-nonspam" and "store-mcp", you can now also specify arbitrary directory paths, which looks like this: "store-/var/spool/MailScanner/dump" and it will create them as necessary. Not only that, but you can use the keywords _DATE_, _FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_ in them, so can say High-Scoring Spam Actions = delete store-/var/email/_TODOMAIN_-_TOUSER_/_DATE_ and it will do what you expect. All directories trees should be automatically created as required. Note that (2) applies to all of the appropriate MailScanner.conf settings, ie "Spam Actions", "High-Scoring Spam Actions", "Non-Spam Actions" and "SpamAssassin Rule Actions". "Archive Mail" could already do this, as noted in the previous beta announcement. I would be grateful if you could download and test this for me. Thanks folks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From william at raidbr.com.br Tue Apr 15 15:04:30 2008 From: william at raidbr.com.br (William A. Knob) Date: Tue Apr 15 15:04:55 2008 Subject: MailScanner + DSPAM Message-ID: <4804B5EE.2090305@raidbr.com.br> Hi ppl; I want to use DSPAM with MailScanner, it's possible? How? Regards, -- *William A. Knob - Divis?o Desenvolvimento* Raidbr Solu??es em Inform?tica Ltda. Rua Jos? Albino Reuse, 1125. Cinquenten?rio. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br From ms at tireswing.net Tue Apr 15 15:13:22 2008 From: ms at tireswing.net (Andy Norris) Date: Tue Apr 15 15:14:04 2008 Subject: Joe-Job -- watermark In-Reply-To: <200804151102.m3FB1YHY010055@safir.blacknight.ie> References: <200804151102.m3FB1YHY010055@safir.blacknight.ie> Message-ID: <20080415141314.69080448064@tireswing3.arsalon.net> Hi Gang, Can MS be set to treat the "no watermark" emails as automatically high-scoring spam -- or, better yet, have these mails sent to dev/null? Thanks in advance. We have had a few joe-jobs lately, and the ridiculous bounce messages are killing us. I tried writing SA rules, but it seems that these are never passed to SA. Andy From william at observi.com.br Tue Apr 15 15:24:55 2008 From: william at observi.com.br (William A. Knob) Date: Tue Apr 15 15:25:37 2008 Subject: MailScanner & DSPAM Message-ID: <4804BAB7.4030707@observi.com.br> Hi all; I can use DSPAM with Mailscanner using the Custom Spam Scanner function? Anyone is doing that? regards, -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. From glenn.steen at gmail.com Tue Apr 15 16:58:01 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 15 16:59:39 2008 Subject: Exclude certain IP addresses from scanning. In-Reply-To: <48048D76.5090503@utwente.nl> References: <47FF6F6C.3050508@utwente.nl> <223f97700804110849n6f86fcb3j5e86531544cf530a@mail.gmail.com> <48048D76.5090503@utwente.nl> Message-ID: <223f97700804150858l5f2b4febv767442f90138191a@mail.gmail.com> On 15/04/2008, Peter Peters wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Glenn Steen wrote on 11-4-2008 17:49: > > > >> I am trying to set up a rule that will make MS scan all messages to and > >> from a number of domains, except when they come in from a certain system. > >> > >> In fact something like this: > >> > >> FromTo: *@utwente.nl AND From: 130.89.2.4 no > >> FromTo: *@utwente.nl yes > > FromOrTo:, not FromTo: > > ...:-) > > > >> And those lines are needed for each domain/IP combination. > >> > >> Putting those IP addresses in a separate From: line does not seem to > >> work because MS uses the FromTo: line with the domain. No matter if I > >> put the IP-line first or last. > >> > >> BTW: default is no. > >> > > Strange. How do you edit it? > > > vim. :) Transparent, aren't I:-) > I did some more testing but the end result seems to be: In MS the rules > for the domain take precedence over rules for IP addresses. > > I might have looked at the source myself (if it is only 200 lines...) > but I had to rearrange a data center last weekend. Twelve hours of heavy > lifting of servers and cabinets on Saturday and 10 hours of heavy > lifting of servers and rearranging patch cables on Sunday. > Been there, done that and have the occasional ache and crampt to show for it:-). It's a b*tch, but usually such a relief once done:) Am desperately busy myself, and won't have time to help read those "slightly more than 200 lines" either...;-). Sorry:/ Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From davejones70 at gmail.com Tue Apr 15 17:28:35 2008 From: davejones70 at gmail.com (Dave Jones) Date: Tue Apr 15 17:30:10 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804150928s3d182c18i21841de6686b6c67@mail.gmail.com> Version 4.68 solved the problem. The image is being displayed properly. Now, the next issue. I need to find a way to only attach it once on the initial outbound email. My testing shows that it is attaching it multiple times so replies back and forth are growing and growing in size which is not good. I will research how to prevent multiple attachments. Any ideas would be much appreciated. -- Dave Jones From krgehlba at lexairinc.com Tue Apr 15 17:41:50 2008 From: krgehlba at lexairinc.com (Renee Gehlbach) Date: Tue Apr 15 17:42:46 2008 Subject: MCP broke after upgrade Message-ID: <4804DACE.4060700@lexairinc.com> Hello, We had MCP working in a previous version, but it is no longer working properly since we upgraded. Our system is currently running FreeBSD 6.3, with MailScanner port Mailscanner-4.67.6_1, SpamAssassin port p5-Mail-SpamAssassin-3.2.4_3. We have several cf files with MCP rules in the directory /usr/local/etc/Mailscanner/mcp, where the port places its example MCP rule file. Up until the upgrade, all of the rules in these files were working properly. MCP seems to be working, as the X-MailScanner-MCPCheck header appears in all messages. However, it does not seem to be finding the MCP rules, as even messages which should be triggering rules have the value (score=0, required 2) for this header. spamassassin --lint shows clean, as does spamassassin -p /usr/local/etc/Mailscanner/mcp --lint, although running those in debug mode do not show that any of the rules in the /usr/local/etc/Mailscanner/mcp directory are being read in. Running mailscanner --debug-sa --lint gives: Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp netset: cannot include 127.0.0.1/32 as it has already been included SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule =========================================================================== =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Our mcp-related settings from Mailscanner.conf are: %mcp-dir% = /usr/local/etc/MailScanner/mcp MCP Checks = yes First Check = spam MCP Required SpamAssassin Score = 2 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = %rules-dir%/mcp.actions.rules High Scoring MCP Actions = %rules-dir%/mcp.high.scoring.actions.rules Bounce MCP As Attachment = no MCP Modify Subject = yes MCP Subject Text = {Content?} High Scoring MCP Modify Subject = yes High Scoring MCP Subject Text = {Content!?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = yes Detailed MCP Report = yes Include Scores In MCP Report = yes Log MCP = yes MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100000 MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Any help would be appreciated. Thanks, Renee -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Apr 15 17:58:28 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 15 18:00:16 2008 Subject: Graphic inline Signature In-Reply-To: <4803F0B2.6010303@farrows.org> References: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> <4803F0B2.6010303@farrows.org> Message-ID: on 4-14-2008 5:02 PM Peter Farrow spake the following: > Dave Jones wrote: >> Peter Farrow wrote: >> >>> Dave Jones wrote: >>> >>>>> Dave Jones wrote: >>>>> >>>>> >>>>>>> Dave Jones wrote: >>>>>>> >>>>>>> >>>>>>>>> Dave Jones wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Can someone post a sample of a working inline.sig.html? I am getting >>>>>>>>>> an email with the attached jpg file but it only shows an image box of >>>>>>>>>> 186 x 23 with no image inside it. Am I missing something in my html >>>>>>>>>> file that puts it inline within the body? >>>>>>>>>> >>>>>>>>>> _*MailScanner.conf*_ >>>>>>>>>> Attach Image To Signature = yes >>>>>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>>>>> >>>>>>>>>> >>>>>> -signature.rules >>>>>> >>>>>> >>>>>>>>>> Signature Image Filename = %rules-dir%/signature-image-filename.rules >>>>>>>>>> Signature Image Filename = signature.jpg >>>>>>>>>> >>>>>>>>>> _*cat inline-html-signature.rules*_ >>>>>>>>>> From: me mydomain.com >>>>>>>>> >>>>>>>>>> >>>>>> mydomain.com > >>>>>> >>>>>> >>>>>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>>>>> FromOrTo: default no >>>>>>>>>> >>>>>>>>>> _*cat signature-image-filename.rules *_ >>>>>>>>>> From: me mydomain.com >>>>>>>>> >>>>>>>>>> >>>>>> mydomain.com > >>>>>> >>>>>> >>>>>>>>>> %report-dir%/OneTeam.jpg >>>>>>>>>> FromOrTo: default no >>>>>>>>>> >>>>>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> You need to call it src="cid:signature.jpg" >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> I made my "inline.oneteam.sig.html" have ">>>>>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>>>>> dropped off when I view the source of the email. This is a snip of >>>>>>>> the end of the source: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> That's because you've got the quotes in the wrong place. >>>>>>> src="cid:signature.jpg" >>>>>>> just as I said last time, so the whole thing looks like >>>>>>> >>>>>>> >>>>>>> >>>>>> My apologies for the previous bad posting. I had the real file >>>>>> exactly as you have it above and still get the resulting HTML dropping >>>>>> the src= value inside the img tag. >>>>>> >>>>>> >>>>> Here is my (working fine) setup. Remember that MailScanner will always >>>>> add a text signature to a plain-text message, and will only add an HTML >>>>> signature to the HTML part of an HTML message. So if you are using >>>>> Thunderbird, you need to pursuade it to send HTML *and* plain-text parts >>>>> of the message. You can do this by adding a bold space on the last line >>>>> of the message. That's enough to trigger it and doesn't show up visibly >>>>> in the resulting message. >>>>> >>>>> >>>> >>>>> Dave ---- if you want to add this to the Wiki, it might be a good idea. >>>>> Just register yourself and add it in the configuration section. >>>>> >>>>> >>>> >>>>> ***** MailScanner.conf: >>>>> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >>>>> Inline Text Signature = %rules-dir%/inline.text.sig.rules >>>>> Signature Image Filename = %report-dir%/jules/julessig.png >>>>> Signature Image Filename = julessig.png >>>>> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >>>>> >>>>> >>>> >>>>> ***** %rules-dir%/inline.html.sig.rules: >>>>> From: sysjkf ecs.soton.ac.uk >>>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >>>>> From: *@jules.fm >>>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.html >>>>> >>>>> >>>> >>>>> ***** %rules-dir%/inline.text.sig.rules: >>>>> From: sysjkf ecs.soton.ac.uk >>>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >>>>> From: *@jules.fm >>>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >>>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >>>>> >>>>> >>>> >>>>> ***** %rules-dir%/attach.image.to.sig.rules: >>>>> From: sysjkf ecs.soton.ac.uk yes >>>>> From: *@jules.fm yes >>>>> FromOrTo: default no >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>>>>
>>>>>
--  >>>>>
sysjkf ecs.soton.ac.uk >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>>>
>>>>>
--  >>>>>
Jules Jules.FM >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>>>>
-- >>>>>
This message has been scanned for viruses and >>>>>
dangerous content by >>>>> >>>> >> "www.mailscanner.info" claiming to >> be* "http://www.mailscanner.info/">MailScanner, and is >> >>>>>
believed to be clean. >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >>>>> Jules >>>>> -- >>>>> sysjkf ecs.soton.ac.uk >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >>>>> -- >>>>> Jules Jules.FM >>>>> >>>>> >>>> >>>>> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> >>>> >>>>> ***** THAT'S IT! ***** >>>>> >>>>> >>>> >>>>> Jules >>>>> >>>>> >>>> Thanks for the detailed configs. I had my settings correct and nearly >>>> identical to your settings. The problem still exists that the image >>>> is not getting displayed inline on a number of different email clients >>>> (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my >>>> quarantine (I save everything that is not high spam on my low-volume >>>> server at home) and the inline.html file is getting appended properly. >>>> Now it appears to be the "Content-ID:" multipart header is not >>>> getting generated in the MIME encoding so there is nothing to match my >>>> src="cid:signature.jpg" img tag. Could this be the problem? >>>> >>>> Working inline email image: >>>> ------_=_NextPart_001_01C89E3C.224B45D2 >>>> Content-Type: image/gif; >>>> name="image001.gif" >>>> Content-Transfer-Encoding: base64 >>>> Content-ID: 01C89E12.38C00F50> >>>> Content-Description: image001.gif >>>> Content-Location: image001.gif >>>> >>>> Non-working inline email image: >>>> ------------=_1208183216-10649-0 >>>> Content-Type: image/jpeg; name="signature.jpg" >>>> Content-Disposition: attachment; filename="signature.jpg" >>>> Content-Transfer-Encoding: base64 >>>> MIME-Version: 1.0 >>>> X-Mailer: MIME-tools 5.425 (Entity 5.425) >>>> >>>> >>>> >>>> >>> Just for the record, >>> >>> Mine displays an empty box too... >>> >>> Gave up trying to make it work.. >>> Works great for me (inevitably). The only suggestion I have is to edit >>> >> />usr/lib/MailScanner/MailScanner/Message.pm. Around line 4407 there >> >>> should be a line that says this: >>> Id => '<' . $internalname . >>> '>'); >>> Change that to >>> 'Content-Id:' => '<' . >>> $internalname . '>'); >>> Then >>> service MailScanner restart >>> >>> and let me know if this helps at all. >>> >>> Jules >>> >> >> Running MS ver 4.66.5 and I don't see any line similar to that in the file: >> >> # grep \$internalname * >> Message.pm: my $internalname = >> MailScanner::Config::Value('attachimageinternalname', $this); >> Message.pm: Filename => >> $internalname, >> # >> >> P.S. This is a great feature that I really want to get working since >> our other major commercial software applications are not able to do >> it. Julian, I am working hard to get my manager to send some money >> your way but I work for a fortune 500 company that requires a PO. >> This feature could help motivate him to go through all of the internal >> paperwork. Sorry if it sounds backwards (or like ransom -- :) ). You >> already deserve some compensation but it seems easier to spend >> millions with a big contract rather than small amounts that may be >> deemed less important to the company. >> > I am running 4.65.3-1 and I have similar lines to that above but not the > one mention at 4407... > Do you suppose you could turn off the html for this list? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080415/6d69546f/signature.bin From ssilva at sgvwater.com Tue Apr 15 18:09:54 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 15 18:10:51 2008 Subject: MailScanner & DSPAM In-Reply-To: <4804BAB7.4030707@observi.com.br> References: <4804BAB7.4030707@observi.com.br> Message-ID: on 4-15-2008 7:24 AM William A. Knob spake the following: > Hi all; > > I can use DSPAM with Mailscanner using the Custom Spam Scanner function? > Anyone is doing that? > > regards, > > Waiting 20 minutes and sending the message again won't get you an answer any faster. Sometimes you have to wait a whole day for an answer! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080415/6feb2f1b/signature.bin From MailScanner at ecs.soton.ac.uk Tue Apr 15 18:36:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 18:37:10 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804150928s3d182c18i21841de6686b6c67@mail.gmail.com> References: <67a55ed50804150928s3d182c18i21841de6686b6c67@mail.gmail.com> Message-ID: <4804E795.9030904@ecs.soton.ac.uk> Dave Jones wrote: > Version 4.68 solved the problem. The image is being displayed properly. > > Now, the next issue. I need to find a way to only attach it once on > the initial outbound email. My testing shows that it is attaching it > multiple times so replies back and forth are growing and growing in > size which is not good. I will research how to prevent multiple > attachments. Any ideas would be much appreciated. > It will do that. Any ideas are most welcome, I couldn't immediately think of a good solution. After all, how do you know that is *your* signature.jpg and not someone else's? If I was setting it up for a lot of people, I would always use the same filename in the HTML to make it easier to configure for different people. The only thing I could think of is to walk the entire MIME tree looking for images, and check their size (and even contents?) against the signature image you're trying to add. If you find it, try to point the signature at it. But what do you then do, start editing the HTML signature automatically? Eek :-( Lightweight solutions are most welcome. In the mean time the 0.01% (approx) of internet traffic that is email will have to be slightly more than it might be otherwise. It's a way to go before it reaches the amount of Bit-Torrent traffic :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 15 18:39:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 18:39:49 2008 Subject: MCP broke after upgrade In-Reply-To: <4804DACE.4060700@lexairinc.com> References: <4804DACE.4060700@lexairinc.com> Message-ID: <4804E852.3020405@ecs.soton.ac.uk> What did you upgrade? Renee Gehlbach wrote: > Hello, > > We had MCP working in a previous version, but it is no longer working > properly since we upgraded. Our system is currently running FreeBSD > 6.3, with MailScanner port Mailscanner-4.67.6_1, SpamAssassin port > p5-Mail-SpamAssassin-3.2.4_3. We have several cf files with MCP rules > in the directory /usr/local/etc/Mailscanner/mcp, where the port places > its example MCP rule file. Up until the upgrade, all of the rules in > these files were working properly. MCP seems to be working, as the > X-MailScanner-MCPCheck header appears in all messages. However, it > does not seem to be finding the MCP rules, as even messages which > should be triggering rules have the value (score=0, required 2) for > this header. spamassassin --lint shows clean, as does > spamassassin -p /usr/local/etc/Mailscanner/mcp --lint -D If that doesn't say the rules are being read in, then it's not a MailScanner problem. You need to get that to read the rules, and admit to it, first. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Tue Apr 15 18:55:27 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Apr 15 18:56:05 2008 Subject: SA/Clam-AV installation In-Reply-To: <4803C77B.8080401@ecs.soton.ac.uk> References: <4803C77B.8080401@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Kevin Miller wrote: >> I just tried to run the install script for the new clamav and >> spamassassin packages and encountered a couple of errors: >> >> The first is this: >> ============================================================ >> config.status: creating clamav-config.h >> config.status: executing depfiles commands >> configure: WARNING: >> ****** WARNING: >> ****** You are either cross compiling to a different host or >> ****** you have manually disabled important configure checks. >> ****** Please be aware that this build may be badly broken. >> ****** DO NOT REPORT BUGS BASED ON THIS BUILD !!! >> ============================================================ >> >> I'm compiling on the target host (SSHed in), and haven't knowlingly >> disabled any configure checks. >> > That's expected. I have to disable that check or else it won't build. >> The second problem was this: >> ============================================================ >> ClamAV.xs:365: error: for each function it appears in.) >> make[1]: *** [ClamAV.o] Error 1 >> make[1]: Leaving directory >> `/tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV' >> >> A problem was encountered while attempting to compile and install >> your Inline C code. The command that failed was: >> make >> >> The build directory was: >> /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV >> >> To debug the problem, cd to the build directory, and inspect the >> output files. >> >> at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 178 >> BEGIN failed--compilation aborted at >> /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 556. >> Compilation failed in require. >> BEGIN failed--compilation aborted. >> make: *** [ClamAV.inl] Error 25 >> ============================================================ >> >> It seems that it was trying to access >> /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV but that directory >> doesn't exist. /tmp/clamav-0.93 does exist. Should I just try >> running install from inside it again? >> > As I said in my post a few hours ago, Mail::ClamAV won't build with > ClamAV 0.93 at the moment. > See my very recent thread. Ah - I didn't pick up on that being the clamavmodule. I'm presuming that the compile for the good old clamAV command line scanner did work. I'll run some eicars through to make sure. Thanks Jules, ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From kgoods at cropusainsurance.com Tue Apr 15 18:51:57 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Tue Apr 15 18:58:01 2008 Subject: OT - MailScanner to deliver email copies to two downstream ma chines. Message-ID: <13C0059880FDD3118DC600508B6D4A6D01BACC30@aiainsurance.com> Julian Field wrote: > shuttlebox wrote: >> On Mon, Apr 14, 2008 at 10:58 PM, Ken Goods >> wrote: >> *Snip* >> >> http://www.milter.info/sendmail/roundhouse/ >> > Or there's milter-bcc which I find a bit easier to use. > If you want to do it in MailScanner, I would use a ruleset attached to > "Archive Mail" which can take arbitrary email addresses. Then do the > mailertable stuff someone has already told you about. I only suggest > Archive Mail as it's just 1 option you need to set instead of 3 (spam > actions, high-scoring spam actions and non-spam actions). > > Jules > Thanks for all suggestions! I've added roundhouse and milter-bcc to my valuable links in case I need them in the future but I decided to go with Julian's "Archive Mail" solution because it was my initial thought... just didn't know if it would work. What I really wanted to do was to have identical accounts on both machines... in other words, I wanted an account me@originaldomain.com on the zimbra server along with the existing me@originaldomain.com on the Exchange box and forward emails from the MailScanner box to the *same* email address on the two downstream boxes. I couldn't find an example of how to do this with either milter... most of what I saw was to forward or bcc to a *different* account (or different domain) which can be done easily with Julian's "Archive Mail". So I created a sub-domain on the Zimbra server (test.originaldomain.com) and moved the existing me@originaldomain.com to me@test.originaldomain.com. This was easy to do and the existing 200MB+ mail box was intact. I'm thinking I may be able to use this trick (just reverse it) when making the move into production however I'm not sure how it will affect the global calendars and meeting requests as they rely on the original email address. Andrei, Thanks for the tip on the new beta feature, I hadn't loaded the new beta yet either but I'm thinking that when it comes time for the switch-over it may come in very handy to simply forward all mails to both servers until all accounts are migrated. Please give this quick once-over and see if I understood it correctly. This is what I did: In MailScanner.conf Archive Mail = %rules-dir%/archive.rules In archive.rules To: me@originaldomain.com deliver forward me@test.originaldomain.com To: boss@originaldomain.com deliver forward boss@test.originaldomain.com Default: no (with tabs between each...couldn't remember if it would take spaces or required tabs) In SendMail's mailertable I added: test.originaldomain.com SMTP:[xx.xx.xx.xx] (IP of the Zimbra server) Do I need to add "test.originaldomain.com" to sendmail's virtuser-domain? Seems like this should do the trick. But before I restart MailScanner can I get a confirmation? :) Thanks to everyone for the help! Kind regards, Ken From bbdokken at dokkenengineering.com Tue Apr 15 19:04:54 2008 From: bbdokken at dokkenengineering.com (Brad Dokken) Date: Tue Apr 15 19:03:30 2008 Subject: ClamAV 0.93 released In-Reply-To: <48039AA2.9050905@ecs.soton.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> Message-ID: <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Monday, April 14, 2008 10:56 AM > To: MailScanner discussion > Subject: Re: ClamAV 0.93 released > > I have upgraded the ClamAV+SpamAssassin distribution available at > www.mailscanner.info. > > Note that this new version does *NOT* work with the > 'clamavmodule' virus > scanner. So don't upgrade if you're running the clamavmodule scanner. > Could you provide some clarification for me? Back in the day MailScanner didn't support Clamd. When Clamd support became available I stuck with clamavmodule because the speed increase wasn't needed in my configuration. Your easy install package is so simple and "just works" so I haven't seen a need to change anything. Over the past year it seems the Mail::ClamAV perl module hasn't been getting updated in a timely manner. I have waited for it to get updated and then installed the latest ClamAV update. This is getting a bit old and so I ask, is ClamD considered the Best Practice for a MailScanner setup today? Also, once I install and configure ClamD from DW's rpms, does your easy install package update ClamAV from that point on or do I have to skip the clamav update when I run the install script from your easy install package? Thanks for the assist! Brad From Kevin_Miller at ci.juneau.ak.us Tue Apr 15 19:14:41 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Apr 15 19:15:22 2008 Subject: Graphic inline Signature In-Reply-To: <4804E795.9030904@ecs.soton.ac.uk> References: <67a55ed50804150928s3d182c18i21841de6686b6c67@mail.gmail.com> <4804E795.9030904@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Dave Jones wrote: >> Version 4.68 solved the problem. The image is being displayed >> properly. >> >> Now, the next issue. I need to find a way to only attach it once on >> the initial outbound email. My testing shows that it is attaching it >> multiple times so replies back and forth are growing and growing in >> size which is not good. I will research how to prevent multiple >> attachments. Any ideas would be much appreciated. >> > It will do that. Any ideas are most welcome, I couldn't immediately > think of a good solution. After all, how do you know that > is *your* signature.jpg and not someone else's? If I > was setting it up for a lot of people, I would always use the same > filename in the HTML to make it easier to configure for different > people. > > The only thing I could think of is to walk the entire MIME tree > looking for images, and check their size (and even contents?) against > the signature image you're trying to add. If you find it, try to > point the signature at it. But what do you then do, start editing the > HTML signature automatically? Eek :-( > > Lightweight solutions are most welcome. In the mean time the 0.01% > (approx) of internet traffic that is email will have to be slightly > more than it might be otherwise. It's a way to go before it reaches > the amount of Bit-Torrent traffic :-) > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. Perhaps one way to at least partially accomplish that would be to insure that the signature is preceeded by "-- ". Most decent mail clients trim off anything that follows as I'm sure you know. As you can see however, I (sadly) am using an abismal piece of junk for a client (Outlook 2003) which is apparently braindead in that it didn't strip out any of the signatures. But in general it might help strip out signatures for a good portion of the population. I'm presuming that html email behaves in a similar fashion regarding trimming anythinng after the signature delimiter. Just a thought... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From antencek at volja.net Tue Apr 15 19:42:19 2008 From: antencek at volja.net (Antencek) Date: Tue Apr 15 19:43:14 2008 Subject: MailScanner and Zip Attachments Message-ID: <4804F70B.6060807@volja.net> Hello all! I am using MailScanner 4.66.5 with Zip Attachments setting = yes. Works great. Now I want to set rules for particular e-mail address/domain not to zip attachments (FromOrTo). According to http://www.mailscanner.info/MailScanner.conf.index.html#Zip%20Attachments I have made zip-attachments.rules with the content: FromOrTo: my.email@address.com no FromOrTo: @domain1.com no FromOrTo: default yes And set MailScanner.conf: Zip Attachments = %rules-dir%/zip-attachments.rules Restarted MailScanner, but this does not seem to work. The MailScanner is acting like Zip Attachments setting = no for everyone. Please help me find what I am doing wrong? I would also like to put in use other rules for zip and attachments based on FromOrTo. Thank you. Antencek From MailScanner at ecs.soton.ac.uk Tue Apr 15 20:00:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 20:01:16 2008 Subject: MailScanner & DSPAM In-Reply-To: References: <4804BAB7.4030707@observi.com.br> Message-ID: <4804FB4B.4020705@ecs.soton.ac.uk> Scott Silva wrote: > on 4-15-2008 7:24 AM William A. Knob spake the following: >> Hi all; >> >> I can use DSPAM with Mailscanner using the Custom Spam Scanner >> function? Anyone is doing that? >> >> regards, >> >> > Waiting 20 minutes and sending the message again won't get you an > answer any faster. > > Sometimes you have to wait a whole day for an answer! ;-) And very rarely you get the case where no-one replies because no-one reading the list at the moment has done this. Not saying that is the case this time, but it is a possibility, time will tell. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From krgehlba at lexairinc.com Tue Apr 15 20:15:02 2008 From: krgehlba at lexairinc.com (Renee Gehlbach) Date: Tue Apr 15 20:15:50 2008 Subject: MCP broke after upgrade In-Reply-To: <4804E852.3020405@ecs.soton.ac.uk> References: <4804DACE.4060700@lexairinc.com> <4804E852.3020405@ecs.soton.ac.uk> Message-ID: <4804FEB6.2000807@lexairinc.com> Julian Field wrote: > What did you upgrade? We rebuilt world and upgraded all ports. We went from FreeBSD 6.2 to 6.3. There were updates to both mailscanner and spamassassin, but I do not recall what the previous versions were. > Renee Gehlbach wrote: >> Hello, >> >> We had MCP working in a previous version, but it is no longer working >> properly since we upgraded. Our system is currently running FreeBSD >> 6.3, with MailScanner port Mailscanner-4.67.6_1, SpamAssassin port >> p5-Mail-SpamAssassin-3.2.4_3. We have several cf files with MCP >> rules in the directory /usr/local/etc/Mailscanner/mcp, where the port >> places its example MCP rule file. Up until the upgrade, all of the >> rules in these files were working properly. MCP seems to be working, >> as the X-MailScanner-MCPCheck header appears in all messages. >> However, it does not seem to be finding the MCP rules, as even >> messages which should be triggering rules have the value (score=0, >> required 2) for this header. spamassassin --lint shows clean, as does > >> spamassassin -p /usr/local/etc/Mailscanner/mcp --lint -D > If that doesn't say the rules are being read in, then it's not a > MailScanner problem. You need to get that to read the rules, and admit > to it, first. I agree that I need to get it to read these rules. What I am trying to find out is why it is not reading them. If I am asking for help from the wrong mailing list, please let me know. I am emailing this list because all of the config files and sample rules being used for mcp are part of the MailScanner port, not the SpamAssassin port, and because the options to set up mcp are located within the MailScanner config file. Thanks, Renee -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From adc at dc-uoit.net Tue Apr 15 20:28:48 2008 From: adc at dc-uoit.net (Andrei Caraman) Date: Tue Apr 15 20:29:36 2008 Subject: OT - MailScanner to deliver email copies to two downstream ma chines. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01BACC30@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01BACC30@aiainsurance.com> Message-ID: <20080415192848.GD6265@logger.dc-uoit.net> On Tue, Apr 15, 2008 at 10:51:57AM -0700, Ken Goods wrote: > In SendMail's mailertable I added: > test.originaldomain.com SMTP:[xx.xx.xx.xx] (IP of the Zimbra server) don't forget to do a "makemap hash mailertable ...." or else sendmail doesn't see the change. i speak from experience :) someone else may comment on the merits of using esmtp instead of smtp on that mailertable line... > Do I need to add "test.originaldomain.com" to sendmail's virtuser-domain? no, because @test.originaldomain.com addresses are not local to the gateway. a "sendmail -bv you@test.originaldomain.com" may come in handy. > Seems like this should do the trick. But before I restart MailScanner can I > get a confirmation? :) one other thing you may have already considered: there will be lots and lots of mail on the zimbra box. will anyone be looking at that? i'm assuming the users only connect to the old server... adc From krgehlba at lexairinc.com Tue Apr 15 20:45:42 2008 From: krgehlba at lexairinc.com (Renee Gehlbach) Date: Tue Apr 15 20:46:28 2008 Subject: MCP broke after upgrade In-Reply-To: <4804E852.3020405@ecs.soton.ac.uk> References: <4804DACE.4060700@lexairinc.com> <4804E852.3020405@ecs.soton.ac.uk> Message-ID: <480505E6.5020407@lexairinc.com> Julian Field wrote: >> spamassassin -p /usr/local/etc/Mailscanner/mcp --lint -D > If that doesn't say the rules are being read in, then it's not a > MailScanner problem. You need to get that to read the rules, and admit > to it, first. I am unsure whether had just previously overlooked it, or whether I have changed a setting which changed the output since I last carefully read that output, but current output from spamassassin -p /usr/local/etc/Mailscanner/mcp --lint -D does include: [6916] dbg: config: read file /usr/local/etc/mail/spamassassin/mailscanner.cf [6916] dbg: config: using "/usr/local/etc/MailScanner/mcp/" for user prefs file [6916] dbg: config: read file /usr/local/etc/MailScanner/mcp//10_example.cf [6916] dbg: config: read file /usr/local/etc/MailScanner/mcp//bad.words.body.cf [6916] dbg: config: read file /usr/local/etc/MailScanner/mcp//bad.words.from.cf [6916] dbg: config: read file /usr/local/etc/MailScanner/mcp//bad.words.subject.cf Thanks, Renee -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Apr 15 20:53:07 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 15 20:53:52 2008 Subject: ClamAV 0.93 released In-Reply-To: <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> Message-ID: on 4-15-2008 11:04 AM Brad Dokken spake the following: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: Monday, April 14, 2008 10:56 AM >> To: MailScanner discussion >> Subject: Re: ClamAV 0.93 released >> >> I have upgraded the ClamAV+SpamAssassin distribution available at >> www.mailscanner.info. >> >> Note that this new version does *NOT* work with the >> 'clamavmodule' virus >> scanner. So don't upgrade if you're running the clamavmodule scanner. >> > > Could you provide some clarification for me? Back in the day MailScanner > didn't support Clamd. When Clamd support became available I stuck with > clamavmodule because the speed increase wasn't needed in my > configuration. Your easy install package is so simple and "just works" > so I haven't seen a need to change anything. Over the past year it seems > the Mail::ClamAV perl module hasn't been getting updated in a timely > manner. I have waited for it to get updated and then installed the > latest ClamAV update. This is getting a bit old and so I ask, is ClamD > considered the Best Practice for a MailScanner setup today? Also, once I > install and configure ClamD from DW's rpms, does your easy install > package update ClamAV from that point on or do I have to skip the clamav > update when I run the install script from your easy install package? > Thanks for the assist! > Brad If you use rpm's for clam, don't install clam from Julian's package. When you run the install script, it asks you if you are using other clam sources. Then if you want to keep your clam up to date you put dag's repo in your yum configuration and update clam that way. You can get clamd running from Julian's install package, as there are several sample init scripts in the clam tarball if you want to do it that way. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080415/6768ed62/signature.bin From ssilva at sgvwater.com Tue Apr 15 21:11:55 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 15 21:12:38 2008 Subject: Graphic inline Signature In-Reply-To: References: <67a55ed50804150928s3d182c18i21841de6686b6c67@mail.gmail.com> <4804E795.9030904@ecs.soton.ac.uk> Message-ID: on 4-15-2008 11:14 AM Kevin Miller spake the following: > Julian Field wrote: >> Dave Jones wrote: >>> Version 4.68 solved the problem. The image is being displayed >>> properly. >>> >>> Now, the next issue. I need to find a way to only attach it once on >>> the initial outbound email. My testing shows that it is attaching it >>> multiple times so replies back and forth are growing and growing in >>> size which is not good. I will research how to prevent multiple >>> attachments. Any ideas would be much appreciated. >>> >> It will do that. Any ideas are most welcome, I couldn't immediately >> think of a good solution. After all, how do you know that >> is *your* signature.jpg and not someone else's? If I >> was setting it up for a lot of people, I would always use the same >> filename in the HTML to make it easier to configure for different >> people. >> >> The only thing I could think of is to walk the entire MIME tree >> looking for images, and check their size (and even contents?) against >> the signature image you're trying to add. If you find it, try to >> point the signature at it. But what do you then do, start editing the >> HTML signature automatically? Eek :-( >> >> Lightweight solutions are most welcome. In the mean time the 0.01% >> (approx) of internet traffic that is email will have to be slightly >> more than it might be otherwise. It's a way to go before it reaches >> the amount of Bit-Torrent traffic :-) >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. > > Perhaps one way to at least partially accomplish that would be to insure > that the signature is preceeded by "-- ". Most decent mail clients trim > off anything that follows as I'm sure you know. > > As you can see however, I (sadly) am using an abismal piece of junk for > a client (Outlook 2003) which is apparently braindead in that it didn't > strip out any of the signatures. But in general it might help strip out > signatures for a good portion of the population. I'm presuming that > html email behaves in a similar fashion regarding trimming anythinng > after the signature delimiter. > > Just a thought... > > ...Kevin And as you can see, Thunderbird doesn't remove them after they have been quoted, as the "-- " has to be on a line by itself for most MUA's to strip the sigs. I usually just edit out the extra stuff when I remember, or when I am NOT showing an example. ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080415/59f03fb7/signature.bin From peter at farrows.org Tue Apr 15 21:16:49 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Apr 15 21:17:36 2008 Subject: Graphic inline Signature In-Reply-To: References: <67a55ed50804141014n2654afaem22fd2acdbff077f6@mail.gmail.com> <4803F0B2.6010303@farrows.org> Message-ID: <48050D31.7000408@farrows.org> Scott Silva wrote: > on 4-14-2008 5:02 PM Peter Farrow spake the following: >> Dave Jones wrote: >>> Peter Farrow wrote: >>> >>>> Dave Jones wrote: >>>> >>>>>> Dave Jones wrote: >>>>>> >>>>>> >>>>>>>> Dave Jones wrote: >>>>>>>> >>>>>>>> >>>>>>>>>> Dave Jones wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Can someone post a sample of a working inline.sig.html? I am >>>>>>>>>>> getting >>>>>>>>>>> an email with the attached jpg file but it only shows an >>>>>>>>>>> image box of >>>>>>>>>>> 186 x 23 with no image inside it. Am I missing something in >>>>>>>>>>> my html >>>>>>>>>>> file that puts it inline within the body? >>>>>>>>>>> >>>>>>>>>>> _*MailScanner.conf*_ >>>>>>>>>>> Attach Image To Signature = yes >>>>>>>>>>> Inline HTML Signature = %rules-dir%/inline-html >>>>>>>>>>> >>>>>>>>>>> >>>>>>> -signature.rules >>>>>>> >>>>>>> >>>>>>>>>>> Signature Image Filename = >>>>>>>>>>> %rules-dir%/signature-image-filename.rules >>>>>>>>>>> Signature Image Filename = signature.jpg >>>>>>>>>>> >>>>>>>>>>> _*cat inline-html-signature.rules*_ >>>>>>>>>>> From: me mydomain.com >>>>>>>>>> >>>>>>>>>>> >>>>>>> mydomain.com > >>>>>>> >>>>>>> >>>>>>>>>>> %report-dir%/inline.oneteam.sig.html >>>>>>>>>>> FromOrTo: default no >>>>>>>>>>> >>>>>>>>>>> _*cat signature-image-filename.rules *_ >>>>>>>>>>> From: me mydomain.com >>>>>>>>>> >>>>>>>>>>> >>>>>>> mydomain.com > >>>>>>> >>>>>>> >>>>>>>>>>> %report-dir%/OneTeam.jpg >>>>>>>>>>> FromOrTo: default no >>>>>>>>>>> >>>>>>>>>>> _*cat inline.oneteam.sig.html*_ >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> You need to call it src="cid:signature.jpg" >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> I made my "inline.oneteam.sig.html" have ">>>>>>>> height=23 >>>>>>>>> src="cid:signature.jpg>" " but now the src= text value is getting >>>>>>>>> dropped off when I view the source of the email. This is a >>>>>>>>> snip of >>>>>>>>> the end of the source: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> That's because you've got the quotes in the wrong place. >>>>>>>> src="cid:signature.jpg" >>>>>>>> just as I said last time, so the whole thing looks like >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> My apologies for the previous bad posting. I had the real file >>>>>>> exactly as you have it above and still get the resulting HTML >>>>>>> dropping >>>>>>> the src= value inside the img tag. >>>>>>> >>>>>>> >>>>>> Here is my (working fine) setup. Remember that MailScanner will >>>>>> always >>>>>> add a text signature to a plain-text message, and will only add >>>>>> an HTML >>>>>> signature to the HTML part of an HTML message. So if you are using >>>>>> Thunderbird, you need to pursuade it to send HTML *and* >>>>>> plain-text parts >>>>>> of the message. You can do this by adding a bold space on the >>>>>> last line >>>>>> of the message. That's enough to trigger it and doesn't show up >>>>>> visibly >>>>>> in the resulting message. >>>>>> >>>>>> >>>>> >>>>>> Dave ---- if you want to add this to the Wiki, it might be a good >>>>>> idea. >>>>>> Just register yourself and add it in the configuration section. >>>>>> >>>>>> >>>>> >>>>>> ***** MailScanner.conf: >>>>>> Inline HTML Signature = %rules-dir%/inline.html.sig.rules >>>>>> Inline Text Signature = %rules-dir%/inline.text.sig.rules >>>>>> Signature Image Filename = %report-dir%/jules/julessig.png >>>>>> Signature Image Filename = julessig.png >>>>>> Attach Image To Signature = %rules-dir%/attach.image.to.sig.rules >>>>>> >>>>>> >>>>> >>>>>> ***** %rules-dir%/inline.html.sig.rules: >>>>>> From: sysjkf ecs.soton.ac.uk >>>>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html >>>>>> From: *@jules.fm >>>>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>>>> FromOrTo: default >>>>>> /etc/MailScanner/reports/ECS/inline.sig.html >>>>>> >>>>>> >>>>> >>>>>> ***** %rules-dir%/inline.text.sig.rules: >>>>>> From: sysjkf ecs.soton.ac.uk >>>>>> /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt >>>>>> From: *@jules.fm >>>>>> /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt >>>>>> FromOrTo: default /etc/MailScanner/reports/ECS/inline.sig.txt >>>>>> >>>>>> >>>>> >>>>>> ***** %rules-dir%/attach.image.to.sig.rules: >>>>>> From: sysjkf ecs.soton.ac.uk yes >>>>>> From: *@jules.fm yes >>>>>> FromOrTo: default no >>>>>> >>>>>> >>>>> >>>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.html: >>>>>>
>>>>>>
--  >>>>>>
sysjkf ecs.soton.ac.uk >>>>>> >>>>>> >>>>> >>>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.html >>>>>>
>>>>>>
--  >>>>>>
Jules Jules.FM >>>>>> >>>>>> >>>>> >>>>>> ***** /etc/MailScanner/reports/ECS/inline.sig.html: >>>>>>
-- >>>>>>
This message has been scanned for viruses and >>>>>>
dangerous content by >>>>>> >>>>> >>> "www.mailscanner.info" claiming to >>> be* "http://www.mailscanner.info/">MailScanner, and is >>> >>>>>>
believed to be clean. >>>>>> >>>>>> >>>>> >>>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.inline.sig.txt: >>>>>> Jules >>>>>> -- >>>>>> sysjkf ecs.soton.ac.uk >>>>>> >>>>>> >>>>> >>>>>> ***** /etc/MailScanner/reports/ECS/jules/jules.fm.inline.sig.txt: >>>>>> -- >>>>>> Jules Jules.FM >>>>>> >>>>>> >>>>> >>>>>> ***** /etc/MailScanner/reports/ECS/inline.sig.txt: >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> >>>>> >>>>>> ***** THAT'S IT! ***** >>>>>> >>>>>> >>>>> >>>>>> Jules >>>>>> >>>>>> >>>>> Thanks for the detailed configs. I had my settings correct and >>>>> nearly >>>>> identical to your settings. The problem still exists that the image >>>>> is not getting displayed inline on a number of different email >>>>> clients >>>>> (Outlook, Scalix, Gmail, etc.). I looked at my raw queue files in my >>>>> quarantine (I save everything that is not high spam on my low-volume >>>>> server at home) and the inline.html file is getting appended >>>>> properly. >>>>> Now it appears to be the "Content-ID:" multipart header is not >>>>> getting generated in the MIME encoding so there is nothing to >>>>> match my >>>>> src="cid:signature.jpg" img tag. Could this be the problem? >>>>> >>>>> Working inline email image: >>>>> ------_=_NextPart_001_01C89E3C.224B45D2 >>>>> Content-Type: image/gif; >>>>> name="image001.gif" >>>>> Content-Transfer-Encoding: base64 >>>>> Content-ID: 01C89E12.38C00F50> >>>>> Content-Description: image001.gif >>>>> Content-Location: image001.gif >>>>> >>>>> Non-working inline email image: >>>>> ------------=_1208183216-10649-0 >>>>> Content-Type: image/jpeg; name="signature.jpg" >>>>> Content-Disposition: attachment; filename="signature.jpg" >>>>> Content-Transfer-Encoding: base64 >>>>> MIME-Version: 1.0 >>>>> X-Mailer: MIME-tools 5.425 (Entity 5.425) >>>>> >>>>> >>>>> >>>>> >>>> Just for the record, >>>> >>>> Mine displays an empty box too... >>>> >>>> Gave up trying to make it work.. >>>> Works great for me (inevitably). The only suggestion I have is to edit >>>> >>> />usr/lib/MailScanner/MailScanner/Message.pm. Around line 4407 there >>> >>>> should be a line that says this: >>>> Id => '<' . $internalname . >>>> '>'); >>>> Change that to >>>> 'Content-Id:' => '<' . >>>> $internalname . '>'); >>>> Then >>>> service MailScanner restart >>>> >>>> and let me know if this helps at all. >>>> >>>> Jules >>>> >>> >>> Running MS ver 4.66.5 and I don't see any line similar to that in >>> the file: >>> >>> # grep \$internalname * >>> Message.pm: my $internalname = >>> MailScanner::Config::Value('attachimageinternalname', $this); >>> Message.pm: Filename => >>> $internalname, >>> # >>> >>> P.S. This is a great feature that I really want to get working since >>> our other major commercial software applications are not able to do >>> it. Julian, I am working hard to get my manager to send some money >>> your way but I work for a fortune 500 company that requires a PO. >>> This feature could help motivate him to go through all of the internal >>> paperwork. Sorry if it sounds backwards (or like ransom -- :) ). You >>> already deserve some compensation but it seems easier to spend >>> millions with a big contract rather than small amounts that may be >>> deemed less important to the company. >>> >> I am running 4.65.3-1 and I have similar lines to that above but not >> the one mention at 4407... >> > Do you suppose you could turn off the html for this list? > Depends what machine Iam using... From MailScanner at ecs.soton.ac.uk Tue Apr 15 21:17:36 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 21:18:33 2008 Subject: OT - MailScanner to deliver email copies to two downstream ma chines. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01BACC30@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01BACC30@aiainsurance.com> Message-ID: <48050D60.90208@ecs.soton.ac.uk> Ken Goods wrote: > Julian Field wrote: > >> shuttlebox wrote: >> >>> On Mon, Apr 14, 2008 at 10:58 PM, Ken Goods >>> wrote: >>> >>> > *Snip* > >>> http://www.milter.info/sendmail/roundhouse/ >>> >>> >> Or there's milter-bcc which I find a bit easier to use. >> If you want to do it in MailScanner, I would use a ruleset attached to >> "Archive Mail" which can take arbitrary email addresses. Then do the >> mailertable stuff someone has already told you about. I only suggest >> Archive Mail as it's just 1 option you need to set instead of 3 (spam >> actions, high-scoring spam actions and non-spam actions). >> >> Jules >> >> > > Thanks for all suggestions! I've added roundhouse and milter-bcc to my > valuable links in case I need them in the future but I decided to go with > Julian's "Archive Mail" solution because it was my initial thought... just > didn't know if it would work. > > What I really wanted to do was to have identical accounts on both > machines... in other words, I wanted an account me@originaldomain.com on the > zimbra server along with the existing me@originaldomain.com on the Exchange > box and forward emails from the MailScanner box to the *same* email address > on the two downstream boxes. I couldn't find an example of how to do this > with either milter... most of what I saw was to forward or bcc to a > *different* account (or different domain) which can be done easily with > Julian's "Archive Mail". > > So I created a sub-domain on the Zimbra server (test.originaldomain.com) and > moved the existing me@originaldomain.com to me@test.originaldomain.com. This > was easy to do and the existing 200MB+ mail box was intact. I'm thinking I > may be able to use this trick (just reverse it) when making the move into > production however I'm not sure how it will affect the global calendars and > meeting requests as they rely on the original email address. > > Andrei, Thanks for the tip on the new beta feature, I hadn't loaded the new > beta yet either but I'm thinking that when it comes time for the switch-over > it may come in very handy to simply forward all mails to both servers until > all accounts are migrated. > > Please give this quick once-over and see if I understood it correctly. > > This is what I did: > In MailScanner.conf > Archive Mail = %rules-dir%/archive.rules > > In archive.rules > To: me@originaldomain.com deliver forward me@test.originaldomain.com > To: boss@originaldomain.com deliver forward boss@test.originaldomain.com > Default: no > You meant "FromOrTo: default" for the last line. As you want it to not archive to anywhere, you give the same response you would give for "Archive Mail =", which is just an empty string. So don't say "no", say a blank or empty string. Saying "no" is the equivalent of a line in MailScanner.conf that said "Archive Mail = no" which is clearly not sensible. > (with tabs between each...couldn't remember if it would take spaces or > required tabs) > The only time tabs are required are in the filename.rules.conf and filetype.rules.conf files. If I didn't insist on tabs there, you wouldn't be able to match expressions (or "file" command output) that had any spaces in them, and you wouldn't be able to have log output and user response strings with any spaces in them. So I have to insist on tabs there, but nowhere else. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 15 21:20:05 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 21:20:24 2008 Subject: SA/Clam-AV installation In-Reply-To: References: <4803C77B.8080401@ecs.soton.ac.uk> Message-ID: <48050DF5.3010304@ecs.soton.ac.uk> Kevin Miller wrote: > Julian Field wrote: > >> Kevin Miller wrote: >> >>> I just tried to run the install script for the new clamav and >>> spamassassin packages and encountered a couple of errors: >>> >>> The first is this: >>> ============================================================ >>> config.status: creating clamav-config.h >>> config.status: executing depfiles commands >>> configure: WARNING: >>> ****** WARNING: >>> ****** You are either cross compiling to a different host or >>> ****** you have manually disabled important configure checks. >>> ****** Please be aware that this build may be badly broken. >>> ****** DO NOT REPORT BUGS BASED ON THIS BUILD !!! >>> ============================================================ >>> >>> I'm compiling on the target host (SSHed in), and haven't knowlingly >>> disabled any configure checks. >>> >>> >> That's expected. I have to disable that check or else it won't build. >> >>> The second problem was this: >>> ============================================================ >>> ClamAV.xs:365: error: for each function it appears in.) >>> make[1]: *** [ClamAV.o] Error 1 >>> make[1]: Leaving directory >>> `/tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV' >>> >>> A problem was encountered while attempting to compile and install >>> your Inline C code. The command that failed was: >>> make >>> >>> The build directory was: >>> /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV >>> >>> To debug the problem, cd to the build directory, and inspect the >>> output files. >>> >>> at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 178 >>> BEGIN failed--compilation aborted at >>> /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 556. >>> Compilation failed in require. >>> BEGIN failed--compilation aborted. >>> make: *** [ClamAV.inl] Error 25 >>> ============================================================ >>> >>> It seems that it was trying to access >>> /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV but that directory >>> doesn't exist. /tmp/clamav-0.93 does exist. Should I just try >>> running install from inside it again? >>> >>> >> As I said in my post a few hours ago, Mail::ClamAV won't build with >> ClamAV 0.93 at the moment. >> See my very recent thread. >> > > Ah - I didn't pick up on that being the clamavmodule. > > I'm presuming that the compile for the good old clamAV command line > scanner did work. I'll run some eicars through to make sure. > Yes, the virus scanner settings "clamav" and "clamd" should still work okay. It's just "clamavmodule" that won't work with the new ClamAV 0.93. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 15 21:29:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 21:29:40 2008 Subject: ClamAV 0.93 released In-Reply-To: <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> Message-ID: <48051021.5010909@ecs.soton.ac.uk> Brad, Brad Dokken wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: Monday, April 14, 2008 10:56 AM >> To: MailScanner discussion >> Subject: Re: ClamAV 0.93 released >> >> I have upgraded the ClamAV+SpamAssassin distribution available at >> www.mailscanner.info. >> >> Note that this new version does *NOT* work with the >> 'clamavmodule' virus >> scanner. So don't upgrade if you're running the clamavmodule scanner. >> >> > > Could you provide some clarification for me? Back in the day MailScanner > didn't support Clamd. Ah, the good ole days :-) > When Clamd support became available I stuck with > clamavmodule because the speed increase wasn't needed in my > configuration. Your easy install package is so simple and "just works" > so I haven't seen a need to change anything. Over the past year it seems > the Mail::ClamAV perl module hasn't been getting updated in a timely > manner. Agreed. > I have waited for it to get updated and then installed the > latest ClamAV update. This is getting a bit old and so I ask, is ClamD > considered the Best Practice for a MailScanner setup today? Not sure on that, I still use clamavmodule as you don't *have* to update to the latest ClamAV the day it is released. The previous version will carry on working just fine for quite a while. One of these days I might jump ship to clamd, but not yet. > Also, once I > install and configure ClamD from DW's rpms, does your easy install > package update ClamAV from that point on or do I have to skip the clamav > update when I run the install script from your easy install package? > My ClamAV+SpamAssassin package will ask you if you want it to install ClamAV or not. If you choose not, then it will ask you where your current clamscan is installed so that it can work out what directories to set and where. So you don't have to edit my install script or anything nasty like that, it handles it all in a relatively intelligent manner (I hope that's what people see, anyway!). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Tue Apr 15 21:34:45 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Apr 15 21:35:26 2008 Subject: Questions about ClamAV/Spamassassin, etc. In-Reply-To: <223f97700804120214v33964d0i5374c98fa917979@mail.gmail.com> References: <223f97700804120214v33964d0i5374c98fa917979@mail.gmail.com> Message-ID: Glenn Steen wrote: >> 2: I'm getting this when /etc/cron.hourly runs: >> =============================================================== >> running hourly cronjob scripts >> >> SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 2. >> =============================================================== >> Any ideas on that? > Nope. > Have you run it by hand? Doh - good call. Seems it wanted some perl module that wasn't loaded. Forgot what now. Weird thing was, when I did a search in YaST it indicated that module was included in the basic perl install. It wasn't. Sigh. All better now. ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Tue Apr 15 22:51:12 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 22:52:04 2008 Subject: MailScanner and Zip Attachments In-Reply-To: <4804F70B.6060807@volja.net> References: <4804F70B.6060807@volja.net> Message-ID: <48052350.8050009@ecs.soton.ac.uk> Antencek wrote: > Hello all! > > > I am using MailScanner 4.66.5 with Zip Attachments setting = yes. > Works great. > > Now I want to set rules for particular e-mail address/domain not to > zip attachments (FromOrTo). > > According to > http://www.mailscanner.info/MailScanner.conf.index.html#Zip%20Attachments > I have made zip-attachments.rules with the content: > > FromOrTo: my.email@address.com no > FromOrTo: @domain1.com no > FromOrTo: default yes > > And set MailScanner.conf: > Zip Attachments = %rules-dir%/zip-attachments.rules > > Restarted MailScanner, but this does not seem to work. > The MailScanner is acting like Zip Attachments setting = no for everyone. > > > Please help me find what I am doing wrong? Make sure you aren't just giving it files that are too small to trigger it: Attachments Min Total Size To Zip = 100k is the default setting. Also, remember that MailScanner uses the envelope sender and recipient(s) and not the addresses that appear in the headers. Have you checked it with "MailScanner --lint"? Also, what happens when you do a command like this: MailScanner --value=zipattachments --from user@domain1.com and then an opposite example: MailScanner --value=zipattachments --from user@domain2.com The first one should give you a "no" result while the 2nd one should give you a "yes" result. If that works, then your ruleset is correct, and so you need to get back to us so I can take a look and test it out myself. > > > I would also like to put in use other rules for zip and attachments > based on FromOrTo. Don't quite understand your point here. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 15 22:59:12 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 22:59:30 2008 Subject: MCP broke after upgrade In-Reply-To: <4804FEB6.2000807@lexairinc.com> References: <4804DACE.4060700@lexairinc.com> <4804E852.3020405@ecs.soton.ac.uk> <4804FEB6.2000807@lexairinc.com> Message-ID: <48052530.6060107@ecs.soton.ac.uk> Renee Gehlbach wrote: > Julian Field wrote: >> What did you upgrade? > We rebuilt world and upgraded all ports. We went from FreeBSD 6.2 to > 6.3. There were updates to both mailscanner and spamassassin, but I > do not recall what the previous versions were. So "everything" then. :-) > >> Renee Gehlbach wrote: >>> Hello, >>> >>> We had MCP working in a previous version, but it is no longer >>> working properly since we upgraded. Our system is currently running >>> FreeBSD 6.3, with MailScanner port Mailscanner-4.67.6_1, >>> SpamAssassin port p5-Mail-SpamAssassin-3.2.4_3. We have several cf >>> files with MCP rules in the directory >>> /usr/local/etc/Mailscanner/mcp, where the port places its example >>> MCP rule file. Up until the upgrade, all of the rules in these >>> files were working properly. MCP seems to be working, as the >>> X-MailScanner-MCPCheck header appears in all messages. However, it >>> does not seem to be finding the MCP rules, as even messages which >>> should be triggering rules have the value (score=0, required 2) for >>> this header. spamassassin --lint shows clean, as does >> >>> spamassassin -p /usr/local/etc/Mailscanner/mcp --lint -D >> If that doesn't say the rules are being read in, then it's not a >> MailScanner problem. You need to get that to read the rules, and >> admit to it, first. > I agree that I need to get it to read these rules. What I am trying > to find out is why it is not reading them. Have you tried that command? What does it tell you? Is it reading things from that directory or not? Are you using the MailScanner "Run As User" or "Run As Group" settings at all? If so, can that user read and execute /usr/local/etc/Mailscanner/mcp and read the files in it? Have you checked the parent directories too, as some Unices require at least x permission all the way up the tree to "/". And do you mean "Mailscanner" in that directory name or "MailScanner"? Answer all that lot and get back to us. > If I am asking for help from the wrong mailing list, please let me > know. I am emailing this list because all of the config files and > sample rules being used for mcp are part of the MailScanner port, not > the SpamAssassin port, and because the options to set up mcp are > located within the MailScanner config file. Asking here is just fine, no problem. MCP often confuses SpamAssassin folks (in general, there are of course notable exceptions :-) because they can't see why you would want to run SA without a big ruleset but just 1 or 2 rules instead. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 15 23:25:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 15 23:26:26 2008 Subject: MCP broke after upgrade In-Reply-To: <480505E6.5020407@lexairinc.com> References: <4804DACE.4060700@lexairinc.com> <4804E852.3020405@ecs.soton.ac.uk> <480505E6.5020407@lexairinc.com> Message-ID: <48052B68.1010803@ecs.soton.ac.uk> Renee Gehlbach wrote: > Julian Field wrote: >>> spamassassin -p /usr/local/etc/Mailscanner/mcp --lint -D >> If that doesn't say the rules are being read in, then it's not a >> MailScanner problem. You need to get that to read the rules, and >> admit to it, first. > I am unsure whether had just previously overlooked it, or whether I > have changed a setting which changed the output since I last carefully > read that output, but current output from spamassassin -p > /usr/local/etc/Mailscanner/mcp --lint -D does include: > [6916] dbg: config: read file > /usr/local/etc/mail/spamassassin/mailscanner.cf > [6916] dbg: config: using "/usr/local/etc/MailScanner/mcp/" for user > prefs file > [6916] dbg: config: read file > /usr/local/etc/MailScanner/mcp//10_example.cf > [6916] dbg: config: read file > /usr/local/etc/MailScanner/mcp//bad.words.body.cf > [6916] dbg: config: read file > /usr/local/etc/MailScanner/mcp//bad.words.from.cf > [6916] dbg: config: read file > /usr/local/etc/MailScanner/mcp//bad.words.subject.cf That's a good start. Now, if you use "Run As User", then su to the user you have set there, and run the command again. Can it still read the files? Do the "last accessed" (ls -lu) date stamps on the cf files change when you start up MailScanner and push a message through it? Best way to test it is to do something like this: cd /usr/local/etc/MailScanner/mcp ls -lu sleep 60 # (or just wait a minute or 2, go get a cup of coffee) MailScanner --debug --debug-sa ls -lu and see if the times have changed on the files. If they haven't changed, then it's never seeing your cf files for some reason, and that's where you should start looking. If they have changed, then it's reading them but not triggering the rules or adding up the scores or something like that. This is all fairly basic diagnostic stuff which you could do with learning :-) so hopefully you'll learn a few tricks from this analysis as you go along. :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kgoods at cropusainsurance.com Wed Apr 16 04:14:58 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Wed Apr 16 04:21:07 2008 Subject: OT - MailScanner to deliver email copies to two downstream ma chines. Message-ID: <13C0059880FDD3118DC600508B6D4A6D01BACC33@aiainsurance.com> Julian Field wrote: > Ken Goods wrote: >> This is what I did: >> In MailScanner.conf >> Archive Mail = %rules-dir%/archive.rules >> >> In archive.rules >> To: me@originaldomain.com deliver forward me@test.originaldomain.com >> To: boss@originaldomain.com deliver forward >> boss@test.originaldomain.com Default: no >> > You meant "FromOrTo: default" for the last line. As you want it to not > archive to anywhere, you give the same response you would give for > "Archive Mail =", which is just an empty string. So don't say "no", > say a blank or empty string. Saying "no" is the equivalent of a line > in MailScanner.conf that said "Archive Mail = no" which is clearly not > sensible. Thanks Jules, but as soon as I restarted MailScanner it let me know that there was an error in line three of archive.rules and that got me squared away. So you already anticipated this one and answered it through your wonderful software! :) >> (with tabs between each...couldn't remember if it would take spaces >> or required tabs) >> > The only time tabs are required are in the filename.rules.conf and > filetype.rules.conf files. If I didn't insist on tabs there, you > wouldn't be able to match expressions (or "file" command output) that > had any spaces in them, and you wouldn't be able to have log output > and user response strings with any spaces in them. So I have to > insist on tabs there, but nowhere else. > That should help me remember where one can and can't use spaces. It all makes sense now so I won't have to ask again... hopefully. :) BTW Julian, I can't tell you how much I appreciate MailScanner and all the hard work you've put into it and the work you continue to put into it. It's an amazing piece of software. We only have about 150 mailboxes and only process about 8,000 emails a day (I block several countries at the firewall and use two RBLs in Sendmail), but we do this on a lowly PII 450MHZ with 256MB of ram! Up until last June we were using a P100 with 256MB. It just cooks along processing at about 10 seconds per email all the while not letting one virus through and eliminating 99% of the spam making it to the box. I understand it would run better on more muscle but I'm just letting you know that the work you've put into the performance-tuning options has not been in vain. Every time it looked like I was going to have to upgrade the server I found another tweak that allowed us to process more mail on the same hardware. I'll be moving MailScanner to a dual 2.4 GHZ w/2GB as soon as I get this Zimbra server set up, speaking of that and getting back to the original OT-topic :), mails for the two accounts are showing upon both servers thanks to your "Archive Mail" option. A thousand thanks to you! Take care and be well. Ken > > Jules > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Ken Goods Network Administrator CropUSA Insurance, Inc. From kgoods at cropusainsurance.com Wed Apr 16 04:26:56 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Wed Apr 16 04:32:31 2008 Subject: OT - MailScanner to deliver email copies to two downstream ma chines. Message-ID: <13C0059880FDD3118DC600508B6D4A6D01BACC34@aiainsurance.com> Andrei Caraman wrote: > On Tue, Apr 15, 2008 at 10:51:57AM -0700, Ken Goods wrote: > >> In SendMail's mailertable I added: >> test.originaldomain.com SMTP:[xx.xx.xx.xx] (IP of the Zimbra server) > > don't forget to do a "makemap hash mailertable ...." or else sendmail > doesn't see the change. i speak from experience :) > > someone else may comment on the merits of using esmtp instead of smtp > on that mailertable line... > >> Do I need to add "test.originaldomain.com" to sendmail's >> virtuser-domain? > > no, because @test.originaldomain.com addresses are not local to the > gateway. a "sendmail -bv you@test.originaldomain.com" may come in > handy. > >> Seems like this should do the trick. But before I restart >> MailScanner can I get a confirmation? :) > > one other thing you may have already considered: there will be lots > and lots of mail on the zimbra box. will anyone be looking at that? > i'm assuming the users only connect to the old server... > > > adc Thanks Andrei, I'm not a Sendmail guru by any means (and don't intend to be either BTW ;)) so the reminder to makemap was helpful, I probably would have forgotten and had to chase that one down. :) I thought about the virtuser-domain question after I posted and it just made sense that I shouldn't have to add it for the reason you suggested. I do have my other domains in there because I use virtuser for recipient verification to the Exchange box. We don't process that much mail (see my other post to Jules) and for now I'm just forwarding two accounts over to that server to assess viability for our shop. It's working fine now and we will be looking in on it throughout the day and trying to see how we're going to sell it to the PHB. Thanks again for your input and help, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From hvdkooij at vanderkooij.org Wed Apr 16 07:01:57 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Apr 16 07:02:51 2008 Subject: Backscatter & challenge response In-Reply-To: <2baac6140804150418x512b23bu49503660bce11c7f@mail.gmail.com> References: <002f01c89bad$63026d10$29074730$@co.uk> <47FFD079.8080800@vanderkooij.org> <20080412070836.02bfe50c@scorpio> <2baac6140804140700k4d362e65v93694e2431001129@mail.gmail.com> <48043744.4000406@vanderkooij.org> <2baac6140804150418x512b23bu49503660bce11c7f@mail.gmail.com> Message-ID: <48059655.2060504@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: | | I can just speak for myself. But I found the following line in header | checks took care of one of them: | # No dirty autoresponders | /^X-ChoiceMail-Registration-Request/ REJECT We are not buying into | your ChoiceMail crap | | | Hugo. | | | Where do you place this? What file? /etc/mail/access? It is a header_check line. I also have some to stop character sets of languages I am unable to read. (Russian, Korean, Chinese) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBZZUBvzDRVjxmYERApjWAJwI3pBj2EnjR91o9bUDXmBBkOvdnQCfU7MM cGJDfx91253OgKIK3o+Qbts= =Yyrc -----END PGP SIGNATURE----- From telsek at paragon-software.com Wed Apr 16 08:01:14 2008 From: telsek at paragon-software.com (Andrey V. Dudarev) Date: Wed Apr 16 08:01:53 2008 Subject: Problem after upgrade MS from 4.66.5 to 4.68.5 (MailScanner: extracting attachments) Message-ID: <1208329274.5408.5.camel@x5.paragon-software.com> Hi all! I'm running openSuSe 10.2 x86-64 (2.6.18.8-0.7) , sendmail 8.13.8, spamassassin 3.2.4, clamav, mailwatch. I don't any RBL checks from MailScanner. After upgrade MailScanner from 4.66.5 (worked fine) to 4.68.5 i have a problem: my MailScanner process not processing any messages, the incoming queue grows mx10:/etc/MailScanner # ps ax | grep MailScanner 22895 ? Ss 0:00 MailScanner: master waiting for children, sleeping 22896 ? R 1:31 MailScanner: extracting attachments 22943 ? R 1:29 MailScanner: extracting attachments 22984 ? R 1:15 MailScanner: extracting attachments 23023 ? R 1:11 MailScanner: extracting attachments 23062 ? R 0:39 MailScanner: extracting attachments 23118 ? R 0:26 MailScanner: extracting attachments 23259 ? R 0:50 MailScanner: extracting attachments 23388 ? R 0:43 MailScanner: extracting attachments 23481 ? R 0:35 MailScanner: extracting attachments 23527 ? R 0:48 MailScanner: extracting attachments 23566 ? R 0:31 MailScanner: extracting attachments 23593 ? R 0:43 MailScanner: extracting attachments 23630 ? R 0:47 MailScanner: extracting attachments 23674 ? R 0:19 MailScanner: extracting attachments 23705 ? R 0:55 MailScanner: extracting attachments 25224 pts/5 S+ 0:00 grep MailScanner mx10:/etc/MailScanner # /usr/sbin/MailScanner --lint Trying to setlogsock(unix) Read 820 hostnames from the phishing whitelist Read 4022 hostnames from the phishing blacklist Config: calling custom init function MailWatchLogging Started SQL Logging child Checking version numbers... Version number in MailScanner.conf (4.68.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Using locktype = posix MailScanner.conf says "Virus Scanners = antivir clamd" ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3681 Found these virus scanners installed: clamavmodule, antivir, clamd =========================================================================== Virus and Content Scanning: Starting ALERT: [Eicar-Test-Signature] ./1/eicar.com <<< Contains code of the Eicar-Test-Signature virus Virus Scanning: AntiVir found 1 infections ClamAVModule::INFECTED:: Eicar-Test-Signature FOUND :: ./1/eicar.com Virus Scanning: Clamd found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses Filename Checks: Allowing 1 eicar.com (no rule matched) =========================================================================== Virus Scanner test reports: AntiVir said "ALERT: [Eicar-Test-Signature] ./1/eicar.com <<< Contains code of the Eicar-Test-Signature virus" Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" If any of your virus scanners (clamavmodule,antivir,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function MailWatchLogging commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. mx10:/var/spool/mqueue.in # /usr/sbin/MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) [4936] dbg: logger: adding facilities: all [4936] dbg: logger: logging level is DBG [4936] dbg: generic: SpamAssassin version 3.2.4 [4936] dbg: config: score set 0 chosen. [4936] dbg: util: running in taint mode? no [4936] dbg: dns: no ipv6 [4936] dbg: dns: is Net::DNS::Resolver available? yes [4936] dbg: dns: Net::DNS version: 0.63 [4936] info: config: failed to parse line, skipping, in "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_dcc 0 [4936] info: config: failed to parse line, skipping, in "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_pyzor 0 [4936] info: config: failed to parse line, skipping, in "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor1 0 [4936] info: config: failed to parse line, skipping, in "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor2 0 [4936] info: config: failed to parse line, skipping, in "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": decode_attachments 1 [4936] dbg: conf: finish parsing 16:14:58 SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp 16:14:58 [4936] dbg: logger: adding facilities: all 16:14:58 [4936] dbg: logger: logging level is DBG 16:14:58 [4936] dbg: generic: SpamAssassin version 3.2.4 16:14:58 [4936] dbg: config: score set 0 chosen. 16:14:58 [4936] dbg: dns: no ipv6 16:14:58 [4936] dbg: dns: is Net::DNS::Resolver available? yes 16:14:58 [4936] dbg: dns: Net::DNS version: 0.63 16:14:58 Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. 16:14:58 Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. 16:14:58 [4936] dbg: config: read_scoreonly_config: cannot open "": No such file or directory 16:14:58 Building a message batch to scan... 16:15:22 Have a batch of 1 message. . . . . mx10:/var/spool/mqueue.in # /usr/sbin/MailScanner -v Running on Linux mx10 2.6.18.8-0.7-default1 #2 SMP Wed Feb 13 19:45:53 MSK 2008 x86_64 x86_64 x86_64 GNU/Linux This is openSUSE 10.2 (X86-64) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.68.5 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.18 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.30 Archive::Tar 0.21 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.20 Mail::ClamAV 3.002004 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.56 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML Any suggestions? Thanks, Andrey From gordonwong at wharftt.com Wed Apr 16 09:10:01 2008 From: gordonwong at wharftt.com (Gordon Wong) Date: Wed Apr 16 09:11:00 2008 Subject: MailScanner: extracting attachments References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> <48036205.20905@ecs.soton.ac.uk> Message-ID: Gordon Wong wharftt.com> writes: > > Julian Field ecs.soton.ac.uk> writes: > > > > > Do not set that unless you also set "Debug = yes". Much better to > > specify both of them on the command-line. "MailScanner --help" will show > > you the command-line options available. > > > > Gordon Wong wrote: > > > Seems the problem occurs when you set "Debug Spamassassin = yes". > > > Hope it helps. ^^ > > > > > > Gordon > > > > > > > > > > Jules > > > > Just seen the diffs from Devon's two conf files and find that one file > sets "Debug Spamassassin = yes" and the other "Debug Spamassassin = no". > ^^ > > btw, why the problem occurs when I set "Debug = no" and "Debug Spamassassin = > yes" at the same time? > > (To be more specific, not only the MailScanner process will stop at extracting > attachments, but also its child process hangs at command: > awk {printf "%s %s\n", strftime("%T"), $0} (see the thread "Trouble with > Mailscanner after upgrading to 4.68 (plz help)" from "test" on 6 Apr 10:29)) > > Thanks for teaching. > > ^^ > Sadly found that I can't set "Debug Spamassassin = yes" no matther "Debug = yes or no". It's as said by "Test"... those awk lines in the if ($MailScanner::SA::Debug)loop under /usr/lib/MailScanner/MailScanner/SA.pm causes the problem (i.e those "backslashes" in awk may not work for some systems/shells). I comment out the whole ($MailScanner::SA::Debug)loop and now it works fine. :-D Gordon From bfebrian.mailscanner at gedubrak.com Wed Apr 16 09:30:54 2008 From: bfebrian.mailscanner at gedubrak.com (Budi Febrianto) Date: Wed Apr 16 09:31:48 2008 Subject: OOT: Mail rejected with bogus helo Message-ID: <4805B93E.4060204@gedubrak.com> Dear All, I know this OOT, but because many sendmail experts in here, I give it a shot. I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. Whenever my users sent emails to certain domains, it will rejected with this error. >>>>> 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus helo xxx.xxx.xxx.xxx) >>>>> I'm not sure what happen, because I don't have the same problem with others domain. TIA From MailScanner at ecs.soton.ac.uk Wed Apr 16 10:01:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 16 10:02:07 2008 Subject: OT - MailScanner to deliver email copies to two downstream ma chines. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01BACC33@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01BACC33@aiainsurance.com> Message-ID: <4805C05F.2040802@ecs.soton.ac.uk> Ken Goods wrote: > Julian Field wrote: > >> Ken Goods wrote: >> > > >>> This is what I did: >>> In MailScanner.conf >>> Archive Mail = %rules-dir%/archive.rules >>> >>> In archive.rules >>> To: me@originaldomain.com deliver forward me@test.originaldomain.com >>> To: boss@originaldomain.com deliver forward >>> boss@test.originaldomain.com Default: no >>> >>> >> You meant "FromOrTo: default" for the last line. As you want it to not >> archive to anywhere, you give the same response you would give for >> "Archive Mail =", which is just an empty string. So don't say "no", >> say a blank or empty string. Saying "no" is the equivalent of a line >> in MailScanner.conf that said "Archive Mail = no" which is clearly not >> sensible. >> > > Thanks Jules, but as soon as I restarted MailScanner it let me know that > there was an error in line three of archive.rules and that got me squared > away. So you already anticipated this one and answered it through your > wonderful software! :) > > >>> (with tabs between each...couldn't remember if it would take spaces >>> or required tabs) >>> >>> >> The only time tabs are required are in the filename.rules.conf and >> filetype.rules.conf files. If I didn't insist on tabs there, you >> wouldn't be able to match expressions (or "file" command output) that >> had any spaces in them, and you wouldn't be able to have log output >> and user response strings with any spaces in them. So I have to >> insist on tabs there, but nowhere else. >> >> > That should help me remember where one can and can't use spaces. It all > makes sense now so I won't have to ask again... hopefully. :) > > BTW Julian, I can't tell you how much I appreciate MailScanner and all the > hard work you've put into it and the work you continue to put into it. It's > an amazing piece of software. We only have about 150 mailboxes and only > process about 8,000 emails a day (I block several countries at the firewall > and use two RBLs in Sendmail), but we do this on a lowly PII 450MHZ with > 256MB of ram! Up until last June we were using a P100 with 256MB. It just > cooks along processing at about 10 seconds per email all the while not > letting one virus through and eliminating 99% of the spam making it to the > box. I understand it would run better on more muscle but I'm just letting > you know that the work you've put into the performance-tuning options has > not been in vain. Every time it looked like I was going to have to upgrade > the server I found another tweak that allowed us to process more mail on the > same hardware. I'll be moving MailScanner to a dual 2.4 GHZ w/2GB as soon as > I get this Zimbra server set up, speaking of that and getting back to the > original OT-topic :), mails for the two accounts are showing upon both > servers thanks to your "Archive Mail" option. > > A thousand thanks to you! > Thank you very much for your very kind comments. It's always good to read things like that, and it is much appreciated. I don't supposed you fancy trying to pursuade your PHB of the financial value of the software, and trying to get him to make a donation please? :-) I can issue you a very nice invoice for consultancy work and maintenance if that helps. Thanks again, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 16 10:02:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 16 10:02:57 2008 Subject: Problem after upgrade MS from 4.66.5 to 4.68.5 (MailScanner: extracting attachments) In-Reply-To: <1208329274.5408.5.camel@x5.paragon-software.com> References: <1208329274.5408.5.camel@x5.paragon-software.com> Message-ID: <4805C0B1.2050308@ecs.soton.ac.uk> Do you by any chance have Debug = no Debug SpamAssassin = yes set in your MailScanner.conf file? If so, switch off "Debug SpamAssassin" and then restart MailScanner. This problem has hopefully been solved in the latest beta. Best regards, Jules. Andrey V. Dudarev wrote: > Hi all! > > I'm running openSuSe 10.2 x86-64 (2.6.18.8-0.7) , sendmail 8.13.8, > spamassassin 3.2.4, clamav, mailwatch. I don't any RBL checks from > MailScanner. > > After upgrade MailScanner from 4.66.5 (worked fine) to 4.68.5 i have a > problem: > > my MailScanner process not processing any messages, the incoming queue > grows > > mx10:/etc/MailScanner # ps ax | grep MailScanner > > 22895 ? Ss 0:00 MailScanner: master waiting for children, > sleeping > 22896 ? R 1:31 MailScanner: extracting attachments > 22943 ? R 1:29 MailScanner: extracting attachments > 22984 ? R 1:15 MailScanner: extracting attachments > 23023 ? R 1:11 MailScanner: extracting attachments > 23062 ? R 0:39 MailScanner: extracting attachments > 23118 ? R 0:26 MailScanner: extracting attachments > 23259 ? R 0:50 MailScanner: extracting attachments > 23388 ? R 0:43 MailScanner: extracting attachments > 23481 ? R 0:35 MailScanner: extracting attachments > 23527 ? R 0:48 MailScanner: extracting attachments > 23566 ? R 0:31 MailScanner: extracting attachments > 23593 ? R 0:43 MailScanner: extracting attachments > 23630 ? R 0:47 MailScanner: extracting attachments > 23674 ? R 0:19 MailScanner: extracting attachments > 23705 ? R 0:55 MailScanner: extracting attachments > 25224 pts/5 S+ 0:00 grep MailScanner > > mx10:/etc/MailScanner # /usr/sbin/MailScanner --lint > > Trying to setlogsock(unix) > Read 820 hostnames from the phishing whitelist > Read 4022 hostnames from the phishing blacklist > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Checking version numbers... > Version number in MailScanner.conf (4.68.5) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temporary working directory > is /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin temp dir > = /var/spool/MailScanner/incoming/SpamAssassin-Temp > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Using locktype = posix > MailScanner.conf says "Virus Scanners = antivir clamd" > ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON > at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3681 > Found these virus scanners installed: clamavmodule, antivir, clamd > =========================================================================== > Virus and Content Scanning: Starting > ALERT: [Eicar-Test-Signature] ./1/eicar.com <<< Contains code of the > Eicar-Test-Signature virus > Virus Scanning: AntiVir found 1 infections > ClamAVModule::INFECTED:: Eicar-Test-Signature FOUND :: ./1/eicar.com > Virus Scanning: Clamd found 1 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 1 viruses > Filename Checks: Allowing 1 eicar.com (no rule matched) > =========================================================================== > Virus Scanner test reports: > AntiVir said "ALERT: [Eicar-Test-Signature] ./1/eicar.com <<< Contains > code of the Eicar-Test-Signature virus" > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > > If any of your virus scanners (clamavmodule,antivir,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > Config: calling custom end function MailWatchLogging > commit ineffective with AutoCommit enabled > at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line > 93, line 1. > Commmit ineffective while AutoCommit is on > at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line > 93, line 1. > > mx10:/var/spool/mqueue.in # /usr/sbin/MailScanner --debug > > In Debugging mode, not forking... > Trying to setlogsock(unix) > [4936] dbg: logger: adding facilities: all > [4936] dbg: logger: logging level is DBG > [4936] dbg: generic: SpamAssassin version 3.2.4 > [4936] dbg: config: score set 0 chosen. > [4936] dbg: util: running in taint mode? no > [4936] dbg: dns: no ipv6 > [4936] dbg: dns: is Net::DNS::Resolver available? yes > [4936] dbg: dns: Net::DNS version: 0.63 > [4936] info: config: failed to parse line, skipping, in > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_dcc 0 > [4936] info: config: failed to parse line, skipping, in > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_pyzor 0 > [4936] info: config: failed to parse line, skipping, in > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor1 0 > [4936] info: config: failed to parse line, skipping, in > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor2 0 > [4936] info: config: failed to parse line, skipping, in > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": decode_attachments > 1 > [4936] dbg: conf: finish parsing > 16:14:58 SpamAssassin temp dir > = /var/spool/MailScanner/incoming/SpamAssassin-Temp > 16:14:58 [4936] dbg: logger: adding facilities: all > 16:14:58 [4936] dbg: logger: logging level is DBG > 16:14:58 [4936] dbg: generic: SpamAssassin version 3.2.4 > 16:14:58 [4936] dbg: config: score set 0 chosen. > 16:14:58 [4936] dbg: dns: no ipv6 > 16:14:58 [4936] dbg: dns: is Net::DNS::Resolver available? yes > 16:14:58 [4936] dbg: dns: Net::DNS version: 0.63 > 16:14:58 Use of uninitialized value in concatenation (.) or string > at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. > 16:14:58 Use of uninitialized value in concatenation (.) or string > at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. > 16:14:58 [4936] dbg: config: read_scoreonly_config: cannot open "": No > such file or directory > 16:14:58 Building a message batch to scan... > 16:15:22 Have a batch of 1 message. > . . . . > > mx10:/var/spool/mqueue.in # /usr/sbin/MailScanner -v > > Running on > Linux mx10 2.6.18.8-0.7-default1 #2 SMP Wed Feb 13 19:45:53 MSK 2008 > x86_64 x86_64 x86_64 GNU/Linux > This is openSUSE 10.2 (X86-64) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.68.5 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.04 Carp > 1.42 Compress::Zlib > 1.119 Convert::BinHex > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.19 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 3.05 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.03 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.09 POSIX > 1.18 Scalar::Util > 1.78 Socket > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.9707 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.30 Archive::Tar > 0.21 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.56 DBI > 1.15 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.18 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.20 Mail::ClamAV > 3.002004 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.56 Test::Harness > 0.95 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > > Any suggestions? > Thanks, > Andrey > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.freegard at fsl.com Wed Apr 16 10:42:43 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Apr 16 10:43:25 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <4805B93E.4060204@gedubrak.com> References: <4805B93E.4060204@gedubrak.com> Message-ID: <4805CA13.4050408@fsl.com> Hi Budi, Budi Febrianto wrote: > Dear All, > > I know this OOT, but because many sendmail experts in here, I give it a > shot. > > I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. > > Whenever my users sent emails to certain domains, it will rejected with > this error. > > >>>>> > 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus > helo xxx.xxx.xxx.xxx) > >>>>> > > I'm not sure what happen, because I don't have the same problem with > others domain. > RFC2821 states that the HELO should either by a FQDN or an IP-domain literal (e.g. [ip.ip.ip.ip]) so a bareword IP address in the HELO that is not in square brackets is not valid. So - if you are sending "HELO ip.ip.ip.ip", then that isn't valid, but I don't think it's possible for Sendmail to sent a HELO in this format as it always does the right thing. The command 'sendmail -d0.5 < /dev/null' will show you all the name variations that sendmail would use in a HELO argument. I suspect however that in this case it's simply a lame spam filter that's causing you an issue. Feel free to mail me directly to my @fsl.com which has strict-helo filtering amongst other things, so being able to mail me directly without getting an SMTP-time rejection would be a good way to prove it. Cheers, Steve. From telsek at paragon-software.com Wed Apr 16 13:46:36 2008 From: telsek at paragon-software.com (Andrey V. Dudarev) Date: Wed Apr 16 13:47:28 2008 Subject: Problem after upgrade MS from 4.66.5 to 4.68.5 (MailScanner: extracting attachments) In-Reply-To: <200804160939.m3G9ZhWk005379@safir.blacknight.ie> References: <200804160939.m3G9ZhWk005379@safir.blacknight.ie> Message-ID: <1208349996.5408.32.camel@x5.paragon-software.com> > Message: 20 > Date: Wed, 16 Apr 2008 10:02:41 +0100 > From: Julian Field > Subject: Re: Problem after upgrade MS from 4.66.5 to 4.68.5 > (MailScanner: extracting attachments) > To: MailScanner discussion > Message-ID: <4805C0B1.2050308@ecs.soton.ac.uk> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Do you by any chance have > Debug = no > Debug SpamAssassin = yes > set in your MailScanner.conf file? yes > If so, switch off "Debug SpamAssassin" and then restart MailScanner. > > This problem has hopefully been solved in the latest beta. I install latest beta MS 4.69.4-2 in MailScanner.conf Debug = no Debug SpamAssassin = no MS worked fine if i set MailScanner.conf Debug = no Debug SpamAssassin = yes MailScanner don't work. thank you, Andrey > > Best regards, > Jules. > > Andrey V. Dudarev wrote: > > Hi all! > > > > I'm running openSuSe 10.2 x86-64 (2.6.18.8-0.7) , sendmail 8.13.8, > > spamassassin 3.2.4, clamav, mailwatch. I don't any RBL checks from > > MailScanner. > > > > After upgrade MailScanner from 4.66.5 (worked fine) to 4.68.5 i have a > > problem: > > > > my MailScanner process not processing any messages, the incoming queue > > grows > > > > mx10:/etc/MailScanner # ps ax | grep MailScanner > > > > 22895 ? Ss 0:00 MailScanner: master waiting for children, > > sleeping > > 22896 ? R 1:31 MailScanner: extracting attachments > > 22943 ? R 1:29 MailScanner: extracting attachments > > 22984 ? R 1:15 MailScanner: extracting attachments > > 23023 ? R 1:11 MailScanner: extracting attachments > > 23062 ? R 0:39 MailScanner: extracting attachments > > 23118 ? R 0:26 MailScanner: extracting attachments > > 23259 ? R 0:50 MailScanner: extracting attachments > > 23388 ? R 0:43 MailScanner: extracting attachments > > 23481 ? R 0:35 MailScanner: extracting attachments > > 23527 ? R 0:48 MailScanner: extracting attachments > > 23566 ? R 0:31 MailScanner: extracting attachments > > 23593 ? R 0:43 MailScanner: extracting attachments > > 23630 ? R 0:47 MailScanner: extracting attachments > > 23674 ? R 0:19 MailScanner: extracting attachments > > 23705 ? R 0:55 MailScanner: extracting attachments > > 25224 pts/5 S+ 0:00 grep MailScanner > > > > mx10:/etc/MailScanner # /usr/sbin/MailScanner --lint > > > > Trying to setlogsock(unix) > > Read 820 hostnames from the phishing whitelist > > Read 4022 hostnames from the phishing blacklist > > Config: calling custom init function MailWatchLogging > > Started SQL Logging child > > Checking version numbers... > > Version number in MailScanner.conf (4.68.5) is correct. > > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > > > Checking for SpamAssassin errors (if you use it)... > > SpamAssassin temporary working directory > > is /var/spool/MailScanner/incoming/SpamAssassin-Temp > > SpamAssassin temp dir > > = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Using SpamAssassin results cache > > Connected to SpamAssassin cache database > > SpamAssassin reported no errors. > > Using locktype = posix > > MailScanner.conf says "Virus Scanners = antivir clamd" > > ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON > > at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 3681 > > Found these virus scanners installed: clamavmodule, antivir, clamd > > =========================================================================== > > Virus and Content Scanning: Starting > > ALERT: [Eicar-Test-Signature] ./1/eicar.com <<< Contains code of the > > Eicar-Test-Signature virus > > Virus Scanning: AntiVir found 1 infections > > ClamAVModule::INFECTED:: Eicar-Test-Signature FOUND :: ./1/eicar.com > > Virus Scanning: Clamd found 1 infections > > Infected message 1 came from 10.1.1.1 > > Virus Scanning: Found 1 viruses > > Filename Checks: Allowing 1 eicar.com (no rule matched) > > =========================================================================== > > Virus Scanner test reports: > > AntiVir said "ALERT: [Eicar-Test-Signature] ./1/eicar.com <<< Contains > > code of the Eicar-Test-Signature virus" > > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > > > > If any of your virus scanners (clamavmodule,antivir,clamd) > > are not listed there, you should check that they are installed correctly > > and that MailScanner is finding them correctly via its > > virus.scanners.conf. > > Config: calling custom end function MailWatchLogging > > commit ineffective with AutoCommit enabled > > at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line > > 93, line 1. > > Commmit ineffective while AutoCommit is on > > at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line > > 93, line 1. > > > > mx10:/var/spool/mqueue.in # /usr/sbin/MailScanner --debug > > > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > [4936] dbg: logger: adding facilities: all > > [4936] dbg: logger: logging level is DBG > > [4936] dbg: generic: SpamAssassin version 3.2.4 > > [4936] dbg: config: score set 0 chosen. > > [4936] dbg: util: running in taint mode? no > > [4936] dbg: dns: no ipv6 > > [4936] dbg: dns: is Net::DNS::Resolver available? yes > > [4936] dbg: dns: Net::DNS version: 0.63 > > [4936] info: config: failed to parse line, skipping, in > > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_dcc 0 > > [4936] info: config: failed to parse line, skipping, in > > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_pyzor 0 > > [4936] info: config: failed to parse line, skipping, in > > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor1 0 > > [4936] info: config: failed to parse line, skipping, in > > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": use_razor2 0 > > [4936] info: config: failed to parse line, skipping, in > > "/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf": decode_attachments > > 1 > > [4936] dbg: conf: finish parsing > > 16:14:58 SpamAssassin temp dir > > = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > 16:14:58 [4936] dbg: logger: adding facilities: all > > 16:14:58 [4936] dbg: logger: logging level is DBG > > 16:14:58 [4936] dbg: generic: SpamAssassin version 3.2.4 > > 16:14:58 [4936] dbg: config: score set 0 chosen. > > 16:14:58 [4936] dbg: dns: no ipv6 > > 16:14:58 [4936] dbg: dns: is Net::DNS::Resolver available? yes > > 16:14:58 [4936] dbg: dns: Net::DNS version: 0.63 > > 16:14:58 Use of uninitialized value in concatenation (.) or string > > at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1088. > > 16:14:58 Use of uninitialized value in concatenation (.) or string > > at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1090. > > 16:14:58 [4936] dbg: config: read_scoreonly_config: cannot open "": No > > such file or directory > > 16:14:58 Building a message batch to scan... > > 16:15:22 Have a batch of 1 message. > > . . . . > > > > mx10:/var/spool/mqueue.in # /usr/sbin/MailScanner -v > > > > Running on > > Linux mx10 2.6.18.8-0.7-default1 #2 SMP Wed Feb 13 19:45:53 MSK 2008 > > x86_64 x86_64 x86_64 GNU/Linux > > This is openSUSE 10.2 (X86-64) > > This is Perl version 5.008008 (5.8.8) > > > > This is MailScanner version 4.68.5 > > Module versions are: > > 1.00 AnyDBM_File > > 1.16 Archive::Zip > > 1.04 Carp > > 1.42 Compress::Zlib > > 1.119 Convert::BinHex > > 2.27 Date::Parse > > 1.00 DirHandle > > 1.05 Fcntl > > 2.74 File::Basename > > 2.09 File::Copy > > 2.01 FileHandle > > 1.08 File::Path > > 0.19 File::Temp > > 0.90 Filesys::Df > > 1.35 HTML::Entities > > 3.56 HTML::Parser > > 2.37 HTML::TokeParser > > 1.23 IO > > 1.14 IO::File > > 1.13 IO::Pipe > > 2.02 Mail::Header > > 1.86 Math::BigInt > > 3.05 MIME::Base64 > > 5.425 MIME::Decoder > > 5.425 MIME::Decoder::UU > > 5.425 MIME::Head > > 5.425 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.425 MIME::Tools > > 0.11 Net::CIDR > > 1.09 POSIX > > 1.18 Scalar::Util > > 1.78 Socket > > 1.4 Sys::Hostname::Long > > 0.18 Sys::Syslog > > 1.9707 Time::HiRes > > 1.02 Time::localtime > > > > Optional module versions are: > > 1.30 Archive::Tar > > 0.21 bignum > > 1.82 Business::ISBN > > 1.10 Business::ISBN::Data > > 1.08 Data::Dump > > 1.814 DB_File > > 1.13 DBD::SQLite > > 1.56 DBI > > 1.15 Digest > > 1.01 Digest::HMAC > > 2.36 Digest::MD5 > > 2.11 Digest::SHA1 > > 1.00 Encode::Detect > > 0.17008 Error > > 0.18 ExtUtils::CBuilder > > 2.18 ExtUtils::ParseXS > > 2.36 Getopt::Long > > 0.44 Inline > > 1.08 IO::String > > 1.04 IO::Zlib > > 2.21 IP::Country > > 0.20 Mail::ClamAV > > 3.002004 Mail::SpamAssassin > > v2.004 Mail::SPF > > 1.999001 Mail::SPF::Query > > 0.2808 Module::Build > > 0.20 Net::CIDR::Lite > > 0.63 Net::DNS > > 0.002.2 Net::DNS::Resolver::Programmable > > missing Net::LDAP > > 4.004 NetAddr::IP > > 1.94 Parse::RecDescent > > missing SAVI > > 2.56 Test::Harness > > 0.95 Test::Manifest > > 1.95 Text::Balanced > > 1.35 URI > > 0.7203 version > > 0.62 YAML > > > > Any suggestions? > > Thanks, > > Andrey > > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > ------------------------------ From mkettler at evi-inc.com Wed Apr 16 15:48:30 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Apr 16 15:49:31 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <4805B93E.4060204@gedubrak.com> References: <4805B93E.4060204@gedubrak.com> Message-ID: <480611BE.6050902@evi-inc.com> Budi Febrianto wrote: > Dear All, > > I know this OOT, but because many sendmail experts in here, I give it a > shot. > > I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. > > Whenever my users sent emails to certain domains, it will rejected with > this error. > > >>>>> > 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus > helo xxx.xxx.xxx.xxx) > >>>>> > > I'm not sure what happen, because I don't have the same problem with > others domain. Your system is issuing a HELO in IP format, which is RFC compliant, but some view this as a sign a system isn't properly configured and will refuse mail from such systems. However, more troublesome is your system is issuing a HELO in IP format using a private-range non-routable IP, 10.10.16.24. This is blatantly bogus when communicating with hosts outside your network, as those hosts will never be able to route to 10.10.16.24 and reach your server. (The original intent, although outdated, is for the HELO to be usable as a hint for where to return mail to if DNS fails to generate a MX or implicit MX record. Generating private IPs here is clearly contrary to that.) Ultimately, it's up to the administrator of the system you're trying to contact to tell you why he's filtering you. Those are purely guesses on my part, based on looking at the HELO's your server issued, and general knowledge of what some admins do for filtering that not everyone does. From ssilva at sgvwater.com Wed Apr 16 17:11:11 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 16 17:12:20 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <480611BE.6050902@evi-inc.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> Message-ID: on 4-16-2008 7:48 AM Matt Kettler spake the following: > Budi Febrianto wrote: >> Dear All, >> >> I know this OOT, but because many sendmail experts in here, I give it >> a shot. >> >> I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. >> >> Whenever my users sent emails to certain domains, it will rejected >> with this error. >> >> >>>>> >> 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus >> helo xxx.xxx.xxx.xxx) >> >>>>> >> >> I'm not sure what happen, because I don't have the same problem with >> others domain. > > Your system is issuing a HELO in IP format, which is RFC compliant, but > some view this as a sign a system isn't properly configured and will > refuse mail from such systems. > > However, more troublesome is your system is issuing a HELO in IP format > using a private-range non-routable IP, 10.10.16.24. This is blatantly > bogus when communicating with hosts outside your network, as those hosts > will never be able to route to 10.10.16.24 and reach your server. (The > original intent, although outdated, is for the HELO to be usable as a > hint for where to return mail to if DNS fails to generate a MX or > implicit MX record. Generating private IPs here is clearly contrary to > that.) To expand on this, just in case the OP is still confused, your private IP helo is possibly due to running your server natted behind a router. You will have to modify your servers configuration to give a FQDN or IP that is its natted equivalent. > > > Ultimately, it's up to the administrator of the system you're trying to > contact to tell you why he's filtering you. Those are purely guesses on > my part, based on looking at the HELO's your server issued, and general > knowledge of what some admins do for filtering that not everyone does. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/71247b24/signature.bin From gwong at linktechit.com Wed Apr 16 17:25:05 2008 From: gwong at linktechit.com (Gregory Wong) Date: Wed Apr 16 17:25:55 2008 Subject: FW: Unable to sa-compile In-Reply-To: Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: ATT00001.c Type: application/octet-stream Size: 256 bytes Desc: ATT00001.c Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/f8bf1fa0/ATT00001.obj From raul at chromacars.com Wed Apr 16 17:59:49 2008 From: raul at chromacars.com (raul benitez) Date: Wed Apr 16 17:59:50 2008 Subject: Two versions of Spamassasin running Message-ID: <48063085.1040301@chromacars.com> Hi I have mailscanner installed running on Blue Quartz GUI on a CENTOS 4 box (sorry for the long post) /$ rpm -qa | grep spam nuonce-spamassassin-capstone-1.0.13-1.centos4 spamass-milter-0.3.1-5 nuonce-spamassassin-ui-1.0.13-1.centos4 nuonce-spamassassin-locale-en-1.0.13-1.centos4 nuonce-spamassassin-glue-1.0.13-1.centos4 spamassassin-3.1.9-1.el4 nuonce-spamassassin-3.2.3-1/ I think i have another version of spamassasin running as well though when i do a /$ spamd -V SpamAssassin Server version 3.1.9 running on Perl 5.8.5/ when i do a check i get this /$ spamassassin -d --lint Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.5/i386-linux-t hread-multi/Scalar/Util.pm line 30. [12939] warn: plugin: failed to parse plugin (from @INC): Bareword "Mail::SpamAssassin::Consta nts::CHARSETS_LIKELY_TO_FP_AS_CAPS" not allowed while "strict subs" in use at /usr/lib/perl5/s ite_perl/5.8.5/Mail/SpamAssassin/Plugin/HeaderEval.pm line 967. [12939] warn: Compilation failed in require at (eval 88) line 1. [12939] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::HeaderEv al: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::HeaderEval" at / usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. [12939] warn: plugin: failed to parse plugin (from @INC): "CHARSETS_LIKELY_TO_FP_AS_CAPS" is n ot exported by the Mail::SpamAssassin::Constants module [12939] warn: Can't continue after import errors at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAs sassin/Plugin/MIMEEval.pm line 22 [12939] warn: BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAss assin/Plugin/MIMEEval.pm line 22. [12939] warn: Compilation failed in require at (eval 90) line 1. [12939] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::MIMEEval : Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::MIMEEval" at (eval 91) line 1. [12939] warn: config: configuration file "/usr/share/spamassassin/20_dynrdns.cf" requires vers ion 3.002003 of SpamAssassin, but this is code version 3.001009. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5 /Mail/SpamAssassin/Conf/Parser.pm line 345. [12939] warn: config: configuration file "/usr/share/spamassassin/72_active.cf" requires versi on 3.002003 of SpamAssassin, but this is code version 3.001009. Maybe you need to use the -C s witch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.5/ Mail/SpamAssassin/Conf/Parser.pm line 345. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Number found where operator expected at (eval 426) line 10, near "} [12939] warn: [12939] warn: 1" [12939] warn: (Missing operator before [12939] warn: [12939] warn: 1?) [12939] warn: rules: failed to run header tests, skipping some: syntax error at (eval 426) lin e 6, at EOF [12939] warn: Global symbol "$plugin" requires explicit package name at (eval 426) line 7. [12939] warn: syntax error at (eval 426) line 11, near "; [12939] warn: }" [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Number found where operator expected at (eval 427) line 10, near "} [12939] warn: [12939] warn: 1" [12939] warn: (Missing operator before [12939] warn: [12939] warn: 1?) [12939] warn: rules: failed to run header tests, skipping some: syntax error at (eval 427) lin e 6, at EOF [12939] warn: Global symbol "$plugin" requires explicit package name at (eval 427) line 7. [12939] warn: syntax error at (eval 427) line 11, near "; [12939] warn: }" [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Number found where operator expected at (eval 428) line 10, near "} [12939] warn: [12939] warn: 1" [12939] warn: (Missing operator before [12939] warn: [12939] warn: 1?) [12939] warn: rules: failed to run header tests, skipping some: syntax error at (eval 428) lin e 6, at EOF [12939] warn: Global symbol "$plugin" requires explicit package name at (eval 428) line 7. [12939] warn: syntax error at (eval 428) line 11, near "; [12939] warn: }" [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Number found where operator expected at (eval 429) line 10, near "} [12939] warn: [12939] warn: 1" [12939] warn: (Missing operator before [12939] warn: [12939] warn: 1?) [12939] warn: rules: failed to run header tests, skipping some: syntax error at (eval 429) lin e 6, at EOF [12939] warn: Global symbol "$plugin" requires explicit package name at (eval 429) line 7. [12939] warn: syntax error at (eval 429) line 11, near "; [12939] warn: }" [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Number found where operator expected at (eval 430) line 10, near "} [12939] warn: [12939] warn: 1" [12939] warn: (Missing operator before [12939] warn: [12939] warn: 1?) [12939] warn: rules: failed to run header tests, skipping some: syntax error at (eval 430) lin e 6, at EOF [12939] warn: Global symbol "$plugin" requires explicit package name at (eval 430) line 7. [12939] warn: syntax error at (eval 430) line 11, near "; [12939] warn: }" [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Number found where operator expected at (eval 431) line 10, near "} [12939] warn: [12939] warn: 1" [12939] warn: (Missing operator before [12939] warn: [12939] warn: 1?) [12939] warn: rules: failed to run header tests, skipping some: syntax error at (eval 431) lin e 6, at EOF [12939] warn: Global symbol "$plugin" requires explicit package name at (eval 431) line 7. [12939] warn: syntax error at (eval 431) line 11, near "; [12939] warn: }" [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Number found where operator expected at (eval 432) line 10, near "} [12939] warn: [12939] warn: 1" [12939] warn: (Missing operator before [12939] warn: [12939] warn: 1?) [12939] warn: rules: failed to run header tests, skipping some: syntax error at (eval 432) lin e 6, at EOF [12939] warn: Global symbol "$plugin" requires explicit package name at (eval 432) line 7. [12939] warn: syntax error at (eval 432) line 11, near "; [12939] warn: }" [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vend or_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2669. [12939] warn: Number found where operator expected at (eval 433) line 10, near "} [12939] warn: [12939] warn: 1" [12939] warn: (Missing operator before [12939] warn: [12939] warn: 1?) [12939] warn: rules: failed to run header tests, skipping some: syntax error at (eval 433) lin e 6, at EOF [12939] warn: Global symbol "$plugin" requires explicit package name at (eval 433) line 7. [12939] warn: syntax error at (eval 433) line 11, near "; [12939] warn: }" [12939] warn: lint: 10 issues detected, please rerun with debug enabled for more information / Now when i try to do an sa-update i get this /$ sa-update plugin: failed to parse plugin (from @INC): Bareword "Mail::SpamAssassin::Constants::CHARSETS_LIK ELY_TO_FP_AS_CAPS" not allowed while "strict subs" in use at /usr/lib/perl5/site_perl/5.8.5/Mail/ SpamAssassin/Plugin/HeaderEval.pm line 967. Compilation failed in require at (eval 87) line 1. plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::HeaderEval: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::HeaderEval" at /usr/lib/perl5/site_p erl/5.8.5/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. plugin: failed to parse plugin (from @INC): "CHARSETS_LIKELY_TO_FP_AS_CAPS" is not exported by th e Mail::SpamAssassin::Constants module Can't continue after import errors at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/MIM EEval.pm line 22 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/MIME Eval.pm line 22. Compilation failed in require at (eval 89) line 1. plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::MIMEEval: Can't locate ob ject method "new" via package "Mail::SpamAssassin::Plugin::MIMEEval" at (eval 90) line 1. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Number found where operator expected at (eval 101) line 10, near "} 1" (Missing operator before 1?) rules: failed to run header tests, skipping some: syntax error at (eval 101) line 6, at EOF Global symbol "$plugin" requires explicit package name at (eval 101) line 7. syntax error at (eval 101) line 11, near "; }" Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Number found where operator expected at (eval 102) line 10, near "} 1" (Missing operator before 1?) rules: failed to run header tests, skipping some: syntax error at (eval 102) line 6, at EOF Global symbol "$plugin" requires explicit package name at (eval 102) line 7. syntax error at (eval 102) line 11, near "; }" Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Number found where operator expected at (eval 103) line 10, near "} 1" (Missing operator before 1?) rules: failed to run header tests, skipping some: syntax error at (eval 103) line 6, at EOF Global symbol "$plugin" requires explicit package name at (eval 103) line 7. syntax error at (eval 103) line 11, near "; }" Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Number found where operator expected at (eval 104) line 10, near "} 1" (Missing operator before 1?) rules: failed to run header tests, skipping some: syntax error at (eval 104) line 6, at EOF Global symbol "$plugin" requires explicit package name at (eval 104) line 7. syntax error at (eval 104) line 11, near "; }" Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Number found where operator expected at (eval 105) line 10, near "} 1" (Missing operator before 1?) rules: failed to run header tests, skipping some: syntax error at (eval 105) line 6, at EOF Global symbol "$plugin" requires explicit package name at (eval 105) line 7. syntax error at (eval 105) line 11, near "; }" Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Number found where operator expected at (eval 106) line 10, near "} 1" (Missing operator before 1?) rules: failed to run header tests, skipping some: syntax error at (eval 106) line 6, at EOF Global symbol "$plugin" requires explicit package name at (eval 106) line 7. syntax error at (eval 106) line 11, near "; }" Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Number found where operator expected at (eval 107) line 10, near "} 1" (Missing operator before 1?) rules: failed to run header tests, skipping some: syntax error at (eval 107) line 6, at EOF Global symbol "$plugin" requires explicit package name at (eval 107) line 7. syntax error at (eval 107) line 11, near "; }" Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.5/Mai l/SpamAssassin/PerMsgStatus.pm line 2669. Number found where operator expected at (eval 108) line 10, near "} 1" (Missing operator before 1?) rules: failed to run header tests, skipping some: syntax error at (eval 108) line 6, at EOF Global symbol "$plugin" requires explicit package name at (eval 108) line 7. syntax error at (eval 108) line 11, near "; }"/ Im not really sure were to start looking to either find out if I have two versions running or how to fix this error. Thanks! From dnsadmin at 1bigthink.com Wed Apr 16 18:07:29 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Apr 16 18:08:21 2008 Subject: Got a very interesting problem.. In-Reply-To: <48043BD3.6040903@vanderkooij.org> References: <200804131830.m3DIUTHo022503@mxt.1bigthink.com> <4802E476.4010504@vanderkooij.org> <200804141347.m3EDlF0s022241@mxt.1bigthink.com> <48043BD3.6040903@vanderkooij.org> Message-ID: <200804161707.m3GH7aRY025010@mxt.1bigthink.com> At 01:23 AM 4/15/2008, you wrote: >dnsadmin 1bigthink.com wrote: >| At 12:58 AM 4/14/2008, you wrote: >| >|> -----BEGIN PGP SIGNED MESSAGE----- >|> Hash: SHA1 >|> >|> dnsadmin 1bigthink.com wrote: >|> >|> | I prefer to lurk, but I have this problem that showed up on my mail >|> | server. >|> >|> I now see your problem. Your users are having an admin who resends >|> messages. You just lost some kudo points. >|> >|> Hugo. >| >| Hello Hugo, >| >| I don't quite understand your response.. could you please apply >| clue-by-four to brain? > >I seem to have this allergic reaction to duplicate messages. Like the >fact that you did send the same message to the mailinglist twice. > >~ * Once: Thanks Hugo, Yep I made a mistake. My apologies. I got a false positive on a MailScanner list group posting that sent the MailScanner list group to my block list. Resent when I didn't see the posting show up, and well, the rest is water under the bridge (hopefully) Certainly not intentional. Any possibility of getting some attention to the actual problem? I have a bug in either sendmail or MailScanner and it appears to be loading my server. Thanks, Glenn Parsons Any possibility -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 16 18:13:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 16 18:14:55 2008 Subject: FW: Unable to sa-compile In-Reply-To: References: Message-ID: <480633CD.1020303@ecs.soton.ac.uk> SpamAssassin tries to use the 'dccproc' client or the 'dccifd' daemon, which may be running on your system. The 'cdcc' program is merely a configuration controller, it can't actually look up details on messages for you. Gregory Wong wrote: > Anyone have an answer to this? > > ------ Forwarded Message > *From: *Gregory Wong > *Reply-To: *MailScanner discussion > *Date: *Mon, 14 Apr 2008 13:06:28 -0400 > *To: *MailScanner discussion > *Subject: *Re: Unable to sa-compile > > I?ll make that change and see how it goes. Just curious but I have the > dcc-client installed. Is DCC that the sa-compile is looking for > different from the dcc-client. I can run ?cdcc info? and get the > following output: > > root@smtp1:~# cdcc info > # 04/14/08 13:05:10 EDT /var/lib/dcc/map > # Re-resolve names after 14:07:19 > # 151.20 ms threshold, 181.55 ms average 12 total, 12 working servers > IPv6 on > > dcc1.dcc-servers.net,- anon > # ::ffff:64.124.52.232,- dcc-servers ID 1049 > # 100% of 32 requests ok 195.17 ms RTT 100 ms queue wait > # ::ffff:136.161.101.6,- dcc-servers.net ID 102 > # 94% of 32 requests ok 181.20 ms RTT 100 ms queue wait > # ::ffff:142.27.70.211,- CollegeOfNewCaledonia ID 1189 > # 100% of 12 requests ok 218.19 ms RTT 100 ms queue wait > # ::ffff:208.201.249.233,- sonic.net ID 1117 > # 100% of 32 requests ok 188.98 ms RTT 100 ms queue wait > # * ::ffff:216.134.200.215,- ID 1113 > # 100% of 32 requests ok 119.88 ms RTT 100 ms queue wait > > dcc2.dcc-servers.net,- anon > # ::ffff:136.199.199.102,- URT ID 1060 > # 100% of 32 requests ok 229.96 ms RTT 100 ms queue wait > # ::ffff:192.84.137.21,- INFN-TO ID 1233 > # 100% of 32 requests ok 236.94 ms RTT 100 ms queue wait > # ::ffff:193.166.171.33,- HP_X86_64_8CPU ID 1245 > # 100% of 1 requests ok 245.32 ms RTT 100 ms queue wait > # ::ffff:208.201.249.232,- sonic.net ID 1156 > # 100% of 32 requests ok 190.91 ms RTT 100 ms queue wait > > dcc3.dcc-servers.net,- anon > # ::ffff:192.135.10.194,- debian ID 1169 > # 88% of 32 requests ok 475.50 ms RTT 100 ms queue wait > > dcc4.dcc-servers.net,- anon > > dcc5.dcc-servers.net,- anon > # ::ffff:195.20.8.232,- EATSERVER ID 1166 > # 100% of 3 requests ok 151.20 ms RTT 10 ms queue wait > # ::ffff:203.81.36.6,- PacNet-SG ID 1358 > # 100% of 4 requests ok 392.86 ms RTT 100 ms queue wait > > > > On 4/14/08 11:10 AM, "Julian Field" wrote: > > In which case you probably aren't using DCC. So comment out the DCC > lines from your /etc/mail/spamassassin/*pre and > /etc/MailScanner/spam.assassin.prefs.conf files. > Then do another "spamassassin --lint" to be sure it completes without > printing any errors. > > > Gregory Wong wrote: > > Hi everyone, > > > > I am running Postfix w/ MailScanner, Spamassassassin, Pyzor, Razor, > > DCC, etc. When I run sa-update and then sa-compile, I get the > > following error message: > > > > root@smtp1:~# sa-compile > > [1942] info: config: dcc_path "/usr/local/bin/dccproc" isn't an > executable > > [1942] info: config: SpamAssassin failed to parse line, > > "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: > > dcc_path /usr/local/bin/dccproc > > [1942] info: generic: base extraction starting. this can take a > while... > > [1942] info: generic: extracting from rules of type body_0 > > 100% [===========================================] 8.27 rules/sec > > 00m55s DONE > > 100% [===========================================] 104.01 bases/sec > > 00m09s DONE > > [1942] info: body_0: 681 base strings extracted in 66 seconds > > sa-compile: not compiling; 'spamassassin --lint' check failed! > > > > Any ideas on how to resolve it? I can?t seem to find where the DCC > > executable is. > > > > Thanks. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > ------ End of Forwarded Message > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 16 18:16:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 16 18:17:09 2008 Subject: Two versions of Spamassasin running In-Reply-To: <48063085.1040301@chromacars.com> References: <48063085.1040301@chromacars.com> Message-ID: <48063471.4060208@ecs.soton.ac.uk> You have at least 2 versions installed. Get rid of all of them and start again. You don't need to run the spamd daemon if you are using MailScanner as it doesn't use it anyway, it communicates more directly with SpamAssassin without the daemon getting in the way. Delete all of those RPMs and fetch a nice shiny new version from your favourite source. raul benitez wrote: > Hi I have mailscanner installed running on Blue Quartz GUI on a CENTOS > 4 box (sorry for the long post) > > /$ rpm -qa | grep spam > nuonce-spamassassin-capstone-1.0.13-1.centos4 > spamass-milter-0.3.1-5 > nuonce-spamassassin-ui-1.0.13-1.centos4 > nuonce-spamassassin-locale-en-1.0.13-1.centos4 > nuonce-spamassassin-glue-1.0.13-1.centos4 > spamassassin-3.1.9-1.el4 > nuonce-spamassassin-3.2.3-1/ > > I think i have another version of spamassasin running as well though > when i do a > > /$ spamd -V > SpamAssassin Server version 3.1.9 > running on Perl 5.8.5/ > > > when i do a check i get this > > <<< SNIP SNIP >>> > > Im not really sure were to start looking to either find out if I have > two versions running or how to fix this error. > > Thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From antencek at volja.net Wed Apr 16 18:53:25 2008 From: antencek at volja.net (Antencek) Date: Wed Apr 16 18:54:42 2008 Subject: MailScanner and Zip Attachments In-Reply-To: <48052350.8050009@ecs.soton.ac.uk> References: <4804F70B.6060807@volja.net> <48052350.8050009@ecs.soton.ac.uk> Message-ID: <48063D15.8020001@volja.net> Thank you for your reply, Julian. I have tried what you suggested: MailScanner --value=zipattachments --from user1@domain1.com Result is "0" MailScanner --value=zipattachments --from user2@domain1.com Result is "0" MailScanner --value=zipattachments --from user2@domain2.com Result is "1" Content of my zip-attachments.rules: FromOrTo: @domain1 no FromOrTo: default yes MailScanner --value=attachmentsmintotalsizetozip --from user1@domain1.com Result is "100000000" MailScanner --value=attachmentsmintotalsizetozip --from user2@domain1.com Result is "100000000" MailScanner --value=attachmentsmintotalsizetozip --from user2@domain2.com Result is "500000" Content of my zip-attachments.size.rules: FromOrTo: @domain1.com 100m FromOrTo: default 500k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml .wmv .avi Looks like MailScanner settings are OK, but my MailScanner is ignoring them. I was testing with 2Mb .pps file sending it as an attachment from user3@domain3.com to user1@domain.com or user2@domain2.com. The result of sending it to user2@domain2.com should be attached .zip file, not .pps. Can you see what am I doing wrong? Thank you. Antencek Julian Field wrote: > > > Antencek wrote: >> Hello all! >> >> >> I am using MailScanner 4.66.5 with Zip Attachments setting = yes. >> Works great. >> >> Now I want to set rules for particular e-mail address/domain not to >> zip attachments (FromOrTo). >> >> According to >> http://www.mailscanner.info/MailScanner.conf.index.html#Zip%20Attachments >> >> I have made zip-attachments.rules with the content: >> >> FromOrTo: my.email@address.com no >> FromOrTo: @domain1.com no >> FromOrTo: default yes >> >> And set MailScanner.conf: >> Zip Attachments = %rules-dir%/zip-attachments.rules >> >> Restarted MailScanner, but this does not seem to work. >> The MailScanner is acting like Zip Attachments setting = no for >> everyone. >> >> >> Please help me find what I am doing wrong? > Make sure you aren't just giving it files that are too small to > trigger it: > Attachments Min Total Size To Zip = 100k > is the default setting. > > Also, remember that MailScanner uses the envelope sender and > recipient(s) and not the addresses that appear in the headers. > > Have you checked it with "MailScanner --lint"? Also, what happens when > you do a command like this: > MailScanner --value=zipattachments --from user@domain1.com > and then an opposite example: > MailScanner --value=zipattachments --from user@domain2.com > The first one should give you a "no" result while the 2nd one should > give you a "yes" result. > > If that works, then your ruleset is correct, and so you need to get > back to us so I can take a look and test it out myself. >> >> >> I would also like to put in use other rules for zip and attachments >> based on FromOrTo. > Don't quite understand your point here. > > Jules > From antencek at volja.net Wed Apr 16 18:54:44 2008 From: antencek at volja.net (Antencek) Date: Wed Apr 16 18:55:23 2008 Subject: MailScanner and Zip Attachments In-Reply-To: <48052350.8050009@ecs.soton.ac.uk> References: <4804F70B.6060807@volja.net> <48052350.8050009@ecs.soton.ac.uk> Message-ID: <48063D64.50005@volja.net> Thank you for your reply, Julian. I have tried what you suggested: MailScanner --value=zipattachments --from user1@domain1.com Result is "0" MailScanner --value=zipattachments --from user2@domain1.com Result is "0" MailScanner --value=zipattachments --from user2@domain2.com Result is "1" Content of my zip-attachments.rules: FromOrTo: @domain1.com no FromOrTo: default yes MailScanner --value=attachmentsmintotalsizetozip --from user1@domain1.com Result is "100000000" MailScanner --value=attachmentsmintotalsizetozip --from user2@domain1.com Result is "100000000" MailScanner --value=attachmentsmintotalsizetozip --from user2@domain2.com Result is "500000" Content of my zip-attachments.size.rules: FromOrTo: @domain1.com 100m FromOrTo: default 500k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml .wmv .avi Looks like MailScanner settings are OK, but my MailScanner is ignoring them. I was testing with 2Mb .pps file sending it as an attachment from user3@domain3.com to user1@domain.com or user2@domain2.com. The result of sending it to user2@domain2.com should be attached .zip file, not .pps. Can you see what am I doing wrong? Thank you. Antencek Julian Field wrote: > > > Antencek wrote: >> Hello all! >> >> >> I am using MailScanner 4.66.5 with Zip Attachments setting = yes. >> Works great. >> >> Now I want to set rules for particular e-mail address/domain not to >> zip attachments (FromOrTo). >> >> According to >> http://www.mailscanner.info/MailScanner.conf.index.html#Zip%20Attachments >> >> I have made zip-attachments.rules with the content: >> >> FromOrTo: my.email@address.com no >> FromOrTo: @domain1.com no >> FromOrTo: default yes >> >> And set MailScanner.conf: >> Zip Attachments = %rules-dir%/zip-attachments.rules >> >> Restarted MailScanner, but this does not seem to work. >> The MailScanner is acting like Zip Attachments setting = no for >> everyone. >> >> >> Please help me find what I am doing wrong? > Make sure you aren't just giving it files that are too small to > trigger it: > Attachments Min Total Size To Zip = 100k > is the default setting. > > Also, remember that MailScanner uses the envelope sender and > recipient(s) and not the addresses that appear in the headers. > > Have you checked it with "MailScanner --lint"? Also, what happens when > you do a command like this: > MailScanner --value=zipattachments --from user@domain1.com > and then an opposite example: > MailScanner --value=zipattachments --from user@domain2.com > The first one should give you a "no" result while the 2nd one should > give you a "yes" result. > > If that works, then your ruleset is correct, and so you need to get > back to us so I can take a look and test it out myself. >> >> >> I would also like to put in use other rules for zip and attachments >> based on FromOrTo. > Don't quite understand your point here. > > Jules > From ssilva at sgvwater.com Wed Apr 16 18:56:19 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 16 18:57:03 2008 Subject: FW: Unable to sa-compile In-Reply-To: References: Message-ID: on 4-16-2008 9:25 AM Gregory Wong spake the following: > Anyone have an answer to this? > What does the command "which dccproc" say? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/1f733a41/signature.bin From ssilva at sgvwater.com Wed Apr 16 19:04:28 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 16 19:04:51 2008 Subject: Two versions of Spamassasin running In-Reply-To: <48063085.1040301@chromacars.com> References: <48063085.1040301@chromacars.com> Message-ID: on 4-16-2008 9:59 AM raul benitez spake the following: > Hi I have mailscanner installed running on Blue Quartz GUI on a CENTOS 4 > box (sorry for the long post) > > /$ rpm -qa | grep spam > nuonce-spamassassin-capstone-1.0.13-1.centos4 > spamass-milter-0.3.1-5 > nuonce-spamassassin-ui-1.0.13-1.centos4 > nuonce-spamassassin-locale-en-1.0.13-1.centos4 > nuonce-spamassassin-glue-1.0.13-1.centos4 > spamassassin-3.1.9-1.el4 > nuonce-spamassassin-3.2.3-1/ > This looks like you have the default spamassassin from Centos 4 loaded (spamassassin-3.1.9-1.el4) and NuOnce's (nuonce-spamassassin-3.2.3-1). -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/c7fd8cfc/signature.bin From peter at farrows.org Wed Apr 16 20:21:55 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Apr 16 20:22:48 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <480611BE.6050902@evi-inc.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> Message-ID: <480651D3.8000109@farrows.org> Matt Kettler wrote: > Budi Febrianto wrote: >> Dear All, >> >> I know this OOT, but because many sendmail experts in here, I give it >> a shot. >> >> I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. >> >> Whenever my users sent emails to certain domains, it will rejected >> with this error. >> >> >>>>> >> 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus >> helo xxx.xxx.xxx.xxx) >> >>>>> >> >> I'm not sure what happen, because I don't have the same problem with >> others domain. > > Your system is issuing a HELO in IP format, which is RFC compliant, > but some view this as a sign a system isn't properly configured and > will refuse mail from such systems. > > However, more troublesome is your system is issuing a HELO in IP > format using a private-range non-routable IP, 10.10.16.24. This is > blatantly bogus when communicating with hosts outside your network, as > those hosts will never be able to route to 10.10.16.24 and reach your > server. (The original intent, although outdated, is for the HELO to be > usable as a hint for where to return mail to if DNS fails to generate > a MX or implicit MX record. Generating private IPs here is clearly > contrary to that.) > > > Ultimately, it's up to the administrator of the system you're trying > to contact to tell you why he's filtering you. Those are purely > guesses on my part, based on looking at the HELO's your server issued, > and general knowledge of what some admins do for filtering that not > everyone does. I agree, technically its against RFC to block email based on a bad helo see RFC 2821, however none of the systems I administer will accept an obviously bogus hello, this is very effective at MTA level in controlling the entry of spam into the mailscanner. RFC 2821 >> "However, the server MUST NOT refuse to accept a message for this reason if the verification fails" Its up to you how you handle it, but more and more servers will refuse a bad helo even though technically they shouldn't. Pete From philippe.thomassigny at gmail.com Wed Apr 16 20:24:40 2008 From: philippe.thomassigny at gmail.com (Philippe Thomassigny) Date: Wed Apr 16 20:25:22 2008 Subject: MailScanner is 100% CPU during 1 to 2 hours when starting Message-ID: <444f58120804161224k4e8f343dn9574d3499f828fb7@mail.gmail.com> Hello to the comunity I have a strange behaviour on my servers (and not only one !) MailScanner is installed with clamav, spamassassin in a Ensim Pro X environment. When i start or restart the MailScanner, it starts to take 100% CPU for all children processes during 1 to 2 hours which is *really* annoying since it literrally blocks all mail dispatching during this time. PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 27363 root 25 0 62208 50m 2476 R 50 2.5 7:24.52 MailScanner: starting children 26948 root 25 0 62208 50m 2476 R 48 2.5 7:30.29 MailScanner: starting children 27050 root 25 0 62208 50m 2476 R 41 2.5 7:28.99 MailScanner: starting children 27647 root 25 0 62216 50m 2476 R 40 2.5 7:25.04 MailScanner: starting children 27206 root 25 0 62208 50m 2476 R 39 2.5 7:29.69 MailScanner: starting children 27471 root 25 0 62076 50m 2476 R 39 2.5 7:15.67 MailScanner: starting children 27552 root 25 0 62208 50m 2476 R 35 2.5 7:27.87 MailScanner: starting children 27292 root 25 0 62208 50m 2476 R 33 2.5 7:24.72 MailScanner: starting children The processes are in "starting children" state during 1 to 2 hours, i already tried to put only 1 , 4, 8, 10 processes, it's the same. I searched into the MailScanner.conf and found nothing that could help (hard disk scanning ar the start or anything similar ?) And suddenly after about 2 hours, it stops to use CPU and start to work normally. Some info: [root@ns1 images]# MailScanner -v Running on Linux ns1.adigital.net.mx 2.6.18-53.1.6.el5 #1 SMP Wed Jan 16 03:56:43 EST 2008 i686 i686 i386 GNU/Linux This is Red Hat Enterprise Linux Server release 5.1 (Tikanga) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.58.9 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.16 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.55 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.74 Mail::Header 3.07 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.07 MIME::QuotedPrint 5.420 MIME::Tools 0.10 Net::CIDR 1.09 POSIX 1.78 Socket 1.4 Sys::Hostname::Long 0.13 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.814 DB_File 1.13 DBD::SQLite 1.52 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 0.44 Inline 0.20 Mail::ClamAV 3.001009 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 1.25 Net::IP 0.59 Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI 2.56 Test::Harness 0.62 Test::Simple 1.95 Text::Balanced 1.35 URI [root@ns1 images]# I tried to get files openned by a MailScanner: starting childron process but found nothing really weirdo [root@ns1 images]# lsof -p 27050 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME MailScann 27050 root cwd DIR 3,3 90112 4423741 /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue MailScann 27050 root rtd DIR 3,3 4096 2 / MailScann 27050 root txt REG 3,3 14784 22320193 /usr/bin/perl MailScann 27050 root mem REG 3,3 1241272 22413572 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so MailScann 27050 root mem REG 3,3 9804 23134448 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Filesys/Df/Df.so MailScann 27050 root mem REG 3,3 5956 22446361 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Sys/Hostname/Hostname.so MailScann 27050 root mem REG 3,3 18224 22446147 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/File/Glob/Glob.so MailScann 27050 root mem REG 3,3 13932 22446365 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Sys/Syslog/Syslog.so MailScann 27050 root mem REG 3,3 8808 22446102 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Cwd/Cwd.so MailScann 27050 root mem REG 3,3 13944 22446117 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Digest/MD5/MD5.so MailScann 27050 root mem REG 3,3 157304 22320449 /usr/lib/libk5crypto.so.3.1 MailScann 27050 root mem REG 3,3 46680 29425704 /lib/ libnss_files-2.5.so MailScann 27050 root mem REG 3,3 248028 22331724 /usr/lib/libcurl.so.3.0.0 MailScann 27050 root mem REG 3,3 18976 22446367 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Time/HiRes/HiRes.so MailScann 27050 root mem REG 3,3 10900 22446168 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/MIME/Base64/Base64.so MailScann 27050 root mem REG 3,3 187704 22324060 /usr/lib/libgssapi_krb5.so.2.2 MailScann 27050 root mem REG 3,3 881927 22331722 /usr/lib/sse2/libgmp.so.3.3.3 MailScann 27050 root mem REG 3,3 281180 29427206 /lib/libssl.so.0.9.8b MailScann 27050 root mem REG 3,3 601044 22320472 /usr/lib/libkrb5.so.3.3 MailScann 27050 root mem REG 3,3 64076 22479037 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Compress/Zlib/Zlib.so MailScann 27050 root mem REG 3,3 198840 22331723 /usr/lib/libidn.so.11.5.19 MailScann 27050 root mem REG 3,3 234380 29427222 /lib/libssl.so.0.9.7a MailScann 27050 root mem REG 3,3 11716 22446145 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Fcntl/Fcntl.so MailScann 27050 root mem REG 3,3 85344 23103199 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Mail/ClamAV/ClamAV.so MailScann 27050 root mem REG 3,3 67788 22328291 /usr/lib/libbz2.so.1.0.3 MailScann 27050 root mem REG 3,3 20216 22446335 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so MailScann 27050 root mem REG 3,3 489020 22325711 /usr/lib/libclamav.so.2.0.1 MailScann 27050 root mem REG 3,3 115040 22446173 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/POSIX/POSIX.so MailScann 27050 root mem REG 3,3 1011024 29427216 /lib/ libdb-4.3.so MailScann 27050 root mem REG 3,3 53756 22446104 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/DB_File/DB_File.so MailScann 27050 root mem REG 3,3 15164 29425721 /lib/ libutil-2.5.so MailScann 27050 root mem REG 3,3 16036 22446160 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so MailScann 27050 root mem REG 3,3 43240 22479943 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/HTML/Parser/Parser.so MailScann 27050 root mem REG 3,3 125736 29425666 /lib/ ld-2.5.so MailScann 27050 root mem REG 3,3 1589908 29425682 /lib/ libc-2.5.so MailScann 27050 root mem REG 3,3 16428 29425689 /lib/ libdl-2.5.so MailScann 27050 root mem REG 3,3 208352 29425705 /lib/ libm-2.5.so MailScann 27050 root mem REG 3,3 125644 29425697 /lib/ libpthread-2.5.so MailScann 27050 root mem REG 3,3 75284 22319473 /usr/lib/libz.so.1.2.3 MailScann 27050 root mem REG 3,3 242880 29425865 /lib/libsepol.so.1 MailScann 27050 root mem REG 3,3 93512 29425867 /lib/libselinux.so.1 MailScann 27050 root mem REG 3,3 101404 29425713 /lib/ libnsl-2.5.so MailScann 27050 root mem REG 3,3 27736 29425717 /lib/ libcrypt-2.5.so MailScann 27050 root mem REG 3,3 76400 29425715 /lib/ libresolv-2.5.so MailScann 27050 root mem REG 3,3 7748 29425878 /lib/libcom_err.so.2.1 MailScann 27050 root mem REG 3,3 8072 29425856 /lib/ libkeyutils-1.2.so MailScann 27050 root mem REG 3,3 36168 22446165 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/List/Util/Util.so MailScann 27050 root mem REG 3,3 116948 22479915 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/DBI/DBI.so MailScann 27050 root mem REG 3,3 33648 22320202 /usr/lib/libkrb5support.so.0.1 MailScann 27050 root mem REG 3,3 25112 29427192 /lib/libnss_ensimvwh.so.2 MailScann 27050 root mem REG 3,3 1241936 29425880 /lib/libcrypto.so.0.9.8b MailScann 27050 root mem REG 3,3 1157072 29427153 /lib/libcrypto.so.0.9.7a MailScann 27050 root mem REG 3,3 56413584 22330259 /usr/lib/locale/locale-archive MailScann 27050 root 0r CHR 1,3 1223 /dev/null MailScann 27050 root 1w CHR 1,3 1223 /dev/null MailScann 27050 root 2w CHR 1,3 1223 /dev/null MailScann 27050 root 3u unix 0xf35fbb80 184178683 socket MailScann 27050 root 4r REG 3,3 56745 23363698 /usr/lib/MailScanner/MailScanner/CustomConfig.pm MailScann 27050 root 5r REG 3,3 19933 23363697 /usr/lib/MailScanner/MailScanner/ConfigDefs.pl MailScann 27050 root 6r REG 3,3 2727 23363699 /usr/lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm MailScann 27050 root 7uR REG 3,3 0 23003257 /var/lib/clamav/.dbLock MailScann 27050 root 8r DIR 3,3 4096 23003255 /var/lib/clamav MailScann 27050 root 9uR REG 3,3 0 23040417 /var/lib/clamav/main.inc/.dbLock MailScann 27050 root 10r DIR 3,3 4096 23040410 /var/lib/clamav/main.inc MailScann 27050 root 11r REG 3,3 7864180 23040420 /var/lib/clamav/main.inc/main.mdb [root@ns1 images]# Thanks if you can help M -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/2389af83/attachment-0001.html From glenn.steen at gmail.com Wed Apr 16 20:41:27 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Apr 16 20:48:14 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <480651D3.8000109@farrows.org> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> Message-ID: <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> On 16/04/2008, Peter Farrow wrote: > Matt Kettler wrote: > > > Budi Febrianto wrote: > > > > > Dear All, > > > > > > I know this OOT, but because many sendmail experts in here, I give it a > shot. > > > > > > I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. > > > > > > Whenever my users sent emails to certain domains, it will rejected with > this error. > > > > > > >>>>> > > > 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus > helo xxx.xxx.xxx.xxx) > > > >>>>> > > > > > > I'm not sure what happen, because I don't have the same problem with > others domain. > > > > > > > Your system is issuing a HELO in IP format, which is RFC compliant, but > some view this as a sign a system isn't properly configured and will refuse > mail from such systems. > > > > However, more troublesome is your system is issuing a HELO in IP format > using a private-range non-routable IP, 10.10.16.24. This is blatantly bogus > when communicating with hosts outside your network, as those hosts will > never be able to route to 10.10.16.24 and reach your server. (The original > intent, although outdated, is for the HELO to be usable as a hint for where > to return mail to if DNS fails to generate a MX or implicit MX record. > Generating private IPs here is clearly contrary to that.) > > > > > > Ultimately, it's up to the administrator of the system you're trying to > contact to tell you why he's filtering you. Those are purely guesses on my > part, based on looking at the HELO's your server issued, and general > knowledge of what some admins do for filtering that not everyone does. > > > > I agree, technically its against RFC to block email based on a bad helo see > RFC 2821, however none of the systems I administer will accept an obviously > bogus hello, this is very effective at MTA level in controlling the entry of > spam into the mailscanner. > > RFC 2821 >> "However, the server MUST NOT refuse to accept a message for > this reason if the verification fails" This only pertain to verification (via DNS) of the address. If the adress doesn't follow the norm for a FQDN (the letter of the law, so to speak), you are quite right to reject it. Matt and I hashed this over a while back, go look in the archives (or both RFC1123 (which manage HELO) and 2821 (for EHLO))...;-) > Its up to you how you handle it, but more and more servers will refuse a > bad helo even though technically they shouldn't. ... oh yes they should... at least if the form (a plain word, or malformed address literal... or somesuch) is wrong. But you are right in that RFC1123/2821 demand that you don't reject based on a DNS verification (although you're free to do one... Whatever good that would do:-). > Pete > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Wed Apr 16 20:52:38 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Apr 16 20:53:42 2008 Subject: Two versions of Spamassasin running In-Reply-To: <48063471.4060208@ecs.soton.ac.uk> References: <48063085.1040301@chromacars.com> <48063471.4060208@ecs.soton.ac.uk> Message-ID: <48065906.5090301@evi-inc.com> Also, get rid of spamass-milter.. There's no reason you should be running SpamAssassin under MailScanner and in a milter milter. Pick one or the other, but doing both is silly. Julian Field wrote: > You have at least 2 versions installed. Get rid of all of them and start > again. You don't need to run the spamd daemon if you are using > MailScanner as it doesn't use it anyway, it communicates more directly > with SpamAssassin without the daemon getting in the way. > > Delete all of those RPMs and fetch a nice shiny new version from your > favourite source. > > raul benitez wrote: >> Hi I have mailscanner installed running on Blue Quartz GUI on a CENTOS >> 4 box (sorry for the long post) >> >> /$ rpm -qa | grep spam >> nuonce-spamassassin-capstone-1.0.13-1.centos4 >> spamass-milter-0.3.1-5 >> nuonce-spamassassin-ui-1.0.13-1.centos4 >> nuonce-spamassassin-locale-en-1.0.13-1.centos4 >> nuonce-spamassassin-glue-1.0.13-1.centos4 >> spamassassin-3.1.9-1.el4 >> nuonce-spamassassin-3.2.3-1/ >> >> I think i have another version of spamassasin running as well though >> when i do a >> >> /$ spamd -V >> SpamAssassin Server version 3.1.9 >> running on Perl 5.8.5/ >> >> >> when i do a check i get this >> >> <<< SNIP SNIP >>> >> >> Im not really sure were to start looking to either find out if I have >> two versions running or how to fix this error. >> >> Thanks! > > Jules > From gwong at linktechit.com Wed Apr 16 21:01:55 2008 From: gwong at linktechit.com (Gregory Wong) Date: Wed Apr 16 21:02:47 2008 Subject: Unable to sa-compile In-Reply-To: Message-ID: root@smtp1:~# which dccproc /usr/bin/dccproc On 4/16/08 1:56 PM, "Scott Silva" wrote: on 4-16-2008 9:25 AM Gregory Wong spake the following: > Anyone have an answer to this? > What does the command "which dccproc" say? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/e65b7a48/attachment.html From MailScanner at ecs.soton.ac.uk Wed Apr 16 21:19:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 16 21:20:42 2008 Subject: MailScanner is 100% CPU during 1 to 2 hours when starting In-Reply-To: <444f58120804161224k4e8f343dn9574d3499f828fb7@mail.gmail.com> References: <444f58120804161224k4e8f343dn9574d3499f828fb7@mail.gmail.com> Message-ID: <48065F6D.9050709@ecs.soton.ac.uk> 1) 1st thing to check: Edit MailScanner.conf and make sure that both "Debug = no" and "Debug SpamAssassin = no". 2) Then I would strongly advise you upgrade MailScanner as you are running a version 1 year old. When you do the upgrade, "upgrade_MailScanner_conf" will do the hard work of updating your MailScanner.conf file for you. So upgrading is a pretty quick and easy task. 3) And importantly, upgrade your ClamAV to the latest (in which case you won't be able to use the "clamavmodule" virus scanner in MailScanner), or else 1 version back which is 0.92.1 which will work with the most recent version of Mail-ClamAV module so the "clamavmodule" virus scanner will work. You find your virus scanners by checking the "Virus Scanners =" setting in MailScanner.conf or run MailScanner --lint and it will tell you (if your version of MailScanner even *has* the --lint command-line option!). If you installed ClamAV and SpamAssassin from my easy-install package from www.mailscanner.info, then you can get the 0.92.1 version from http://www.mailscanner.info/files/4/install-Clam-0.92.1-SA-3.2.4.tar.gz If you aren't trying to use the "clamavmodule" virus scanner, then upgrade to the latest one at http://www.mailscanner.info/files/4/install-Clam-0.93-SA-3.2.4.tar.gz Good luck! Philippe Thomassigny wrote: > Hello to the comunity > > I have a strange behaviour on my servers (and not only one !) > MailScanner is installed with clamav, spamassassin in a Ensim Pro X > environment. > > When i start or restart the MailScanner, it starts to take 100% CPU > for all children processes during 1 to 2 hours > which is *really* annoying since it literrally blocks all mail > dispatching during this time. > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 27363 root 25 0 62208 50m 2476 R 50 2.5 7:24.52 > MailScanner: starting children > 26948 root 25 0 62208 50m 2476 R 48 2.5 7:30.29 > MailScanner: starting children > 27050 root 25 0 62208 50m 2476 R 41 2.5 7:28.99 > MailScanner: starting children > 27647 root 25 0 62216 50m 2476 R 40 2.5 7:25.04 > MailScanner: starting children > 27206 root 25 0 62208 50m 2476 R 39 2.5 7:29.69 > MailScanner: starting children > 27471 root 25 0 62076 50m 2476 R 39 2.5 7:15.67 > MailScanner: starting children > 27552 root 25 0 62208 50m 2476 R 35 2.5 7:27.87 > MailScanner: starting children > 27292 root 25 0 62208 50m 2476 R 33 2.5 7:24.72 > MailScanner: starting children > The processes are in "starting children" state during 1 to 2 hours, > i already tried to put only 1 , 4, 8, 10 processes, it's the same. > I searched into the MailScanner.conf and found nothing that could help > (hard disk scanning ar the start or anything similar ?) > > And suddenly after about 2 hours, it stops to use CPU and start to > work normally. > > Some info: > > [root@ns1 images]# MailScanner -v > Running on > Linux ns1.adigital.net.mx > 2.6.18-53.1.6.el5 #1 SMP Wed Jan 16 03:56:43 EST 2008 i686 i686 i386 > GNU/Linux > This is Red Hat Enterprise Linux Server release 5.1 (Tikanga) > This is Perl version 5.008008 (5.8.8) > This is MailScanner version 4.58.9 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.04 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.16 File::Temp > 0.90 Filesys::Df > 1.35 HTML::Entities > 3.55 HTML::Parser > 2.37 HTML::TokeParser > 1.22 IO > 1.13 IO::File > 1.13 IO::Pipe > 1.74 Mail::Header > 3.07 MIME::Base64 > 5.420 MIME::Decoder > 5.420 MIME::Decoder::UU > 5.420 MIME::Head > 5.420 MIME::Parser > 3.07 MIME::QuotedPrint > 5.420 MIME::Tools > 0.10 Net::CIDR > 1.09 POSIX > 1.78 Socket > 1.4 Sys::Hostname::Long > 0.13 Sys::Syslog > 1.86 Time::HiRes > 1.02 Time::localtime > Optional module versions are: > 0.17 Convert::TNEF > 1.814 DB_File > 1.13 DBD::SQLite > 1.52 DBI > 1.14 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 0.44 Inline > 0.20 Mail::ClamAV > 3.001009 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 1.25 Net::IP > 0.59 Net::DNS > missing Net::LDAP > missing Parse::RecDescent > missing SAVI > 2.56 Test::Harness > 0.62 Test::Simple > 1.95 Text::Balanced > 1.35 URI > [root@ns1 images]# > I tried to get files openned by a MailScanner: starting childron > process but found nothing really weirdo > > [root@ns1 images]# lsof -p 27050 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > MailScann 27050 root cwd DIR 3,3 90112 4423741 > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue > MailScann 27050 root rtd DIR 3,3 4096 2 / > MailScann 27050 root txt REG 3,3 14784 22320193 > /usr/bin/perl > MailScann 27050 root mem REG 3,3 1241272 22413572 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so > MailScann 27050 root mem REG 3,3 9804 23134448 > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Filesys/Df/Df.so > MailScann 27050 root mem REG 3,3 5956 22446361 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Sys/Hostname/Hostname.so > MailScann 27050 root mem REG 3,3 18224 22446147 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/File/Glob/Glob.so > MailScann 27050 root mem REG 3,3 13932 22446365 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Sys/Syslog/Syslog.so > MailScann 27050 root mem REG 3,3 8808 22446102 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Cwd/Cwd.so > MailScann 27050 root mem REG 3,3 13944 22446117 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Digest/MD5/MD5.so > MailScann 27050 root mem REG 3,3 157304 22320449 > /usr/lib/libk5crypto.so.3.1 > MailScann 27050 root mem REG 3,3 46680 29425704 > /lib/libnss_files-2.5.so > MailScann 27050 root mem REG 3,3 248028 22331724 > /usr/lib/libcurl.so.3.0.0 > MailScann 27050 root mem REG 3,3 18976 22446367 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Time/HiRes/HiRes.so > MailScann 27050 root mem REG 3,3 10900 22446168 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/MIME/Base64/Base64.so > MailScann 27050 root mem REG 3,3 187704 22324060 > /usr/lib/libgssapi_krb5.so.2.2 > MailScann 27050 root mem REG 3,3 881927 22331722 > /usr/lib/sse2/libgmp.so.3.3.3 > MailScann 27050 root mem REG 3,3 281180 29427206 > /lib/libssl.so.0.9.8b > MailScann 27050 root mem REG 3,3 601044 22320472 > /usr/lib/libkrb5.so.3.3 > MailScann 27050 root mem REG 3,3 64076 22479037 > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/Compress/Zlib/Zlib.so > MailScann 27050 root mem REG 3,3 198840 22331723 > /usr/lib/libidn.so.11.5.19 > MailScann 27050 root mem REG 3,3 234380 29427222 > /lib/libssl.so.0.9.7a > MailScann 27050 root mem REG 3,3 11716 22446145 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Fcntl/Fcntl.so > MailScann 27050 root mem REG 3,3 85344 23103199 > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Mail/ClamAV/ClamAV.so > MailScann 27050 root mem REG 3,3 67788 22328291 > /usr/lib/libbz2.so.1.0.3 > MailScann 27050 root mem REG 3,3 20216 22446335 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so > MailScann 27050 root mem REG 3,3 489020 22325711 > /usr/lib/libclamav.so.2.0.1 > MailScann 27050 root mem REG 3,3 115040 22446173 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/POSIX/POSIX.so > MailScann 27050 root mem REG 3,3 1011024 29427216 > /lib/libdb-4.3.so > MailScann 27050 root mem REG 3,3 53756 22446104 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/DB_File/DB_File.so > MailScann 27050 root mem REG 3,3 15164 29425721 > /lib/libutil-2.5.so > MailScann 27050 root mem REG 3,3 16036 22446160 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so > MailScann 27050 root mem REG 3,3 43240 22479943 > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/HTML/Parser/Parser.so > MailScann 27050 root mem REG 3,3 125736 29425666 > /lib/ld-2.5.so > MailScann 27050 root mem REG 3,3 1589908 29425682 > /lib/libc-2.5.so > MailScann 27050 root mem REG 3,3 16428 29425689 > /lib/libdl-2.5.so > MailScann 27050 root mem REG 3,3 208352 29425705 > /lib/libm-2.5.so > MailScann 27050 root mem REG 3,3 125644 29425697 > /lib/libpthread-2.5.so > MailScann 27050 root mem REG 3,3 75284 22319473 > /usr/lib/libz.so.1.2.3 > MailScann 27050 root mem REG 3,3 242880 29425865 > /lib/libsepol.so.1 > MailScann 27050 root mem REG 3,3 93512 29425867 > /lib/libselinux.so.1 > MailScann 27050 root mem REG 3,3 101404 29425713 > /lib/libnsl-2.5.so > MailScann 27050 root mem REG 3,3 27736 29425717 > /lib/libcrypt-2.5.so > MailScann 27050 root mem REG 3,3 76400 29425715 > /lib/libresolv-2.5.so > MailScann 27050 root mem REG 3,3 7748 29425878 > /lib/libcom_err.so.2.1 > MailScann 27050 root mem REG 3,3 8072 29425856 > /lib/libkeyutils-1.2.so > MailScann 27050 root mem REG 3,3 36168 22446165 > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/List/Util/Util.so > MailScann 27050 root mem REG 3,3 116948 22479915 > /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/DBI/DBI.so > MailScann 27050 root mem REG 3,3 33648 22320202 > /usr/lib/libkrb5support.so.0.1 > MailScann 27050 root mem REG 3,3 25112 29427192 > /lib/libnss_ensimvwh.so.2 > MailScann 27050 root mem REG 3,3 1241936 29425880 > /lib/libcrypto.so.0.9.8b > MailScann 27050 root mem REG 3,3 1157072 29427153 > /lib/libcrypto.so.0.9.7a > MailScann 27050 root mem REG 3,3 56413584 22330259 > /usr/lib/locale/locale-archive > MailScann 27050 root 0r CHR 1,3 1223 /dev/null > MailScann 27050 root 1w CHR 1,3 1223 /dev/null > MailScann 27050 root 2w CHR 1,3 1223 /dev/null > MailScann 27050 root 3u unix 0xf35fbb80 184178683 socket > MailScann 27050 root 4r REG 3,3 56745 23363698 > /usr/lib/MailScanner/MailScanner/CustomConfig.pm > MailScann 27050 root 5r REG 3,3 19933 23363697 > /usr/lib/MailScanner/MailScanner/ConfigDefs.pl > MailScann 27050 root 6r REG 3,3 2727 23363699 > /usr/lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm > MailScann 27050 root 7uR REG 3,3 0 23003257 > /var/lib/clamav/.dbLock > MailScann 27050 root 8r DIR 3,3 4096 23003255 > /var/lib/clamav > MailScann 27050 root 9uR REG 3,3 0 23040417 > /var/lib/clamav/main.inc/.dbLock > MailScann 27050 root 10r DIR 3,3 4096 23040410 > /var/lib/clamav/main.inc > MailScann 27050 root 11r REG 3,3 7864180 23040420 > /var/lib/clamav/main.inc/main.mdb > [root@ns1 images]# > > > > > Thanks if you can help > > M > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Wed Apr 16 22:13:25 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Apr 16 22:14:09 2008 Subject: Opinion on X-AntiAbuse: headers? Message-ID: <48066BF5.6000801@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, This might be pushing the boundry of being on or off-topic. But does anyone know when valid email actually contain X-AntiAbuse: headers? So far (2 years now) I have only seen them in spam and never in legit traffic. I think over 90% of the times it is a poorly managed website with some broken email script. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBmvzBvzDRVjxmYERAhmkAJ0ddHfZ4E0cL/CScS9YxpKaq9AjpgCfbcq3 K6NLJektaMJEEtMMiRwsvWs= =iVCF -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Wed Apr 16 22:42:40 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 16 22:43:33 2008 Subject: Opinion on X-AntiAbuse: headers? In-Reply-To: <48066BF5.6000801@vanderkooij.org> References: <48066BF5.6000801@vanderkooij.org> Message-ID: <480672D0.5050600@ecs.soton.ac.uk> Hugo van der Kooij wrote: > * PGP Signed by an unverified key: 04/16/08 at 22:13:23 > > Hi, > > This might be pushing the boundry of being on or off-topic. Since when did that stop anyone? :-) > > But does anyone know when valid email actually contain X-AntiAbuse: > headers? When a non-spammer puts them in by mistake? They certainly aren't worth the 0's and 1's they are written in. > So far (2 years now) I have only seen them in spam and never in legit > traffic. I think over 90% of the times it is a poorly managed website > with some broken email script. They may actually be a good indication of spam. Ask the SA folks what they think. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Wed Apr 16 22:57:42 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Apr 16 22:58:29 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> Message-ID: <48067656.2030701@farrows.org> Glenn Steen wrote: > On 16/04/2008, Peter Farrow wrote: > >> Matt Kettler wrote: >> >> >>> Budi Febrianto wrote: >>> >>> >>>> Dear All, >>>> >>>> I know this OOT, but because many sendmail experts in here, I give it a >>>> >> shot. >> >>>> I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. >>>> >>>> Whenever my users sent emails to certain domains, it will rejected with >>>> >> this error. >> >>>> >>>>> >>>> 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus >>>> >> helo xxx.xxx.xxx.xxx) >> >>>> >>>>> >>>> >>>> I'm not sure what happen, because I don't have the same problem with >>>> >> others domain. >> >>> Your system is issuing a HELO in IP format, which is RFC compliant, but >>> >> some view this as a sign a system isn't properly configured and will refuse >> mail from such systems. >> >>> However, more troublesome is your system is issuing a HELO in IP format >>> >> using a private-range non-routable IP, 10.10.16.24. This is blatantly bogus >> when communicating with hosts outside your network, as those hosts will >> never be able to route to 10.10.16.24 and reach your server. (The original >> intent, although outdated, is for the HELO to be usable as a hint for where >> to return mail to if DNS fails to generate a MX or implicit MX record. >> Generating private IPs here is clearly contrary to that.) >> >>> Ultimately, it's up to the administrator of the system you're trying to >>> >> contact to tell you why he's filtering you. Those are purely guesses on my >> part, based on looking at the HELO's your server issued, and general >> knowledge of what some admins do for filtering that not everyone does. >> >> I agree, technically its against RFC to block email based on a bad helo see >> RFC 2821, however none of the systems I administer will accept an obviously >> bogus hello, this is very effective at MTA level in controlling the entry of >> spam into the mailscanner. >> >> RFC 2821 >> "However, the server MUST NOT refuse to accept a message for >> this reason if the verification fails" >> > This only pertain to verification (via DNS) of the address. If the > adress doesn't follow the norm for a FQDN (the letter of the law, so > to speak), you are quite right to reject it. > Matt and I hashed this over a while back, go look in the archives (or > both RFC1123 (which manage HELO) and 2821 (for EHLO))...;-) > > >> Its up to you how you handle it, but more and more servers will refuse a >> bad helo even though technically they shouldn't. >> > ... oh yes they should... at least if the form (a plain word, or > malformed address literal... or somesuch) is wrong. But you are right > in that RFC1123/2821 demand that you don't reject based on a DNS > verification (although you're free to do one... Whatever good that > would do:-). > > > >> Pete >> >> >> > > Cheers > Glen, Not quite right there my friend.... No disrespect and this is a moot point since all the servers I configure reject based on a bogus helo the RFC says "if possible" and "MUST NOT", which is not obligatory, which means technically a bogus helo is not a good enough reason to reject( even though I do), so, on a point of "internet law" you're in the wrong for rejecting based exclusively on bogus helos. However the defacto standard and general good practice would dictate that yes indeed it is valid thing to do... If you want to be really picky here is the text verbatim from 2821 ----------- The SMTP client MUST, if possible, ensure that the domain parameter to the EHLO command is a valid principal host name (not a CNAME or MX name) for its host. If this is not possible (e.g., when the client's address is dynamically assigned and the client does not have an obvious name), an address literal SHOULD be substituted for the domain name and supplemental information provided that will assist in identifying the client. An SMTP server MAY verify that the domain name parameter in the EHLO command actually corresponds to the IP address of the client. However, the server MUST NOT refuse to accept a message for this reason if the verification fails: the information about verification failure is for logging and tracing only. --------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/11ce87f8/attachment.html From ssilva at sgvwater.com Wed Apr 16 23:06:32 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 16 23:07:12 2008 Subject: Unable to sa-compile In-Reply-To: References: Message-ID: on 4-16-2008 1:01 PM Gregory Wong spake the following: > root@smtp1:~# which dccproc > /usr/bin/dccproc > Then try changing the dcc path in your /etc/MailScanner/spam.assassin.prefs.conf file to match the above and try the sa-compile again. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/92565cc0/signature.bin From ms-list at alexb.ch Wed Apr 16 23:20:25 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Apr 16 23:21:03 2008 Subject: Opinion on X-AntiAbuse: headers? In-Reply-To: <48066BF5.6000801@vanderkooij.org> References: <48066BF5.6000801@vanderkooij.org> Message-ID: <48067BA9.6020601@alexb.ch> On 4/16/2008 11:13 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > This might be pushing the boundry of being on or off-topic. > > But does anyone know when valid email actually contain X-AntiAbuse: > headers? > > So far (2 years now) I have only seen them in spam and never in legit > traffic. I think over 90% of the times it is a poorly managed website > with some broken email script. iirc Cpanel/Exim adds these to all msgs Alex From gwong at linktechit.com Thu Apr 17 00:22:23 2008 From: gwong at linktechit.com (Gregory Wong) Date: Thu Apr 17 00:23:13 2008 Subject: Unable to sa-compile In-Reply-To: Message-ID: Thanks Scott. That seems to have worked but now I am getting the following error message: re2c -i -b -o scanner1.c scanner1.re Can't exec "re2c": No such file or directory at /usr/local/bin/sa-compile line 287, <$fh> line 980. command failed! at /usr/local/bin/sa-compile line 288, <$fh> line 980. Any suggestions? On 4/16/08 6:06 PM, "Scott Silva" wrote: on 4-16-2008 1:01 PM Gregory Wong spake the following: > root@smtp1:~# which dccproc > /usr/bin/dccproc > Then try changing the dcc path in your /etc/MailScanner/spam.assassin.prefs.conf file to match the above and try the sa-compile again. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080416/cad36aac/attachment.html From krgehlba at lexairinc.com Thu Apr 17 01:58:21 2008 From: krgehlba at lexairinc.com (Renee Gehlbach) Date: Thu Apr 17 01:58:54 2008 Subject: MCP broke after upgrade In-Reply-To: <48052B68.1010803@ecs.soton.ac.uk> References: <4804DACE.4060700@lexairinc.com> <4804E852.3020405@ecs.soton.ac.uk> <480505E6.5020407@lexairinc.com> <48052B68.1010803@ecs.soton.ac.uk> Message-ID: <4806A0AD.8070000@lexairinc.com> Julian Field wrote: > > > Renee Gehlbach wrote: >> Julian Field wrote: >>>> spamassassin -p /usr/local/etc/Mailscanner/mcp --lint -D >>> If that doesn't say the rules are being read in, then it's not a >>> MailScanner problem. You need to get that to read the rules, and >>> admit to it, first. >> I am unsure whether had just previously overlooked it, or whether I >> have changed a setting which changed the output since I last >> carefully read that output, but current output from spamassassin -p >> /usr/local/etc/Mailscanner/mcp --lint -D does include: >> [6916] dbg: config: read file >> /usr/local/etc/mail/spamassassin/mailscanner.cf >> [6916] dbg: config: using "/usr/local/etc/MailScanner/mcp/" for user >> prefs file >> [6916] dbg: config: read file >> /usr/local/etc/MailScanner/mcp//10_example.cf >> [6916] dbg: config: read file >> /usr/local/etc/MailScanner/mcp//bad.words.body.cf >> [6916] dbg: config: read file >> /usr/local/etc/MailScanner/mcp//bad.words.from.cf >> [6916] dbg: config: read file >> /usr/local/etc/MailScanner/mcp//bad.words.subject.cf > That's a good start. Now, if you use "Run As User", then su to the > user you have set there, and run the command again. Can it still read > the files? > > Do the "last accessed" (ls -lu) date stamps on the cf files change > when you start up MailScanner and push a message through it? Best way > to test it is to do something like this: > cd /usr/local/etc/MailScanner/mcp > ls -lu > sleep 60 # (or just wait a minute or 2, go get a cup of coffee) > MailScanner --debug --debug-sa > ls -lu > and see if the times have changed on the files. If they haven't > changed, then it's never seeing your cf files for some reason, and > that's where you should start looking. If they have changed, then it's > reading them but not triggering the rules or adding up the scores or > something like that. This is all fairly basic diagnostic stuff which > you could do with learning :-) so hopefully you'll learn a few tricks > from this analysis as you go along. :-) > > Jules > I do not use "Run as User". MailScanner runs as root, and yes root has access to those files & directories =) The access times do change on the files. I do have "Detailed MCP Report" set to yes, so we should see if a rule is triggered, and nothing is showing as being triggered. This includes the sample rules in 10_example.cf Thanks, Renee From davejones70 at gmail.com Thu Apr 17 02:01:11 2008 From: davejones70 at gmail.com (Dave Jones) Date: Thu Apr 17 02:01:45 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804161801t7fe27380m918f91dea03c3e4c@mail.gmail.com> >Dave Jones wrote: >> Version 4.68 solved the problem. The image is being displayed properly. >> >> Now, the next issue. I need to find a way to only attach it once on >> the initial outbound email. My testing shows that it is attaching it >> multiple times so replies back and forth are growing and growing in >> size which is not good. I will research how to prevent multiple >> attachments. Any ideas would be much appreciated. >> >It will do that. Any ideas are most welcome, I couldn't immediately >think of a good solution. After all, how do you know that > is *your* signature.jpg and not someone else's? If I was >setting it up for a lot of people, I would always use the same filename >in the HTML to make it easier to configure for different people. >The only thing I could think of is to walk the entire MIME tree looking >for images, and check their size (and even contents?) against the >signature image you're trying to add. If you find it, try to point the >signature at it. But what do you then do, start editing the HTML >signature automatically? Eek :-( >Lightweight solutions are most welcome. In the mean time the 0.01% >(approx) of internet traffic that is email will have to be slightly more >than it might be otherwise. It's a way to go before it reaches the >amount of Bit-Torrent traffic :-) >Jules Would it be possible to use some tag in the html so that MailScanner could evaluate/find to not duplicate if found? Maybe use the alt= text to determine if the image and the alt= text already exists? Or if there is an accurate method to detect a reply or forward from the headers and have a MailScanner.conf option or rule to only include it on original emails and not reply or forwards similar to how most email clients work. -- Dave Jones From hvdkooij at vanderkooij.org Thu Apr 17 06:03:29 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 17 06:04:13 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <48067656.2030701@farrows.org> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> Message-ID: <4806DA21.9000602@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Farrow wrote: | Glenn Steen wrote: |> On 16/04/2008, Peter Farrow wrote: |> |>> Matt Kettler wrote: |>> |>> |>>> Budi Febrianto wrote: |>>> |>>> |>>>> Dear All, |>>>> |>>>> I know this OOT, but because many sendmail experts in here, I give it a |>>>> |>> shot. |>> |>>>> I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. |>>>> |>>>> Whenever my users sent emails to certain domains, it will rejected with |>>>> |>> this error. |>> |>>>> >>>>> |>>>> 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus |>>>> |>> helo xxx.xxx.xxx.xxx) |>> |>>>> >>>>> |>>>> |>>>> I'm not sure what happen, because I don't have the same problem with |>>>> |>> others domain. |>> |>>> Your system is issuing a HELO in IP format, which is RFC compliant, but |>>> |>> some view this as a sign a system isn't properly configured and will refuse |>> mail from such systems. |>> |>>> However, more troublesome is your system is issuing a HELO in IP format |>>> |>> using a private-range non-routable IP, 10.10.16.24. This is blatantly bogus |>> when communicating with hosts outside your network, as those hosts will |>> never be able to route to 10.10.16.24 and reach your server. (The original |>> intent, although outdated, is for the HELO to be usable as a hint for where |>> to return mail to if DNS fails to generate a MX or implicit MX record. |>> Generating private IPs here is clearly contrary to that.) |>> |>>> Ultimately, it's up to the administrator of the system you're trying to |>>> |>> contact to tell you why he's filtering you. Those are purely guesses on my |>> part, based on looking at the HELO's your server issued, and general |>> knowledge of what some admins do for filtering that not everyone does. |>> |>> I agree, technically its against RFC to block email based on a bad helo see |>> RFC 2821, however none of the systems I administer will accept an obviously |>> bogus hello, this is very effective at MTA level in controlling the entry of |>> spam into the mailscanner. |>> |>> RFC 2821 >> "However, the server MUST NOT refuse to accept a message for |>> this reason if the verification fails" |>> |> This only pertain to verification (via DNS) of the address. If the |> adress doesn't follow the norm for a FQDN (the letter of the law, so |> to speak), you are quite right to reject it. |> Matt and I hashed this over a while back, go look in the archives (or |> both RFC1123 (which manage HELO) and 2821 (for EHLO))...;-) |> |> |>> Its up to you how you handle it, but more and more servers will refuse a |>> bad helo even though technically they shouldn't. |>> |> ... oh yes they should... at least if the form (a plain word, or |> malformed address literal... or somesuch) is wrong. But you are right |> in that RFC1123/2821 demand that you don't reject based on a DNS |> verification (although you're free to do one... Whatever good that |> would do:-). |> |> |> |>> Pete |>> |>> |>> |> |> Cheers |> | Glen, | | Not quite right there my friend.... | | No disrespect and this is a moot point since all the servers I configure | reject based on a bogus helo the RFC says "if possible" and "MUST NOT", | which is not obligatory, which means technically a bogus helo is not a | good enough reason to reject( even though I do), so, on a point of | "internet law" you're in the wrong for rejecting based exclusively on | bogus helos. However the defacto standard and general good practice | would dictate that yes indeed it is valid thing to do... | | If you want to be really picky here is the text verbatim from 2821 | | ----------- | The SMTP client MUST, if possible, ensure that the domain parameter to | the EHLO command is a valid principal host name (not a CNAME or MX name) | for its host. If this is not possible (e.g., when the client's address | is dynamically assigned and the client does not have an obvious name), | an address literal SHOULD be substituted for the domain name and | supplemental information provided that will assist in identifying the | client. An SMTP server MAY verify that the domain name parameter in the | EHLO command actually corresponds to the IP address of the client. | However, the server MUST NOT refuse to accept a message for this reason | if the verification fails: the information about verification failure is | for logging and tracing only. | --------- I think the principal concern with rejects here was not about policies on the receiving SMP servers but the generic concern one should not reject in case your DNS server is not working (properly). Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBtofBvzDRVjxmYERAkWpAJ4l6ZofCSr7WX0d2Qg2UtzXQAO6ygCfQP+P 60MAHfa1CBIJUz4J9nqp2lg= =CNHM -----END PGP SIGNATURE----- From dickenson at cfmc.com Thu Apr 17 06:06:31 2008 From: dickenson at cfmc.com (Jim Dickenson) Date: Thu Apr 17 06:07:22 2008 Subject: OT: Ideas as to best way to do this Message-ID: My company has decided to have Google Apps handle our email. The problem is there are some email addresses for our domain that I would like to continue to deliver locally. The options as I see them are: 1 - accept all email on Google Apps and then use nicknames and forward email to the various nicknames to addresses on my mail server to be delivered locally. 2 - receive all email on my server and then use virtusertable and/or mailertable to pass the email on to Google Apps, delivering the rest locally. The downside of 1 is that at best the email is in a trash folder on Google Apps as I do not see a way to permanently delete mail with a filter. I can forward to a usable place and delete it but not get rid of it completely. With option 2 I would not want to have MailScanner process, in any way, the mail that is forwarded on to Google Apps, just the email to be delivered locally. I do not know if there is a way to use multiple instances of sendmail to sort the mail and pass some out to Google and the other onto MailScanner and then get delivered locally. Ideally I would like to do this with one computer. I could do option 2 with a virtual server to do the sorting and then either another virtual or a real server, on the same hardware, to deal with the local delivered mail. Ideas you all can think of would be greatly appreciated. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ From MailScanner at ecs.soton.ac.uk Thu Apr 17 08:51:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 08:52:36 2008 Subject: Unable to sa-compile In-Reply-To: References: Message-ID: <48070193.9050804@ecs.soton.ac.uk> Well, as it says, it can't find "re2c". Which would tend to make me think you haven't installed "re2c". So I suggest you install "re2c". You can get it from http://dag.wieers.com/rpm/packages. *please* read error messages :-) Gregory Wong wrote: > Thanks Scott. That seems to have worked but now I am getting the > following error message: > > re2c -i -b -o scanner1.c scanner1.re > Can't exec "re2c": No such file or directory at > /usr/local/bin/sa-compile line 287, <$fh> line 980. > command failed! at /usr/local/bin/sa-compile line 288, <$fh> line 980. > > Any suggestions? > > > On 4/16/08 6:06 PM, "Scott Silva" wrote: > > on 4-16-2008 1:01 PM Gregory Wong spake the following: > > root@smtp1:~# which dccproc > > /usr/bin/dccproc > > > Then try changing the dcc path in your > /etc/MailScanner/spam.assassin.prefs.conf file to match the above > and try the > sa-compile again. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Apr 17 09:39:36 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 17 09:40:13 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <48067656.2030701@farrows.org> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> Message-ID: <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> On 16/04/2008, Peter Farrow wrote: > > Glenn Steen wrote: > On 16/04/2008, Peter Farrow wrote: > > > Matt Kettler wrote: > > > > Budi Febrianto wrote: > > > > Dear All, > > I know this OOT, but because many sendmail experts in here, I give it a > > shot. > > > > I'm using sendmail-8.13.8-2.el5 with MailScanner 4.65.3. > > Whenever my users sent emails to certain domains, it will rejected with > > this error. > > > > >>>>> > 553 yyy.yyy.yyy.yyy rejected due to spam, contact 555-505-5555 (bogus > > helo xxx.xxx.xxx.xxx) > > > > >>>>> > > I'm not sure what happen, because I don't have the same problem with > > others domain. > > > Your system is issuing a HELO in IP format, which is RFC compliant, but > > some view this as a sign a system isn't properly configured and will refuse > mail from such systems. > > > However, more troublesome is your system is issuing a HELO in IP format > > using a private-range non-routable IP, 10.10.16.24. This is blatantly bogus > when communicating with hosts outside your network, as those hosts will > never be able to route to 10.10.16.24 and reach your server. (The original > intent, although outdated, is for the HELO to be usable as a hint for where > to return mail to if DNS fails to generate a MX or implicit MX record. > Generating private IPs here is clearly contrary to that.) > > > Ultimately, it's up to the administrator of the system you're trying to > > contact to tell you why he's filtering you. Those are purely guesses on my > part, based on looking at the HELO's your server issued, and general > knowledge of what some admins do for filtering that not everyone does. > > I agree, technically its against RFC to block email based on a bad helo see > RFC 2821, however none of the systems I administer will accept an obviously > bogus hello, this is very effective at MTA level in controlling the entry of > spam into the mailscanner. > > RFC 2821 >> "However, the server MUST NOT refuse to accept a message for > this reason if the verification fails" > > This only pertain to verification (via DNS) of the address. If the > adress doesn't follow the norm for a FQDN (the letter of the law, so > to speak), you are quite right to reject it. > Matt and I hashed this over a while back, go look in the archives (or > both RFC1123 (which manage HELO) and 2821 (for EHLO))...;-) > > > > Its up to you how you handle it, but more and more servers will refuse a > bad helo even though technically they shouldn't. > > ... oh yes they should... at least if the form (a plain word, or > malformed address literal... or somesuch) is wrong. But you are right > in that RFC1123/2821 demand that you don't reject based on a DNS > verification (although you're free to do one... Whatever good that > would do:-). > > > > > Pete > > > > Cheers > > Glen, > > Not quite right there my friend.... :-) Look again... This is all about DNS address verification. Not relevant to the rejection of a malformed HELO/EHLO. The RFCs actually _demand_ that you reject those. > No disrespect and this is a moot point since all the servers I configure > reject based on a bogus helo the RFC says "if possible" and "MUST NOT", > which is not obligatory, which means technically a bogus helo is not a good > enough reason to reject( even though I do), so, on a point of "internet law" > you're in the wrong for rejecting based exclusively on bogus helos. However > the defacto standard and general good practice would dictate that yes indeed > it is valid thing to do... > > If you want to be really picky here is the text verbatim from 2821 > > ----------- > The SMTP client MUST, if possible, ensure that the domain parameter to the > EHLO command is a valid principal host name (not a CNAME or MX name) for its > host. If this is not possible (e.g., when the client's address is > dynamically assigned and the client does not have an obvious name), an > address literal SHOULD be substituted for the domain name and supplemental > information provided that will assist in identifying the client. An SMTP > server MAY verify that the domain name parameter in the EHLO command > actually corresponds to the IP address of the client. However, the server > MUST NOT refuse to accept a message for this reason if the verification > fails: the information about verification failure is for logging and tracing > only. > --------- Yes, this is correct ... it states that you cannot use DNS for rejections. This is entirely beside the point. Go read the thread if you like the nitty gritty details (I'm too lazy to find the relevant quotes again). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Apr 17 09:56:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 09:57:37 2008 Subject: Graphic inline Signature - 4.69.5 released In-Reply-To: <67a55ed50804161801t7fe27380m918f91dea03c3e4c@mail.gmail.com> References: <67a55ed50804161801t7fe27380m918f91dea03c3e4c@mail.gmail.com> Message-ID: <480710D2.30008@ecs.soton.ac.uk> Dave Jones wrote: >> Dave Jones wrote: >> >>> Version 4.68 solved the problem. The image is being displayed properly. >>> >>> Now, the next issue. I need to find a way to only attach it once on >>> the initial outbound email. My testing shows that it is attaching it >>> multiple times so replies back and forth are growing and growing in >>> size which is not good. I will research how to prevent multiple >>> attachments. Any ideas would be much appreciated. >>> >>> >> It will do that. Any ideas are most welcome, I couldn't immediately >> think of a good solution. After all, how do you know that >> is *your* signature.jpg and not someone else's? If I was >> setting it up for a lot of people, I would always use the same filename >> in the HTML to make it easier to configure for different people. >> > > >> The only thing I could think of is to walk the entire MIME tree looking >> for images, and check their size (and even contents?) against the >> signature image you're trying to add. If you find it, try to point the >> signature at it. But what do you then do, start editing the HTML >> signature automatically? Eek :-( >> > > >> Lightweight solutions are most welcome. In the mean time the 0.01% >> (approx) of internet traffic that is email will have to be slightly more >> than it might be otherwise. It's a way to go before it reaches the >> amount of Bit-Torrent traffic :-) >> > > >> Jules >> > Would it be possible to use some tag in the html so that MailScanner > could evaluate/find to not duplicate if found? Maybe use the alt= > text to determine if the image and the alt= text already exists? Or > if there is an accurate method to detect a reply or forward from the > headers and have a MailScanner.conf option or rule to only include it > on original emails and not reply or forwards similar to how most email > clients work. > Very good, I like it. So now you can do it :-) I've just released 4.69.5 which can do this. In your signature's tag, you must have an "alt" attribute which contains "MailScanner Signature". It actually a case-insensitive match on "mailscanner.*signature" so you can have anything followed by the word "mailscanner" followed by anything followed by the word "signature" followed by anything. So you can tweak the text quite a lot and it will still work. Please can you let me know if this does the behaviour that you want. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Thu Apr 17 10:33:53 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Apr 17 10:34:40 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: References: Message-ID: <48071981.2040507@farrows.org> Jim Dickenson wrote: > My company has decided to have Google Apps handle our email. The problem is > there are some email addresses for our domain that I would like to continue > to deliver locally. > > The options as I see them are: > > 1 - accept all email on Google Apps and then use nicknames and forward email > to the various nicknames to addresses on my mail server to be delivered > locally. > > 2 - receive all email on my server and then use virtusertable and/or > mailertable to pass the email on to Google Apps, delivering the rest > locally. > > The downside of 1 is that at best the email is in a trash folder on Google > Apps as I do not see a way to permanently delete mail with a filter. I can > forward to a usable place and delete it but not get rid of it completely. > > With option 2 I would not want to have MailScanner process, in any way, the > mail that is forwarded on to Google Apps, just the email to be delivered > locally. I do not know if there is a way to use multiple instances of > sendmail to sort the mail and pass some out to Google and the other onto > MailScanner and then get delivered locally. > > Ideally I would like to do this with one computer. I could do option 2 with > a virtual server to do the sorting and then either another virtual or a real > server, on the same hardware, to deal with the local delivered mail. > > Ideas you all can think of would be greatly appreciated. > Just to let you know, all google servers are hopeless at handling email to greylisting systems. You can expect BIG delays as they don't maintain state on smtp queues. This is the problem: A company has its domain and emails handled by google, a person in the company sends an email out through googles system to a remove destination that uses greylisting. The email is temp failed as part of the greylisting process, so google mail server tosses the email back into their "pot of mail queue". Later another (probably different) google mail server takes this message from the queue and retries, but as its now a different server, it gets greylisted again because its from a different machine this time. The mail will finally get delivered when either all servers have been around the loop at google, or it randomly hits on the same relay to retry again. Typically we see delays of 5hours plus in some cases with google based clients, google are the only sending organisation that has this problem. Message labs have a similar problem, but I am quite happy to whitelist them for now as they are not a source of spam... As greylisting becomes more popular this will become a huge problem. Typically a greylisting system admin would whitelist google servers to get round their problem, however, as google is in the top 100 list of spam sources whitelisting their mail relays is a very bad idea.... Regards Pete From jan-peter at koopmann.eu Thu Apr 17 11:14:14 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Thu Apr 17 11:15:31 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: References: Message-ID: > Just to let you know, all google servers are hopeless at handling email > to greylisting systems. > > You can expect BIG delays as they don't maintain state on smtp queues. Agreed. Just for the record: This is not really a google problem but a problem coming from inefficient greylisting implementations. Have a look at BarricadeMX. Their greylisting implementation does not suffer from this particular problem. > Typically a greylisting system admin would whitelist google servers to > get round their problem, however, as google is in the top 100 list of > spam sources whitelisting their mail relays is a very bad idea.... Or use better greylisting algorithms.. :-) From ms-list at alexb.ch Thu Apr 17 12:24:14 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Apr 17 12:24:54 2008 Subject: Esets AV nor recognized by MailScanner Message-ID: <4807335E.309@alexb.ch> Using latest MS release and Esets AV (ex Nod32) on a test box. "Virus Scanners = auto" doesn't recognize "# esets from www.eset.com" Setting "Virus Scanners = esets" doesn't work either Can anyone reproduce? Thanks Alex From uxbod at splatnix.net Thu Apr 17 12:41:55 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Apr 17 12:42:57 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <4807335E.309@alexb.ch> Message-ID: <11678023.241208432515738.JavaMail.root@office.splatnix.net> > Using latest MS release and Esets AV (ex Nod32) on a test box. > > "Virus Scanners = auto" doesn't recognize > "# esets from www.eset.com" > > Setting "Virus Scanners = esets" doesn't work either > > Can anyone reproduce? > > Thanks > > Alex Alex, is virus.scanners.conf correct for its path ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Thu Apr 17 12:46:07 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Apr 17 12:46:47 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: References: Message-ID: <625385e30804170446k1f7aba43wf64d9eda5a03f0f4@mail.gmail.com> On Thu, Apr 17, 2008 at 12:14 PM, Koopmann, Jan-Peter wrote: > > Just to let you know, all google servers are hopeless at handling > email > > to greylisting systems. > > > > You can expect BIG delays as they don't maintain state on smtp queues. > > Agreed. Just for the record: This is not really a google problem but a > problem coming from inefficient greylisting implementations. Have a look > at BarricadeMX. Their greylisting implementation does not suffer from > this particular problem. How do they do it then? -- /peter From Robert.Meurlin at se.fujitsu.com Thu Apr 17 13:20:46 2008 From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert) Date: Thu Apr 17 13:22:03 2008 Subject: SV: a lot of mail delivery failed mail slips trough the filter In-Reply-To: <223f97700804070110t5d421443m9a82743e1964e397@mail.gmail.com> References: <797363C57EE0884786F428AAABCD469201490BD9@sea0120sex2.nordic.x> <223f97700804070110t5d421443m9a82743e1964e397@mail.gmail.com> Message-ID: <797363C57EE0884786F428AAABCD469201490C3D@sea0120sex2.nordic.x> "If they are truly sent from <> (a.k.a. MAILER-DAEMON:-), the Watermark feature of a fairly recent MailScanner can help a bit, or perhaps milter-null. If they're not really DSNs, only pretending... other measures are what you need." I tried the watermark feature but it stil causes problems for a few users. This morning one had about 120 of these failure notice mail in here inbox. When I look at same person but some days before it is okay not many as this night. When I look in mailwatch a lot of these "failure notice spam" has passed through "SpamAssassin Autolearn" I have seen this problem coming more and more the last couple of weeks. Anyone got anymore tip how to stop them? Rob. -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Glenn Steen Skickat: den 7 april 2008 10:10 Till: MailScanner discussion ?mne: Re: a lot of mail delivery failed mail slips trough the filter On 07/04/2008, Meurlin Robert wrote: > > > Hello, > i have seen recent week that a lot of spam that have these subject lines: > failure notice > Delivery Status Notification (Failure) Delivery failure WARNING. Mail > Delayed Returned mail: see transcript for detail > > > slipps trough the filter, is there any other way to stop them without > > header FRIEND_GREETINGS7 Subject =~ /Delivery Status Notification > (Failure)/i > describe FRIEND_GREETINGS7 blabla > > score FRIEND_GREETINGS7 100.0 > > > ? If they are truly sent from <> (a.k.a. MAILER-DAEMON:-), the Watermark feature of a fairly recent MailScanner can help a bit, or perhaps milter-null. If they're not really DSNs, only pretending... other measures are what you need. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Thu Apr 17 13:49:03 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Apr 17 13:50:04 2008 Subject: a lot of mail delivery failed mail slips trough the filter In-Reply-To: <797363C57EE0884786F428AAABCD469201490C3D@sea0120sex2.nordic.x> Message-ID: <5fd02446bc427d4c97a495c83a255d86@solidstatelogic.com> Rob There's a setting in MailScanner.conf where you can say what happens with an empty from and no watermark. By default this will be 'spam', which in my case I tag the subject and deliver. Yesterday I changed this to high scoring spam and it's helped a lot as I don't deliver this stuff. Treat Invalid Watermarks With No Sender as Spam = high-scoring spam This in the Watermarking section. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Meurlin Robert > Sent: 17 April 2008 13:21 > To: MailScanner discussion > Subject: SV: a lot of mail delivery failed mail slips trough the filter > > "If they are truly sent from <> (a.k.a. MAILER-DAEMON:-), the Watermark > feature of a fairly recent MailScanner can help a bit, or perhaps milter- > null. > If they're not really DSNs, only pretending... other measures are what you > need." > > I tried the watermark feature but it stil causes problems for a few users. > This morning one had about 120 of these failure notice mail in here inbox. > When I look at same person but some days before it is okay not many as > this night. > > When I look in mailwatch a lot of these "failure notice spam" has passed > through "SpamAssassin Autolearn" > > I have seen this problem coming more and more the last couple of weeks. > > Anyone got anymore tip how to stop them? > > Rob. > > > -----Ursprungligt meddelande----- > Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] F?r Glenn Steen > Skickat: den 7 april 2008 10:10 > Till: MailScanner discussion > ?mne: Re: a lot of mail delivery failed mail slips trough the filter > > On 07/04/2008, Meurlin Robert wrote: > > > > > > Hello, > > i have seen recent week that a lot of spam that have these subject > lines: > > failure notice > > Delivery Status Notification (Failure) Delivery failure WARNING. Mail > > Delayed Returned mail: see transcript for detail > > > > > > slipps trough the filter, is there any other way to stop them without > > > > header FRIEND_GREETINGS7 Subject =~ /Delivery Status Notification > > (Failure)/i > > describe FRIEND_GREETINGS7 blabla > > > > score FRIEND_GREETINGS7 100.0 > > > > > > ? > If they are truly sent from <> (a.k.a. MAILER-DAEMON:-), the Watermark > feature of a fairly recent MailScanner can help a bit, or perhaps milter- > null. > If they're not really DSNs, only pretending... other measures are what you > need. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ms-list at alexb.ch Thu Apr 17 13:50:02 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Apr 17 13:50:45 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <11678023.241208432515738.JavaMail.root@office.splatnix.net> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> Message-ID: <4807477A.6060801@alexb.ch> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: >> Using latest MS release and Esets AV (ex Nod32) on a test box. >> >> "Virus Scanners = auto" doesn't recognize >> "# esets from www.eset.com" >> >> Setting "Virus Scanners = esets" doesn't work either >> >> Can anyone reproduce? >> >> Thanks >> >> Alex > > Alex, is virus.scanners.conf correct for its path ? > HA! virus.scanners.conf: esets /usr/lib/MailScanner/esets-wrapper /usr/local/esets [axb@mst1 ~]# whereis esets_scan esets_scan: /usr/sbin/esets_scan Running on Centos 4/5, intalled Eset from RPM. How & when the "/usr/local/esets" showed up. Apr 17 14:47:50 ms1 MailScanner[27798]: I have found clamavmodule esets scanners installed, and will use them all by default. LOVELY thanks a bunch! Alex From jan-peter at koopmann.eu Thu Apr 17 14:00:42 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Thu Apr 17 14:01:44 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: References: Message-ID: > How do they do it then? http://www.snertsoft.com/smtp/smtpf/smtpf-cf.html#smtpf_grey_list By taking the PTR record and removing the first label. So greylisting considers mail1.google.com the same server as mail2.google.com. Regards, JP From davejones70 at gmail.com Thu Apr 17 14:00:00 2008 From: davejones70 at gmail.com (Dave Jones) Date: Thu Apr 17 14:07:42 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804170600v4b24a70v3ce299839a1f25cf@mail.gmail.com> >> Would it be possible to use some tag in the html so that MailScanner >> could evaluate/find to not duplicate if found? Maybe use the alt= >> text to determine if the image and the alt= text already exists? Or >> if there is an accurate method to detect a reply or forward from the >> headers and have a MailScanner.conf option or rule to only include it >> on original emails and not reply or forwards similar to how most email >> clients work. >> >Very good, I like it. So now you can do it :-) >I've just released 4.69.5 which can do this. >In your signature's tag, you must have an "alt" attribute which >contains "MailScanner Signature". >It actually a case-insensitive match on "mailscanner.*signature" so you >can have anything followed by the word "mailscanner" followed by >anything followed by the word "signature" followed by anything. So you >can tweak the text quite a lot and it will still work. >Please can you let me know if this does the behaviour that you want. The latest version is working much better by not attaching the jpg file a second time. However, it is still attaching the html file a second time so I see duplicate html at the bottom of the email. Would it make sense to also not append any html files that have the match on the "mailscanner.*signature" search when you don't attach the image file? My thinking is that they (the inline html and the image) are a pair and they should both be added on the first email and both skipped on subsequent emails. >Jules -- Dave Jones From mkettler at evi-inc.com Thu Apr 17 14:44:24 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Apr 17 14:45:12 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> Message-ID: <48075438.1070200@evi-inc.com> Glenn Steen wrote: >> >> Not quite right there my friend.... > :-) Look again... This is all about DNS address verification. Not > relevant to the rejection of a malformed HELO/EHLO. > The RFCs actually _demand_ that you reject those. > Actually, the RFCs do not demand you reject a malformed HELO, and you know that as well as I do. However, they do OK it when the malformed HELO will cause your Received: headers to violate RFC formats. Regardless it is still 100% RFC compliant to accept a malformed HELO if you don't ever quote it in a Received: header, or otherwise modify it so the Received: header you generate is compliant. Also, this thread is about using an IP as a HELO, which is NOT a malformed HELO per the RFCs. Therefore it is still against the RFCs to refuse mail because the HELO is an IP address. From MailScanner at ecs.soton.ac.uk Thu Apr 17 14:46:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 14:47:26 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804170600v4b24a70v3ce299839a1f25cf@mail.gmail.com> References: <67a55ed50804170600v4b24a70v3ce299839a1f25cf@mail.gmail.com> Message-ID: <480754C1.7040309@ecs.soton.ac.uk> Dave Jones wrote: >>> Would it be possible to use some tag in the html so that MailScanner >>> could evaluate/find to not duplicate if found? Maybe use the alt= >>> text to determine if the image and the alt= text already exists? Or >>> if there is an accurate method to detect a reply or forward from the >>> headers and have a MailScanner.conf option or rule to only include it >>> on original emails and not reply or forwards similar to how most email >>> clients work. >>> >>> >> Very good, I like it. So now you can do it :-) >> I've just released 4.69.5 which can do this. >> In your signature's tag, you must have an "alt" attribute which >> contains "MailScanner Signature". >> > > >> It actually a case-insensitive match on "mailscanner.*signature" so you >> can have anything followed by the word "mailscanner" followed by >> anything followed by the word "signature" followed by anything. So you >> can tweak the text quite a lot and it will still work. >> > > >> Please can you let me know if this does the behaviour that you want. >> > The latest version is working much better by not attaching the jpg > file a second time. > However, it is still attaching the html file a second time so I see > duplicate html at > the bottom of the email. > > Would it make sense to also not append any html files that have the match > on the "mailscanner.*signature" search when you don't attach the image file? > My thinking is that they (the inline html and the image) are a pair > and they should > both be added on the first email and both skipped on subsequent emails. > Most people want their sig added at the bottom, as otherwise the sig left at the bottom is that of the other person in the conversation. So you're sending out a mail with their sig at the bottom, which is a bit odd. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Apr 17 15:23:16 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Apr 17 15:23:53 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <48075438.1070200@evi-inc.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> <48075438.1070200@evi-inc.com> Message-ID: <223f97700804170723q681a681bre11600715ac5a9ff@mail.gmail.com> On 17/04/2008, Matt Kettler wrote: > Glenn Steen wrote: > > > > > > > > > > Not quite right there my friend.... > > > > > :-) Look again... This is all about DNS address verification. Not > > relevant to the rejection of a malformed HELO/EHLO. > > The RFCs actually _demand_ that you reject those. > > > > > > Actually, the RFCs do not demand you reject a malformed HELO, and you know > that as well as I do. However, they do OK it when the malformed HELO will :-) Yeah. > cause your Received: headers to violate RFC formats. Exactly. Next best thing. > Regardless it is still 100% RFC compliant to accept a malformed HELO if you > don't ever quote it in a Received: header, or otherwise modify it so the > Received: header you generate is compliant. Yup. > Also, this thread is about using an IP as a HELO, which is NOT a malformed > HELO per the RFCs. Therefore it is still against the RFCs to refuse mail > because the HELO is an IP address. Are you thinking "a plain word that looks like an IP address" then? Cause I'm pretty sure (boy am I going to get it... Haven't reread the exact wording:-) that the demand is for Ip address literals, like Steve points out, not a domain name looking like an IP address... Oh well. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From davejones70 at gmail.com Thu Apr 17 15:46:15 2008 From: davejones70 at gmail.com (Dave Jones) Date: Thu Apr 17 15:54:11 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804170746o34ebe336h458846668501365d@mail.gmail.com> >Dave Jones wrote: >>>> Would it be possible to use some tag in the html so that MailScanner >>>> could evaluate/find to not duplicate if found? Maybe use the alt= >>>> text to determine if the image and the alt= text already exists? Or >>>> if there is an accurate method to detect a reply or forward from the >>>> headers and have a MailScanner.conf option or rule to only include it >>>> on original emails and not reply or forwards similar to how most email >>>> clients work. >>>> >>>> >>> Very good, I like it. So now you can do it :-) >>> I've just released 4.69.5 which can do this. >>> In your signature's tag, you must have an "alt" attribute which >>> contains "MailScanner Signature". >>> >> >> >>> It actually a case-insensitive match on "mailscanner.*signature" so you >>> can have anything followed by the word "mailscanner" followed by >>> anything followed by the word "signature" followed by anything. So you >>> can tweak the text quite a lot and it will still work. >>> >> >> >>> Please can you let me know if this does the behaviour that you want. >>> >> The latest version is working much better by not attaching the jpg >> file a second time. >> However, it is still attaching the html file a second time so I see >> duplicate html at >> the bottom of the email. >> >> Would it make sense to also not append any html files that have the match >> on the "mailscanner.*signature" search when you don't attach the image file? >> My thinking is that they (the inline html and the image) are a pair >> and they should >> both be added on the first email and both skipped on subsequent emails. >> >Most people want their sig added at the bottom, as otherwise the sig >left at the bottom is that of the other person in the conversation. So >you're sending out a mail with their sig at the bottom, which is a bit odd. >Jules I don't understand why you think this is odd. The bottom most signature is the one in question since the html is getting appended to the email. The bottom of the email is normally the original email since email is top-post logic (unlike mailing lists). If you keep appending the same html to the bottom, it just stacks up the same thing over and over and you would end up with duplicate images and html text back to back which looks rather odd. So unless I am missing something, the current logic ends up being a bit odd after you reply back and forth a few times. -- Dave Jones From MailScanner at ecs.soton.ac.uk Thu Apr 17 16:24:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 16:25:25 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804170746o34ebe336h458846668501365d@mail.gmail.com> References: <67a55ed50804170746o34ebe336h458846668501365d@mail.gmail.com> Message-ID: <48076BB7.6020100@ecs.soton.ac.uk> Dave Jones wrote: >> Dave Jones wrote: >> >>>>> Would it be possible to use some tag in the html so that MailScanner >>>>> could evaluate/find to not duplicate if found? Maybe use the alt= >>>>> text to determine if the image and the alt= text already exists? Or >>>>> if there is an accurate method to detect a reply or forward from the >>>>> headers and have a MailScanner.conf option or rule to only include it >>>>> on original emails and not reply or forwards similar to how most email >>>>> clients work. >>>>> >>>>> >>>>> >>>> Very good, I like it. So now you can do it :-) >>>> I've just released 4.69.5 which can do this. >>>> In your signature's tag, you must have an "alt" attribute which >>>> contains "MailScanner Signature". >>>> >>>> >>> >>>> It actually a case-insensitive match on "mailscanner.*signature" so you >>>> can have anything followed by the word "mailscanner" followed by >>>> anything followed by the word "signature" followed by anything. So you >>>> can tweak the text quite a lot and it will still work. >>>> >>>> >>> >>>> Please can you let me know if this does the behaviour that you want. >>>> >>>> >>> The latest version is working much better by not attaching the jpg >>> file a second time. >>> However, it is still attaching the html file a second time so I see >>> duplicate html at >>> the bottom of the email. >>> >>> Would it make sense to also not append any html files that have the match >>> on the "mailscanner.*signature" search when you don't attach the image file? >>> My thinking is that they (the inline html and the image) are a pair >>> and they should >>> both be added on the first email and both skipped on subsequent emails. >>> >>> >> Most people want their sig added at the bottom, as otherwise the sig >> left at the bottom is that of the other person in the conversation. So >> you're sending out a mail with their sig at the bottom, which is a bit odd. >> > > >> Jules >> > I don't understand why you think this is odd. The bottom most > signature is the one > in question since the html is getting appended to the email. The > bottom of the email > is normally the original email since email is top-post logic (unlike > mailing lists). > *Content* is usually top-post these days, but *sigs* are usually bottom-post. > If you keep appending the same html to the bottom, it just stacks up > the same thing > over and over and you would end up with duplicate images and html text > back to back > which looks rather odd. So unless I am missing something, the current > logic ends up > being a bit odd after you reply back and forth a few times. > But it works the same way everyone else does. Most people accept that as being a setup they prefer, or they would have asked the vendors to change. The default is mail clients is to top-post new content, but to bottom-post new sigs. I'm just doing the same thing as them. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Thu Apr 17 17:08:21 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Apr 17 17:09:06 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <11678023.241208432515738.JavaMail.root@office.splatnix.net> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> Message-ID: <480775F5.6000006@alexb.ch> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: >> Using latest MS release and Esets AV (ex Nod32) on a test box. >> >> "Virus Scanners = auto" doesn't recognize >> "# esets from www.eset.com" >> >> Setting "Virus Scanners = esets" doesn't work either >> >> Can anyone reproduce? >> >> Thanks >> >> Alex > > Alex, is virus.scanners.conf correct for its path ? Hi [ UxBoD ] After MS recognizes Eset, it doesn't catch an Eicar.zip, which clamavmodule does. In "esets_wrapper" you've chosen to use esets_scan which doesn't speak to the daemon but has to load the signatures every time its called and is extremely slow. Seems we're still missing something. What OS did you use to test the wrapper & co? thanks Alex From mkettler at evi-inc.com Thu Apr 17 17:59:52 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Apr 17 18:00:59 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <223f97700804170723q681a681bre11600715ac5a9ff@mail.gmail.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> <48075438.1070200@evi-inc.com> <223f97700804170723q681a681bre11600715ac5a9ff@mail.gmail.com> Message-ID: <48078208.6050006@evi-inc.com> Glenn Steen wrote: > >> Also, this thread is about using an IP as a HELO, which is NOT a malformed >> HELO per the RFCs. Therefore it is still against the RFCs to refuse mail >> because the HELO is an IP address. > Are you thinking "a plain word that looks like an IP address" then? > Cause I'm pretty sure (boy am I going to get it... Haven't reread the > exact wording:-) that the demand is for Ip address literals, like > Steve points out, not a domain name looking like an IP address... > Oh well. Erm, I'm not sure what difference you're implying exists between "a plain word that looks like an IP address" and an "IP address literal". I'm also not sure what you mean by "a domain name looking like an IP address". The HELO string in question was "10.10.16.24", sans quotes, which matches RFC2821's definition of IPv4-address-literal in section 4.1.3, which is in turn a sub-type of address-literal in 4.1.2. This makes it 100% valid syntactically. Of course, exposing a non-routable IP as a HELO is obviously bogus information, but it is not syntactically invalid. Thus, blocking based on it is technically against the RFCs. However, I'd expect some sites will block this, since the information presented is obviously invalid. From sbanderson at impromed.com Thu Apr 17 18:55:28 2008 From: sbanderson at impromed.com (Scott B. Anderson) Date: Thu Apr 17 18:56:31 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <480775F5.6000006@alexb.ch> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> <480775F5.6000006@alexb.ch> Message-ID: <4B16C177313C70448BFF4C80789335B35E86C21E@ES1.impromed.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Alex Broens > Sent: Thursday, April 17, 2008 11:08 AM > To: MailScanner discussion > Subject: Re: Esets AV nor recognized by MailScanner > > On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: > >> Using latest MS release and Esets AV (ex Nod32) on a test box. > >> > >> "Virus Scanners = auto" doesn't recognize > >> "# esets from www.eset.com" > >> > >> Setting "Virus Scanners = esets" doesn't work either > >> > >> Can anyone reproduce? > >> > >> Thanks > >> > >> Alex > > > > Alex, is virus.scanners.conf correct for its path ? > > Hi [ UxBoD ] > > After MS recognizes Eset, it doesn't catch an Eicar.zip, which > clamavmodule does. > > In "esets_wrapper" you've chosen to use esets_scan which doesn't speak > to the daemon but has to load the signatures every time its called and > is extremely slow. > > Seems we're still missing something. What OS did you use to test the > wrapper & co? > > thanks > > Alex > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! This could probably be a new thread, but I had to manually change virus.scanners.conf also, so I was wondering if that possibly could be causing my issue using ESET. After updating my virus.scanners.conf to point to /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and finds the EICAR virus, but then this happens on a lot of mails: Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message", name="./m3HH31Pw024758.header", virus="", action="", info="error - unknown compression method ", lines=0 MailScanner -v Running on Linux ns1.impromed.com 2.6.17-1.2174_FC5smp #1 SMP Tue Aug 8 16:00:39 EDT 2006 i686 i686 i386 GNU/Linux This is Fedora release 8 (Werewolf) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.68.8 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.19 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.18 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.30 Archive::Tar 0.21 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.21 Mail::ClamAV 3.002004 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.33 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.52 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML I'm converting all HTML mail to text and running Clam, McAfee and ESET when this happens. If I remove ESET, MailScaner processes email normally. Not sure what I did wrong, or if ESET file security for linux rpm-based distributions is at fault. Scott Anderson From mikea at mikea.ath.cx Thu Apr 17 19:00:45 2008 From: mikea at mikea.ath.cx (mikea) Date: Thu Apr 17 19:01:27 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <48078208.6050006@evi-inc.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> <48075438.1070200@evi-inc.com> <223f97700804170723q681a681bre11600715ac5a9ff@mail.gmail.com> <48078208.6050006@evi-inc.com> Message-ID: <20080417180045.GC26750@mikea.ath.cx> On Thu, Apr 17, 2008 at 12:59:52PM -0400, Matt Kettler wrote: > Glenn Steen wrote: > > > > >> Also, this thread is about using an IP as a HELO, which is NOT a > >> malformed > >>HELO per the RFCs. Therefore it is still against the RFCs to refuse mail > >>because the HELO is an IP address. > >Are you thinking "a plain word that looks like an IP address" then? > >Cause I'm pretty sure (boy am I going to get it... Haven't reread the > >exact wording:-) that the demand is for Ip address literals, like > >Steve points out, not a domain name looking like an IP address... > >Oh well. > > Erm, I'm not sure what difference you're implying exists between "a plain > word that looks like an IP address" and an "IP address literal". I'm also > not sure what you mean by "a domain name looking like an IP address". > The HELO string in question was "10.10.16.24", sans quotes, which matches > RFC2821's definition of IPv4-address-literal in section 4.1.3, which is in > turn a sub-type of address-literal in 4.1.2. This makes it 100% valid > syntactically. With respect, I have to differ with you. This point arises from time to time on other lists, and I had to be educated about it myself. It's precisely the difference between "[10.10.16.24]" and "10.10.16.24", and the semantics associated with those differences in the text of the RFC. "10.10.16.24", sans quotes, does not match RFC2821's definition of IPv4-address literal in section 4.1.3, because it is not enclosed in brackets ("[]"), as required by section 4.1.3: : 4.1.3 Address Literals : : Sometimes a host is not known to the domain name system and : communication (and, in particular, communication to report and repair : the error) is blocked. To bypass this barrier a special literal form : of the address is allowed as an alternative to a domain name. For : IPv4 addresses, this form uses four small decimal integers separated : by dots and enclosed by brackets such as [123.255.37.2], which : indicates an (IPv4) Internet Address in sequence-of-octets form. Instead, "10.10.16.24", sans quotes, is a domain name with a Top-Level Domain "24", just as "foo.example.com" is a domain name with Top-Level Domain "com". See section 2.3.5, and the BNF definition of "Domain" in section 4.1.2, of RFC2821. > Of course, exposing a non-routable IP as a HELO is obviously bogus > information, but it is not syntactically invalid. Thus, blocking based on > it is technically against the RFCs. However, I'd expect some sites will > block this, since the information presented is obviously invalid. Au contraire, it is syntactically invalid because the brackets, which are required, are absent: "[10.10.16.24]" is syntactically valid as an address literal, while "10.10.16.24" is not -- sans quotes in both cases, of course. To put it in the mildest of terms, I agree that it is not good practice to expose as a HELO a non-routable IP written as an address literal. but that's not what I'm blocking on at my shop. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From MailScanner at ecs.soton.ac.uk Thu Apr 17 19:00:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 19:01:48 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <480775F5.6000006@alexb.ch> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> <480775F5.6000006@alexb.ch> Message-ID: <4807904E.2060102@ecs.soton.ac.uk> Alex Broens wrote: > On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: >>> Using latest MS release and Esets AV (ex Nod32) on a test box. >>> >>> "Virus Scanners = auto" doesn't recognize >>> "# esets from www.eset.com" >>> >>> Setting "Virus Scanners = esets" doesn't work either >>> >>> Can anyone reproduce? >>> >>> Thanks >>> >>> Alex >> >> Alex, is virus.scanners.conf correct for its path ? > > Hi [ UxBoD ] > > After MS recognizes Eset, it doesn't catch an Eicar.zip, which > clamavmodule does. It certainly works for me. Set Virus Scanners = esets in MailScanner.conf, and make sure the "esets" line in virus.scanners.conf ends with "/usr/sbin". Then do MailScanner --lint and in the output you should see some text like this: =========================================================================== Virus Scanner test reports: esets said "Found virus Eicar test file in eicar.com" If you get that, everything should be okay. You should also find that if you put an Eicar.zip in /tmp and run this next command, it should print a line of output about it: /usr/lib/MailScanner /usr/sbin -arch --all -b --subdir --action-on-uncleanable accept /tmp/* > In "esets_wrapper" you've chosen to use esets_scan which doesn't speak > to the daemon but has to load the signatures every time its called and > is extremely slow. How would I talk to the daemon? I haven't read much about esets apart from how to drive the client program and ensure the output format is usable and consistent. > Seems we're still missing something. What OS did you use to test the > wrapper & co? I tested it on RHEL 4 and 5, and it didn't show any signs of behaving badly on anything else. What Uxbod tested it on, I don't know :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 17 19:04:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 19:04:48 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <48078208.6050006@evi-inc.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> <48075438.1070200@evi-inc.com> <223f97700804170723q681a681bre11600715ac5a9ff@mail.gmail.com> <48078208.6050006@evi-inc.com> Message-ID: <48079120.4000001@ecs.soton.ac.uk> Glenn / Matt, Do you fancy taking this never-ending thread off-list please? It deserves an awful lot of O's in its "OT" and I'm sad to say it descended below boredom threshold for many of the rest of us a long time ago :-) If you ever come to an agreement, please feel free to post a summary :-) Thanks guys! Cheers, Jules. :-) Matt Kettler wrote: > Glenn Steen wrote: > >> >>> Also, this thread is about using an IP as a HELO, which is NOT a >>> malformed >>> HELO per the RFCs. Therefore it is still against the RFCs to refuse >>> mail >>> because the HELO is an IP address. >> Are you thinking "a plain word that looks like an IP address" then? >> Cause I'm pretty sure (boy am I going to get it... Haven't reread the >> exact wording:-) that the demand is for Ip address literals, like >> Steve points out, not a domain name looking like an IP address... >> Oh well. > > Erm, I'm not sure what difference you're implying exists between "a > plain word that looks like an IP address" and an "IP address literal". > I'm also not sure what you mean by "a domain name looking like an IP > address". > > The HELO string in question was "10.10.16.24", sans quotes, which > matches RFC2821's definition of IPv4-address-literal in section 4.1.3, > which is in turn a sub-type of address-literal in 4.1.2. This makes it > 100% valid syntactically. > > Of course, exposing a non-routable IP as a HELO is obviously bogus > information, but it is not syntactically invalid. Thus, blocking based > on it is technically against the RFCs. However, I'd expect some sites > will block this, since the information presented is obviously invalid. > > > > > > > > > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gwong at linktechit.com Thu Apr 17 19:22:31 2008 From: gwong at linktechit.com (Gregory Wong) Date: Thu Apr 17 19:23:14 2008 Subject: Unable to sa-compile In-Reply-To: <48070193.9050804@ecs.soton.ac.uk> Message-ID: Thanks for the feedback. I keep running into more problems. Sa-update is running fine. When I run sa-compile I get the following error message: sa-compile: not compiling; 'spamassassin --lint' check failed! I have looked through the output of spamassassin -D numerous times to see where it has failed or what is missing but I don't seem to see anything. On 4/17/08 3:51 AM, "Julian Field" wrote: Well, as it says, it can't find "re2c". Which would tend to make me think you haven't installed "re2c". So I suggest you install "re2c". You can get it from http://dag.wieers.com/rpm/packages. *please* read error messages :-) Gregory Wong wrote: > Thanks Scott. That seems to have worked but now I am getting the > following error message: > > re2c -i -b -o scanner1.c scanner1.re > Can't exec "re2c": No such file or directory at > /usr/local/bin/sa-compile line 287, <$fh> line 980. > command failed! at /usr/local/bin/sa-compile line 288, <$fh> line 980. > > Any suggestions? > > > On 4/16/08 6:06 PM, "Scott Silva" wrote: > > on 4-16-2008 1:01 PM Gregory Wong spake the following: > > root@smtp1:~# which dccproc > > /usr/bin/dccproc > > > Then try changing the dcc path in your > /etc/MailScanner/spam.assassin.prefs.conf file to match the above > and try the > sa-compile again. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080417/4dd659b2/attachment.html From MailScanner at ecs.soton.ac.uk Thu Apr 17 19:58:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 19:59:46 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <4B16C177313C70448BFF4C80789335B35E86C21E@ES1.impromed.com> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> <480775F5.6000006@alexb.ch> <4B16C177313C70448BFF4C80789335B35E86C21E@ES1.impromed.com> Message-ID: <48079DF1.3090202@ecs.soton.ac.uk> Scott B. Anderson wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Alex Broens >> Sent: Thursday, April 17, 2008 11:08 AM >> To: MailScanner discussion >> Subject: Re: Esets AV nor recognized by MailScanner >> >> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: >> >>>> Using latest MS release and Esets AV (ex Nod32) on a test box. >>>> >>>> "Virus Scanners = auto" doesn't recognize >>>> "# esets from www.eset.com" >>>> >>>> Setting "Virus Scanners = esets" doesn't work either >>>> >>>> Can anyone reproduce? >>>> >>>> Thanks >>>> >>>> Alex >>>> >>> Alex, is virus.scanners.conf correct for its path ? >>> >> Hi [ UxBoD ] >> >> After MS recognizes Eset, it doesn't catch an Eicar.zip, which >> clamavmodule does. >> >> In "esets_wrapper" you've chosen to use esets_scan which doesn't speak >> to the daemon but has to load the signatures every time its called and >> is extremely slow. >> >> Seems we're still missing something. What OS did you use to test the >> wrapper & co? >> >> thanks >> >> Alex >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > This could probably be a new thread, but I had to manually change virus.scanners.conf also, so I was wondering if that possibly could be causing my issue using ESET. > > After updating my virus.scanners.conf to point to /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and finds the EICAR virus, but then this happens on a lot of mails: > > Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message", name="./m3HH31Pw024758.header", virus="", action="", info="error - unknown compression method ", lines=0 > Please can you send me the exact queue files of one of these problem messages. Attach them (zipped up) to a mail to mailscanner@ecs.soton.ac.uk and I'll try to reproduce your problem. What it extracts as the ./*.header file would be useful too if you can get one (that may be hard). > MailScanner -v > > Running on > Linux ns1.impromed.com 2.6.17-1.2174_FC5smp #1 SMP Tue Aug 8 16:00:39 EDT 2006 i686 i686 i386 GNU/Linux > This is Fedora release 8 (Werewolf) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.68.8 > Module versions are: > 1.00 AnyDBM_File > 1.16 Archive::Zip > 1.04 Carp > 1.42 Compress::Zlib > 1.119 Convert::BinHex > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.19 File::Temp > 0.78 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 3.05 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.03 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.09 POSIX > 1.18 Scalar::Util > 1.78 Socket > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.68 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.30 Archive::Tar > 0.21 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.13 DBD::SQLite > 1.56 DBI > 1.10 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > 1.00 Encode::Detect > 0.17008 Error > 0.18 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.21 Mail::ClamAV > 3.002004 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > 0.33 Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.52 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > > I'm converting all HTML mail to text and running Clam, McAfee and ESET when this happens. If I remove ESET, MailScaner processes email normally. Not sure what I did wrong, or if ESET file security for linux rpm-based distributions is at fault. > > Scott Anderson > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 17 20:46:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 20:47:25 2008 Subject: Unable to sa-compile In-Reply-To: References: Message-ID: <4807A915.4080502@ecs.soton.ac.uk> Gregory Wong wrote: > Thanks for the feedback. I keep running into more problems. Sa-update > is running fine. When I run sa-compile I get the following error message: > > sa-compile: not compiling; 'spamassassin --lint' check failed! > > I have looked through the output of spamassassin ?D numerous times to > see where it has failed or what is missing but I don?t seem to see > anything. As it says, why not try "spamassassin --lint" instead? > > > On 4/17/08 3:51 AM, "Julian Field" wrote: > > Well, as it says, it can't find "re2c". Which would tend to make me > think you haven't installed "re2c". So I suggest you install > "re2c". You > can get it from http://dag.wieers.com/rpm/packages. > > *please* read error messages :-) > > Gregory Wong wrote: > > Thanks Scott. That seems to have worked but now I am getting the > > following error message: > > > > re2c -i -b -o scanner1.c scanner1.re > > Can't exec "re2c": No such file or directory at > > /usr/local/bin/sa-compile line 287, <$fh> line 980. > > command failed! at /usr/local/bin/sa-compile line 288, <$fh> line > 980. > > > > Any suggestions? > > > > > > On 4/16/08 6:06 PM, "Scott Silva" wrote: > > > > on 4-16-2008 1:01 PM Gregory Wong spake the following: > > > root@smtp1:~# which dccproc > > > /usr/bin/dccproc > > > > > Then try changing the dcc path in your > > /etc/MailScanner/spam.assassin.prefs.conf file to match the above > > and try the > > sa-compile again. > > > > -- > > MailScanner is like deodorant... > > You hope everybody uses it, and > > you notice quickly if they don't!!!! > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Thu Apr 17 21:04:05 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 17 21:04:50 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: <48071981.2040507@farrows.org> References: <48071981.2040507@farrows.org> Message-ID: <4807AD35.2000303@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Farrow wrote: | Message labs have a similar problem, but I am quite happy to whitelist | them for now as they are not a source of spam... Hate to prove you wrong. But I have multiple cases of spam send through messagelabs. So I surely will not whitelist them. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIB60zBvzDRVjxmYERAs31AJ4lomxAP+RSo7luPptjSLxy6nBU7QCdGqqn sit0Gg0HTVMSgToKsmI0t6k= =uLWB -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Apr 17 21:06:27 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 17 21:06:35 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: References: Message-ID: <4807ADC3.5060900@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Koopmann, Jan-Peter wrote: |> How do they do it then? | | http://www.snertsoft.com/smtp/smtpf/smtpf-cf.html#smtpf_grey_list | | By taking the PTR record and removing the first label. So greylisting | considers mail1.google.com the same server as mail2.google.com. That means you must inderstand when to use 2 and when to use 3 levels to ~ learn the proper domain name. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIB63BBvzDRVjxmYERAm1vAKCGES0vLhqsz+MOIXOWFGzVMeRvfACgisKO cLetSSlHkRqlp6An1bnYG0U= =CeW6 -----END PGP SIGNATURE----- From mailscanner at lists.com.ar Thu Apr 17 21:41:00 2008 From: mailscanner at lists.com.ar (Leonardo Helman) Date: Thu Apr 17 21:41:59 2008 Subject: ClamAV 0.93 released In-Reply-To: <48051021.5010909@ecs.soton.ac.uk> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> Message-ID: <1208464860.2962.75.camel@morticia.pert.com.ar> Hi I'm using clamavmodule I've made a patch for the Mail::ClamAV to compile (later I'll send it to the Mail::ClamAV mantainer) Basicaly I've deleted every option that doesn't exists any more. Adding new ones is a trivial task. There is a couple of changes to do in MS, clamav max ratio or something like that, doesn't exists any more and CL_SCAN_PHISHING_DOMAINLIST has dissapeared later I'll send a patch for SweepViruses.pm That's the good news But we have to decide if we want some of the new limits for example: do we want to define maxscansize? and archivememlim? should I add them to the patched Mail::ClamAV module? should we add them to the MS? comments? Here is a patch that eliminating the broken options from Mail::ClamAV diff -Naur Mail-ClamAV-0.21.ORIG/ClamAV.pm Mail-ClamAV-0.21/ClamAV.pm --- Mail-ClamAV-0.21.ORIG/ClamAV.pm 2008-01-14 19:32:27.000000000 -0200 +++ Mail-ClamAV-0.21/ClamAV.pm 2008-04-17 16:27:30.000000000 -0300 @@ -88,7 +88,6 @@ CL_SCAN_MAILURL CL_SCAN_BLOCKMAX CL_SCAN_ALGORITHMIC - CL_SCAN_PHISHING_DOMAINLIST CL_SCAN_PHISHING_BLOCKSSL CL_SCAN_PHISHING_BLOCKCLOAK @@ -224,12 +223,10 @@ /* set defaults for limits */ c->limits.maxreclevel = 5; - c->limits.maxmailrec = 10; c->limits.maxfiles = 1000; c->limits.maxfilesize = 1024 * 1028 * 10; /* 10 Megs */ /* XXX need to figure out a nice default */ - c->limits.maxratio = 200; c->limits.archivememlim = 1; if (S_ISDIR(st.st_mode)) { @@ -304,19 +301,6 @@ return SvClam(self)->limits.maxreclevel; } -int clamav_perl_maxmailrec(SV *self, ...) -{ - Inline_Stack_Vars; - if (Inline_Stack_Items > 1) { - SV *max; - if (Inline_Stack_Items > 2) - croak("Invalid number of arguments to maxmailrec()"); - max = Inline_Stack_Item(1); - SvClam(self)->limits.maxmailrec = SvIV(max); - } - return SvClam(self)->limits.maxmailrec; -} - int clamav_perl_maxfiles(SV *self, ...) { Inline_Stack_Vars; @@ -343,19 +327,6 @@ return SvClam(self)->limits.maxfilesize; } -int clamav_perl_maxratio(SV *self, ...) -{ - Inline_Stack_Vars; - if (Inline_Stack_Items > 1) { - SV *max; - if (Inline_Stack_Items > 2) - croak("Invalid number of arguments to maxratio()"); - max = Inline_Stack_Item(1); - SvClam(self)->limits.maxratio = (long int)SvIV(max); - } - return SvClam(self)->limits.maxratio; -} - int clamav_perl_archivememlim(SV *self, ...) { Inline_Stack_Vars; @@ -536,7 +507,6 @@ if (strEQ("CL_SCAN_MAILURL", name)) return CL_SCAN_MAILURL; if (strEQ("CL_SCAN_BLOCKMAX", name)) return CL_SCAN_BLOCKMAX; if (strEQ("CL_SCAN_ALGORITHMIC", name)) return CL_SCAN_ALGORITHMIC; - if (strEQ("CL_SCAN_PHISHING_DOMAINLIST", name)) return CL_SCAN_PHISHING_DOMAINLIST; if (strEQ("CL_SCAN_PHISHING_BLOCKSSL", name)) return CL_SCAN_PHISHING_BLOCKSSL; if (strEQ("CL_SCAN_PHISHING_BLOCKCLOAK", name)) return CL_SCAN_PHISHING_BLOCKCLOAK; if (strEQ("CL_SCAN_ELF", name)) return CL_SCAN_ELF; @@ -616,11 +586,9 @@ # Set some limits (only applies to scan()) $c->maxreclevel(4); - $c->maxmailrec(4); $c->maxfiles(20); $c->maxfilesize(1024 * 1024 * 20); # 20 megs $c->archivememlim(0); # limit memory usage for bzip2 (0/1) - $c->maxratio(0); # Scan a filehandle (scandesc in clamav) # scan(FileHandle or path, Bitfield of options) @@ -715,10 +683,6 @@ Enable algorithmic detection of viruses. -=item CL_SCAN_PHISHING_DOMAINLIST - -Phishing module: restrict URL scanning to domains from .pdf (RECOMMENDED). - =item CL_SCAN_PHISHING_BLOCKSSL Phishing module: always block SSL mismatches in URLs. @@ -904,10 +868,6 @@ Sets the maximum recursion level into archives [default 5]. -=item maxmailrec - -Sets the maximum recursion level into emails [default 10]. - =item maxfiles Maximum number of files that will be scanned [default 1000]. A value of zero @@ -918,12 +878,6 @@ Maximum file size that will be scanned in bytes [default 10M]. A value of zero disables the check. -=item maxratio - -Maximum compression ratio. So if this is set to 200, libclamav will give up -decompressing a file if it reaches 200x its compressed size [default 200]. A -value of zero disables the check. - =item archivememlim Turns on/off memory usage limits for bzip2. [default 1] diff -Naur Mail-ClamAV-0.21.ORIG/Makefile.PL Mail-ClamAV-0.21/Makefile.PL --- Mail-ClamAV-0.21.ORIG/Makefile.PL 2007-02-20 10:45:30.000000000 -0300 +++ Mail-ClamAV-0.21/Makefile.PL 2008-04-17 16:32:25.000000000 -0300 @@ -13,8 +13,8 @@ } my $version = `clamav-config --version`; chomp $version; -if ($version < 0.90) { - die "The clamav version you are using is too old. Please upgrade to atleast 0.90\n"; +if ($version < 0.93) { + die "The clamav version you are using is too old. Please upgrade to atleast 0.93\n"; } my $libs = `clamav-config --libs`; diff -Naur Mail-ClamAV-0.21.ORIG/t/Mail-ClamAV.t Mail-ClamAV-0.21/t/Mail-ClamAV.t --- Mail-ClamAV-0.21.ORIG/t/Mail-ClamAV.t 2007-02-20 10:35:41.000000000 -0300 +++ Mail-ClamAV-0.21/t/Mail-ClamAV.t 2008-04-17 16:28:49.000000000 -0300 @@ -59,7 +59,6 @@ CL_SCAN_MAILURL CL_SCAN_BLOCKMAX CL_SCAN_ALGORITHMIC - CL_SCAN_PHISHING_DOMAINLIST CL_SCAN_PHISHING_BLOCKSSL CL_SCAN_PHISHING_BLOCKCLOAK ----------------------------------------------------------------------- Saludos Leonardo Helman Pert Consultores Argentina On Tue, 2008-04-15 at 21:29 +0100, Julian Field wrote: > Brad, > > Brad Dokken wrote: > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Julian Field > >> Sent: Monday, April 14, 2008 10:56 AM > >> To: MailScanner discussion > >> Subject: Re: ClamAV 0.93 released > >> > >> I have upgraded the ClamAV+SpamAssassin distribution available at > >> www.mailscanner.info. > >> > >> Note that this new version does *NOT* work with the > >> 'clamavmodule' virus > >> scanner. So don't upgrade if you're running the clamavmodule scanner. > >> > >> > > > > Could you provide some clarification for me? Back in the day MailScanner > > didn't support Clamd. > Ah, the good ole days :-) > > When Clamd support became available I stuck with > > clamavmodule because the speed increase wasn't needed in my > > configuration. Your easy install package is so simple and "just works" > > so I haven't seen a need to change anything. Over the past year it seems > > the Mail::ClamAV perl module hasn't been getting updated in a timely > > manner. > Agreed. > > I have waited for it to get updated and then installed the > > latest ClamAV update. This is getting a bit old and so I ask, is ClamD > > considered the Best Practice for a MailScanner setup today? > Not sure on that, I still use clamavmodule as you don't *have* to update > to the latest ClamAV the day it is released. The previous version will > carry on working just fine for quite a while. One of these days I might > jump ship to clamd, but not yet. > > Also, once I > > install and configure ClamD from DW's rpms, does your easy install > > package update ClamAV from that point on or do I have to skip the clamav > > update when I run the install script from your easy install package? > > > My ClamAV+SpamAssassin package will ask you if you want it to install > ClamAV or not. If you choose not, then it will ask you where your > current clamscan is installed so that it can work out what directories > to set and where. So you don't have to edit my install script or > anything nasty like that, it handles it all in a relatively intelligent > manner (I hope that's what people see, anyway!). > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -------------- next part -------------- A non-text attachment was scrubbed... Name: Mail-ClamAV-0.21.patch Type: text/x-patch Size: 4659 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080417/4996c5af/Mail-ClamAV-0.21.bin From MailScanner at ecs.soton.ac.uk Thu Apr 17 21:50:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 17 21:51:34 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: <4807ADC3.5060900@vanderkooij.org> References: <4807ADC3.5060900@vanderkooij.org> Message-ID: <4807B805.90800@ecs.soton.ac.uk> Hugo van der Kooij wrote: > * PGP Signed by an unverified key: 04/17/08 at 21:06:25 > > Koopmann, Jan-Peter wrote: > |> How do they do it then? > | > | http://www.snertsoft.com/smtp/smtpf/smtpf-cf.html#smtpf_grey_list > | > | By taking the PTR record and removing the first label. So greylisting > | considers mail1.google.com the same server as mail2.google.com. > > That means you must inderstand when to use 2 and when to use 3 levels to > ~ learn the proper domain name. Which is what my country.domains.conf file helps with. Works most of the time. I have to solve exactly the same problem in the phishing net code. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Thu Apr 17 21:59:40 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Apr 17 22:00:23 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <4807904E.2060102@ecs.soton.ac.uk> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> <480775F5.6000006@alexb.ch> <4807904E.2060102@ecs.soton.ac.uk> Message-ID: <4807BA3C.302@alexb.ch> On 4/17/2008 8:00 PM, Julian Field wrote: > > > Alex Broens wrote: >> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: >>>> Using latest MS release and Esets AV (ex Nod32) on a test box. >>>> >>>> "Virus Scanners = auto" doesn't recognize >>>> "# esets from www.eset.com" >>>> >>>> Setting "Virus Scanners = esets" doesn't work either >>>> >>>> Can anyone reproduce? >>>> >>>> Thanks >>>> >>>> Alex >>> >>> Alex, is virus.scanners.conf correct for its path ? >> >> Hi [ UxBoD ] >> >> After MS recognizes Eset, it doesn't catch an Eicar.zip, which >> clamavmodule does. > It certainly works for me. > Set > Virus Scanners = esets > in MailScanner.conf, and make sure the "esets" line in > virus.scanners.conf ends with "/usr/sbin". > Then do > MailScanner --lint > and in the output you should see some text like this: > > =========================================================================== > Virus Scanner test reports: > esets said "Found virus Eicar test file in eicar.com" all mine shows is Apr 17 16:14:21 mst1 MailScanner[5743]: Virus Scanning: esets found 2 infections but no detail > > If you get that, everything should be okay. You should also find that if > you put an Eicar.zip in /tmp and run this next command, it should print > a line of output about it: > /usr/lib/MailScanner /usr/sbin -arch --all -b --subdir > --action-on-uncleanable accept /tmp/* lemme try that >> In "esets_wrapper" you've chosen to use esets_scan which doesn't speak >> to the daemon but has to load the signatures every time its called and >> is extremely slow. > How would I talk to the daemon? I haven't read much about esets apart > from how to drive the client program and ensure the output format is > usable and consistent. using "esets_cli" speak to the daemon instead of esets_scan >> Seems we're still missing something. What OS did you use to test the >> wrapper & co? > I tested it on RHEL 4 and 5, and it didn't show any signs of behaving > badly on anything else. If you want to take a look on my box, I can give you access. Alex From dstraka at caspercollege.edu Thu Apr 17 22:04:13 2008 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Apr 17 22:05:07 2008 Subject: Upgrading MailScanner Message-ID: <480766ED.61A4.0000.0@caspercollege.edu> Im running: SuSE version = 10.0 sendmail version = 8.13.6 spamassassin version = 3.1.3 MailScanner version = 4.54.6 I'd like to upgrade MailScanner so I can use the watermarking feature which I'm assuming will help with the delivery failures that my users have had to put up with for the last 2 weeks or so. So, is it pointless to try and upgrade just MailScanner? Do I even need to upgrade to use watermarking? I don't see the watermarking sections in my config. If I follow the procedure below from the wiki and I get to the part that says "if everything went fine" and everything did not go fine...WHO CAN HELP ME? Are there any pitfalls to consider like problems with dependencies? Upgrade (RPM) * Make a backup copy of your current MailScanner (Linux): cp -a /etc/MailScanner /etc/MailScanner.$(date +%Y%m%d) cp -a /usr/lib/MailScanner /usr/lib/MailScanner.$(date +%Y%m%d) cp -a /usr/sbin/MailScanner /usr/sbin/MailScanner.$(date +%Y%m%d) * Download the latest version * Check the integrity (#9) * untar the archive (tar xzf) X/ * cd into the created directory * run the install script (./install) * inspect the output for errors * manage the .rmpnew files WHAT'S THIS MEAN? * if everything went fine, run the command Thanks, -- Dan Straka Systems Coordinator Casper College www.caspercollege.edu ( http://www.caspercollege.edu/ ) From raul at chromacars.com Thu Apr 17 22:23:32 2008 From: raul at chromacars.com (raul benitez) Date: Thu Apr 17 22:23:22 2008 Subject: Two versions of Spamassasin running Message-ID: <4807BFD4.6040404@chromacars.com> Thanks for the reply. See the problem is I inherited this box and what I think happened was the collocation service that was admining this box installed Blue quartz with mailscanner on top of the already installed spamassassin and did not bother to stop that version. So my question is can i just stop or delete the original version of spamassassin without havening to delete the mailscanner one? or am I not understand this right? Thanks Also, get rid of spamass-milter.. There's no reason you should be running SpamAssassin under MailScanner and in a milter milter. Pick one or the other, but doing both is silly. Julian Field wrote: > > You have at least 2 versions installed. Get rid of all of them and start > > again. You don't need to run the spamd daemon if you are using > > MailScanner as it doesn't use it anyway, it communicates more directly > > with SpamAssassin without the daemon getting in the way. > > > > Delete all of those RPMs and fetch a nice shiny new version from your > > favourite source. > > From mikes at hartwellcorp.com Thu Apr 17 22:56:33 2008 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Thu Apr 17 23:00:06 2008 Subject: Is sendmail safe for SMTP? Message-ID: <3BF93070B3D1B047BA7ABF612958950D02CF612E@hcex.hartwellcorp.com> I've been using an SMTP proxy for years now but have been having problems with it lately. So I am wondering if it is safe to let Sendmail talk SMTP to the outside world these days or if that is still considered a Bad Idea(tm). From peter at farrows.org Thu Apr 17 23:21:00 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Apr 17 23:21:47 2008 Subject: Is sendmail safe for SMTP? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D02CF612E@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D02CF612E@hcex.hartwellcorp.com> Message-ID: <4807CD4C.1000907@farrows.org> Michael St. Laurent wrote: > I've been using an SMTP proxy for years now but have been having > problems with it lately. So I am wondering if it is safe to let > Sendmail talk SMTP to the outside world these days or if that is still > considered a Bad Idea(tm). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Sendmail is the most widely used MTA on the internet (>60%), when vulnerabilities have been discovered in the past they were fixed very quickly. Not sure where you get the concept " *Still* a bad idea", its the MTA of choice in my book and has been for over 10 years and facing it on the internet correctly configured has never been a bad idea... Sendmail is over 25 years old and is still the number 1, its the most configurable and provides the best functionality.... A lot of sys admins are cautious of it because they don't know how it works well enough... but its like anything these days once you know how to use it, its very simple to make it do what you want... Other good choices include Exim, which scales very well for very very large enterprises with 100,000's of users. Regards Pete Regards Pete From peter at farrows.org Thu Apr 17 23:36:52 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Apr 17 23:52:33 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: <4807AD35.2000303@vanderkooij.org> References: <48071981.2040507@farrows.org> <4807AD35.2000303@vanderkooij.org> Message-ID: <4807D104.9030201@farrows.org> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Farrow wrote: > > | Message labs have a similar problem, but I am quite happy to whitelist > | them for now as they are not a source of spam... > > Hate to prove you wrong. But I have multiple cases of spam send through > messagelabs. So I surely will not whitelist them. > > Hugo > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIB60zBvzDRVjxmYERAs31AJ4lomxAP+RSo7luPptjSLxy6nBU7QCdGqqn > sit0Gg0HTVMSgToKsmI0t6k= > =uLWB > -----END PGP SIGNATURE----- Coming through and "source of spam" are different. Google make a lot of money by selling services to people who make a living from spamming, thats different entirely to "letting it through". Google is a big *source* of spam, so I force them to greylist anyway. Message labs do not send spam, however some spam merely gets through their systems, I whitelist their servers on the greylist engine, but they are still subject to all further anti spam checks. Google is a source of spam, and an organisation that profits from spam, and Messagelabs are effectively an anti spam business, BIG BIG difference.... No allowances for google sourced email should ever be made in a spam system...until they clean up their act. Unfortunately while still trying to grow their internet mail business to compete with the likes of hotmail, having spammers use their system pushes up their email stats, you can just hear in the management meetings "hey we process 20 million emails a day now" - sounds great but they forgot to mention 99% of it was spam. When hotmail was a young email business it too went through the "bucket loads of spam" phase and google mail services are in the same early stages and have the same early problems. Just a month or so ago on this list a top 100 spam companies was published and guess what Google featured very prominently in that list. Considering outsourcing email services to Google is really like selling your soul to the devil I'm afraid, it may be great first off but you will surely rot in hell for eternity when judgement day comes... Regards Pete From peter at farrows.org Thu Apr 17 23:44:06 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Apr 17 23:52:43 2008 Subject: OT: Ideas as to best way to do this In-Reply-To: References: Message-ID: <4807D2B6.80102@farrows.org> Koopmann, Jan-Peter wrote: >> Just to let you know, all google servers are hopeless at handling >> > email > >> to greylisting systems. >> >> You can expect BIG delays as they don't maintain state on smtp queues. >> > > Agreed. Just for the record: This is not really a google problem but a > problem coming from inefficient greylisting implementations. Have a look > at BarricadeMX. Their greylisting implementation does not suffer from > this particular problem. > > >> Typically a greylisting system admin would whitelist google servers to >> get round their problem, however, as google is in the top 100 list of >> spam sources whitelisting their mail relays is a very bad idea.... >> > > > Or use better greylisting algorithms.. :-) > > > You can of course greylist/whitelist based on domain but since the number of organisations that actually have this type of problem is very small, I really don't consider it my problem, I am very happy indeed for google mail to be delayed... and make no excuses for it in my client base... Its not down to a lack of efficiency in greylisting algorithm, per se, as I *actively force* the ip address of the sending server to be part of the greylisting process. If you change servers in your outbound queue then you can expect to be delayed again. I don't use the snertsoft filter, I used a personally modified version of this http://hcpnet.free.fr/milter-greylist/ across my enterprise, one particularly nice feature is that it allows whitelist syncing across multiple servers, so once one server in the group has whitelisted a server, sender, recipient triplet then the others have it too. Regards Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080417/0ac13885/attachment.html From peter at farrows.org Thu Apr 17 23:57:21 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Apr 18 00:33:24 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <48078208.6050006@evi-inc.com> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> <48075438.1070200@evi-inc.com> <223f97700804170723q681a681bre11600715ac5a9ff@mail.gmail.com> <48078208.6050006@evi-inc.com> Message-ID: <4807D5D1.6030507@farrows.org> Matt Kettler wrote: > Glenn Steen wrote: > >> >>> Also, this thread is about using an IP as a HELO, which is NOT a >>> malformed >>> HELO per the RFCs. Therefore it is still against the RFCs to refuse >>> mail >>> because the HELO is an IP address. >> Are you thinking "a plain word that looks like an IP address" then? >> Cause I'm pretty sure (boy am I going to get it... Haven't reread the >> exact wording:-) that the demand is for Ip address literals, like >> Steve points out, not a domain name looking like an IP address... >> Oh well. > > Erm, I'm not sure what difference you're implying exists between "a > plain word that looks like an IP address" and an "IP address literal". > I'm also not sure what you mean by "a domain name looking like an IP > address". > > The HELO string in question was "10.10.16.24", sans quotes, which > matches RFC2821's definition of IPv4-address-literal in section 4.1.3, > which is in turn a sub-type of address-literal in 4.1.2. This makes it > 100% valid syntactically. > > Of course, exposing a non-routable IP as a HELO is obviously bogus > information, but it is not syntactically invalid. Thus, blocking based > on it is technically against the RFCs. However, I'd expect some sites > will block this, since the information presented is obviously invalid. > > Matt has touched on what I said earlier here and I think Matts summary is most succinct and right on the money. Its not valid RFC form to explicitly reject based on this type of helo, but to send such an obviously bogus helo is really asking for trouble. You would not get past my main servers with this type of helo, and it could be very simple to correct. I would, in short, save yourself all the bother and just send a properly constructed helo that is recognisable anywhere (i.e. not constructed from anything in RFC1597) and definately not something like "localhost" ;-) Regards Pete From mikes at hartwellcorp.com Fri Apr 18 01:26:50 2008 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Fri Apr 18 01:29:26 2008 Subject: Is sendmail safe for SMTP? Message-ID: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> > > I've been using an SMTP proxy for years now but have been having > > problems with it lately. So I am wondering if it is safe to let > > Sendmail talk SMTP to the outside world these days or if > that is still > > considered a Bad Idea(tm). > > > Sendmail is the most widely used MTA on the internet (>60%), when > vulnerabilities have been discovered in the past they were fixed very > quickly. > Not sure where you get the concept " *Still* a bad idea", > its the MTA > of choice in my book and has been for over 10 years and > facing it on the > internet correctly configured has never been a bad idea... > > Sendmail is over 25 years old and is still the number 1, its the most > configurable and provides the best functionality.... > > A lot of sys admins are cautious of it because they don't know how it > works well enough... but its like anything these days once > you know how > to use it, its very simple to make it do what you want... Oh, I can make it do what I want. But when I first put things together here I didn't have time to do a lot of research and there were some high profile incidents took place involving Sendmail exploits. In any case, using a proxy sounded safer than *not* using one. I hope the "Bad Idea" comment didn't give offense as it was not intended to be any kind of a dig against Sendmail. In any case, if that many folks have Sendmail facing the Internet... well, that's good enough for me. ;) From MailScanner at ecs.soton.ac.uk Fri Apr 18 09:02:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 09:03:40 2008 Subject: Two versions of Spamassasin running In-Reply-To: <4807BFD4.6040404@chromacars.com> References: <4807BFD4.6040404@chromacars.com> Message-ID: <480855AC.1030302@ecs.soton.ac.uk> raul benitez wrote: > Thanks for the reply. See the problem is I inherited this box and what > I think happened was the collocation service that was admining this > box installed Blue quartz with mailscanner on top of the already > installed spamassassin and did not bother to stop that version. So my > question is can i just stop or delete the original version of > spamassassin without havening to delete the mailscanner one? or am I > not understand this right? Thanks Delete the original version and then re-install the version you want to use. > Also, get rid of spamass-milter.. There's no reason you should be > running SpamAssassin under MailScanner and in a milter milter. Pick > one or the other, but doing both is silly. Julian Field wrote: > >> > You have at least 2 versions installed. Get rid of all of them and >> start > again. You don't need to run the spamd daemon if you are >> using > MailScanner as it doesn't use it anyway, it communicates more >> directly > with SpamAssassin without the daemon getting in the way. >> > > Delete all of those RPMs and fetch a nice shiny new version from >> your > favourite source. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Fri Apr 18 09:11:16 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Apr 18 09:12:00 2008 Subject: Upgrading MailScanner In-Reply-To: <480766ED.61A4.0000.0@caspercollege.edu> Message-ID: Daniel Yes you'll to upgrade to get the watermarking feature going as this wasn't implemented till version 4.62. Latest stable 4.68.8 has a few improvements on this as well. I'd upgrade MailScanner, get that doing then look at upgrading Spamassasin to 3.2.4 which has some very useful things in it. It's a middling upgrade so expect some pain but not a lot.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Daniel Straka > Sent: 17 April 2008 22:04 > To: MailScanner discussion > Subject: Upgrading MailScanner > > Im running: > SuSE version = 10.0 > sendmail version = 8.13.6 > spamassassin version = 3.1.3 > MailScanner version = 4.54.6 > > I'd like to upgrade MailScanner so I can use the watermarking feature > which I'm assuming will help with the delivery failures that my users have > had to put up with for the last 2 weeks or so. > So, is it pointless to try and upgrade just MailScanner? > Do I even need to upgrade to use watermarking? I don't see the > watermarking sections in my config. > If I follow the procedure below from the wiki and I get to the part that > says "if everything went fine" and everything did not go fine...WHO CAN > HELP ME? > Are there any pitfalls to consider like problems with dependencies? > > Upgrade (RPM) > * Make a backup copy of your current MailScanner (Linux): > cp -a /etc/MailScanner /etc/MailScanner.$(date +%Y%m%d) > cp -a /usr/lib/MailScanner /usr/lib/MailScanner.$(date +%Y%m%d) > cp -a /usr/sbin/MailScanner /usr/sbin/MailScanner.$(date +%Y%m%d) > * Download the latest version > * Check the integrity (#9) > * untar the archive (tar xzf) X/ > * cd into the created directory > * run the install script (./install) > * inspect the output for errors > * manage the .rmpnew files WHAT'S THIS > MEAN? > * if everything went fine, run the command > > Thanks, > > -- > > Dan Straka > Systems Coordinator > Casper College > www.caspercollege.edu ( http://www.caspercollege.edu/ ) > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Apr 18 09:17:58 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 09:18:24 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <48079DF1.3090202@ecs.soton.ac.uk> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> <480775F5.6000006@alexb.ch> <4B16C177313C70448BFF4C80789335B35E86C21E@ES1.impromed.com> <48079DF1.3090202@ecs.soton.ac.uk> Message-ID: <48085936.4030600@ecs.soton.ac.uk> Julian Field wrote: > > > Scott B. Anderson wrote: >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Alex Broens >>> Sent: Thursday, April 17, 2008 11:08 AM >>> To: MailScanner discussion >>> Subject: Re: Esets AV nor recognized by MailScanner >>> >>> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: >>> >>>>> Using latest MS release and Esets AV (ex Nod32) on a test box. >>>>> >>>>> "Virus Scanners = auto" doesn't recognize >>>>> "# esets from www.eset.com" >>>>> >>>>> Setting "Virus Scanners = esets" doesn't work either >>>>> >>>>> Can anyone reproduce? >>>>> >>>>> Thanks >>>>> >>>>> Alex >>>>> >>>> Alex, is virus.scanners.conf correct for its path ? >>>> >>> Hi [ UxBoD ] >>> >>> After MS recognizes Eset, it doesn't catch an Eicar.zip, which >>> clamavmodule does. >>> >>> In "esets_wrapper" you've chosen to use esets_scan which doesn't speak >>> to the daemon but has to load the signatures every time its called and >>> is extremely slow. >>> >>> Seems we're still missing something. What OS did you use to test the >>> wrapper & co? >>> >>> thanks >>> >>> Alex >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> This could probably be a new thread, but I had to manually change >> virus.scanners.conf also, so I was wondering if that possibly could >> be causing my issue using ESET. >> >> After updating my virus.scanners.conf to point to >> /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and >> finds the EICAR virus, but then this happens on a lot of mails: >> >> Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message", >> name="./m3HH31Pw024758.header", virus="", action="", info="error - >> unknown compression method ", lines=0 >> > Please can you send me the exact queue files of one of these problem > messages. Attach them (zipped up) to a mail to > mailscanner@ecs.soton.ac.uk and I'll try to reproduce your problem. > What it extracts as the ./*.header file would be useful too if you can > get one (that may be hard). That log entry doesn't appear to actually cause any problems, but I have tweaked the code so you won't see it any more. >> MailScanner -v >> >> Running on >> Linux ns1.impromed.com 2.6.17-1.2174_FC5smp #1 SMP Tue Aug 8 16:00:39 >> EDT 2006 i686 i686 i386 GNU/Linux >> This is Fedora release 8 (Werewolf) >> This is Perl version 5.008008 (5.8.8) >> >> This is MailScanner version 4.68.8 >> Module versions are: >> 1.00 AnyDBM_File >> 1.16 Archive::Zip >> 1.04 Carp >> 1.42 Compress::Zlib >> 1.119 Convert::BinHex >> 2.27 Date::Parse >> 1.00 DirHandle >> 1.05 Fcntl >> 2.74 File::Basename >> 2.09 File::Copy >> 2.01 FileHandle >> 1.08 File::Path >> 0.19 File::Temp >> 0.78 Filesys::Df >> 1.35 HTML::Entities >> 3.56 HTML::Parser >> 2.37 HTML::TokeParser >> 1.23 IO >> 1.14 IO::File >> 1.13 IO::Pipe >> 2.02 Mail::Header >> 1.86 Math::BigInt >> 3.05 MIME::Base64 >> 5.425 MIME::Decoder >> 5.425 MIME::Decoder::UU >> 5.425 MIME::Head >> 5.425 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.425 MIME::Tools >> 0.11 Net::CIDR >> 1.09 POSIX >> 1.18 Scalar::Util >> 1.78 Socket >> 1.4 Sys::Hostname::Long >> 0.18 Sys::Syslog >> 1.68 Time::HiRes >> 1.02 Time::localtime >> >> Optional module versions are: >> 1.30 Archive::Tar >> 0.21 bignum >> 1.82 Business::ISBN >> 1.10 Business::ISBN::Data >> 1.08 Data::Dump >> 1.814 DB_File >> 1.13 DBD::SQLite >> 1.56 DBI >> 1.10 Digest >> 1.01 Digest::HMAC >> 2.36 Digest::MD5 >> 2.10 Digest::SHA1 >> 1.00 Encode::Detect >> 0.17008 Error >> 0.18 ExtUtils::CBuilder >> 2.18 ExtUtils::ParseXS >> 2.36 Getopt::Long >> 0.44 Inline >> 1.08 IO::String >> 1.04 IO::Zlib >> 2.21 IP::Country >> 0.21 Mail::ClamAV >> 3.002004 Mail::SpamAssassin >> v2.004 Mail::SPF >> 1.999001 Mail::SPF::Query >> 0.2808 Module::Build >> 0.20 Net::CIDR::Lite >> 0.63 Net::DNS >> 0.002.2 Net::DNS::Resolver::Programmable >> 0.33 Net::LDAP >> 4.004 NetAddr::IP >> 1.94 Parse::RecDescent >> missing SAVI >> 2.52 Test::Harness >> 0.95 Test::Manifest >> 1.98 Text::Balanced >> 1.35 URI >> 0.7203 version >> 0.62 YAML >> >> I'm converting all HTML mail to text and running Clam, McAfee and >> ESET when this happens. If I remove ESET, MailScaner processes email >> normally. Not sure what I did wrong, or if ESET file security for >> linux rpm-based distributions is at fault. >> >> Scott Anderson >> > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Apr 18 09:31:27 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 18 09:32:03 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <20080417180045.GC26750@mikea.ath.cx> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> <48075438.1070200@evi-inc.com> <223f97700804170723q681a681bre11600715ac5a9ff@mail.gmail.com> <48078208.6050006@evi-inc.com> <20080417180045.GC26750@mikea.ath.cx> Message-ID: <223f97700804180131g19669fxb4bfa304cb0c4f9b@mail.gmail.com> On 17/04/2008, mikea wrote: > On Thu, Apr 17, 2008 at 12:59:52PM -0400, Matt Kettler wrote: > > Glenn Steen wrote: > > > > > > > >> Also, this thread is about using an IP as a HELO, which is NOT a > > >> malformed > > >>HELO per the RFCs. Therefore it is still against the RFCs to refuse mail > > >>because the HELO is an IP address. > > >Are you thinking "a plain word that looks like an IP address" then? > > >Cause I'm pretty sure (boy am I going to get it... Haven't reread the > > >exact wording:-) that the demand is for Ip address literals, like > > >Steve points out, not a domain name looking like an IP address... > > >Oh well. > > > > Erm, I'm not sure what difference you're implying exists between "a plain > > word that looks like an IP address" and an "IP address literal". I'm also > > not sure what you mean by "a domain name looking like an IP address". > > > The HELO string in question was "10.10.16.24", sans quotes, which matches > > RFC2821's definition of IPv4-address-literal in section 4.1.3, which is in > > turn a sub-type of address-literal in 4.1.2. This makes it 100% valid > > syntactically. > > > With respect, I have to differ with you. This point arises from time > to time on other lists, and I had to be educated about it myself. As have we all. Thank you Mike, for the work of explaining it in detail. > > (snip) > > > > To put it in the mildest of terms, I agree that it is not good practice > to expose as a HELO a non-routable IP written as an address literal. but > that's not what I'm blocking on at my shop. > Same here. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Apr 18 09:34:23 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 18 09:34:33 2008 Subject: OOT: Mail rejected with bogus helo In-Reply-To: <48079120.4000001@ecs.soton.ac.uk> References: <4805B93E.4060204@gedubrak.com> <480611BE.6050902@evi-inc.com> <480651D3.8000109@farrows.org> <223f97700804161241u31d94078y7400333d403f1a8@mail.gmail.com> <48067656.2030701@farrows.org> <223f97700804170139k4fc7e254y3adaf2b924d02a59@mail.gmail.com> <48075438.1070200@evi-inc.com> <223f97700804170723q681a681bre11600715ac5a9ff@mail.gmail.com> <48078208.6050006@evi-inc.com> <48079120.4000001@ecs.soton.ac.uk> Message-ID: <223f97700804180134l1886b072s3c89a16e9b0dad78@mail.gmail.com> On 17/04/2008, Julian Field wrote: > Glenn / Matt, > > Do you fancy taking this never-ending thread off-list please? It deserves > an awful lot of O's in its "OT" and I'm sad to say it descended below > boredom threshold for many of the rest of us a long time ago :-) :-) Sure, no problem. > If you ever come to an agreement, please feel free to post a summary :-) As far as I'm concerned, everything is crystal clear. Much thanks to Mike Andrews summary on address literals. But I'll shut up now:-). > Thanks guys! > Cheers, > Jules. :-) > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Apr 18 09:45:06 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 18 09:45:41 2008 Subject: ClamAV 0.93 released In-Reply-To: <1208464860.2962.75.camel@morticia.pert.com.ar> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> Message-ID: <223f97700804180145j9aaec81kede3e7e32c44a212@mail.gmail.com> On 17/04/2008, Leonardo Helman wrote: > > Hi I'm using clamavmodule > > > I've made a patch for the Mail::ClamAV to compile (later I'll send it > to the Mail::ClamAV mantainer) Splendid! > Basicaly I've deleted every option that doesn't exists any more. > Adding new ones is a trivial task. > > > > There is a couple of changes to do in MS, clamav max ratio > or something like that, doesn't exists any more > and CL_SCAN_PHISHING_DOMAINLIST has dissapeared > > later I'll send a patch for SweepViruses.pm > > That's the good news > > But we have to decide if we want some of the new limits > for example: > do we want to define maxscansize? and archivememlim? And should this be synchronized wuith the SA scan limit? I don?t know... But having the ability to set things in one place (MailScanner.conf, presumably) would be nice. Perhaps a "meta setting" for what features to use/not use? > should I add them to the patched Mail::ClamAV module? I think so, yes. > should we add them to the MS? ... yes, if the former, definitely the latter... Else we'll be dependant on defaults (as if we weren't already:-)... Better to be explicit. > comments? > Thanks Leonardo. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From peter at farrows.org Fri Apr 18 10:30:02 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Apr 18 10:30:48 2008 Subject: Is sendmail safe for SMTP? In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> Message-ID: <48086A1A.4050306@farrows.org> Michael St. Laurent wrote: >>> I've been using an SMTP proxy for years now but have been having >>> problems with it lately. So I am wondering if it is safe to let >>> Sendmail talk SMTP to the outside world these days or if >>> >> that is still >> >>> considered a Bad Idea(tm). >>> >>> >> Sendmail is the most widely used MTA on the internet (>60%), when >> vulnerabilities have been discovered in the past they were fixed very >> quickly. >> Not sure where you get the concept " *Still* a bad idea", >> its the MTA >> of choice in my book and has been for over 10 years and >> facing it on the >> internet correctly configured has never been a bad idea... >> >> Sendmail is over 25 years old and is still the number 1, its the most >> configurable and provides the best functionality.... >> >> A lot of sys admins are cautious of it because they don't know how it >> works well enough... but its like anything these days once >> you know how >> to use it, its very simple to make it do what you want... >> > > Oh, I can make it do what I want. But when I first put things together > here I didn't have time to do a lot of research and there were some high > profile incidents took place involving Sendmail exploits. In any case, > using a proxy sounded safer than *not* using one. > > I hope the "Bad Idea" comment didn't give offense as it was not intended > to be any kind of a dig against Sendmail. > > > No offence taken, just wondered/interested if someone had given you a reason not to use it, in which case I would be interested to hear what it might have been... Regards Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/e1901757/attachment.html From ms-list at alexb.ch Fri Apr 18 10:32:34 2008 From: ms-list at alexb.ch (Alex Broens) Date: Fri Apr 18 10:33:14 2008 Subject: ClamAV 0.93 released In-Reply-To: <223f97700804180145j9aaec81kede3e7e32c44a212@mail.gmail.com> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <223f97700804180145j9aaec81kede3e7e32c44a212@mail.gmail.com> Message-ID: <48086AB2.3040303@alexb.ch> On 4/18/2008 10:45 AM, Glenn Steen wrote: > And should this be synchronized wuith the SA scan limit? I don?t > know... But having the ability to set things in one place > (MailScanner.conf, presumably) would be nice. Perhaps a "meta setting" > for what features to use/not use? NO PLEASE! :-) - you wouldn't want to have SA scan a 500kb mail with an attached .doc file but you do want it checked for Viri.. or did I get your question upside down? Alex From Kit at simplysites.co.uk Fri Apr 18 10:55:33 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Fri Apr 18 10:57:26 2008 Subject: watermarking to bypass content scanning? Message-ID: Hi All I have just upgraded to the latest MS 4.68.8-1 hoping to use the Watermarking feature to bypass MS content scanning on reply emails sent out by users on our server. I have enabled Watermarking and its all there (I can see it in the headers). I have just read that watermarking is not used for checking reply emails but for multiple MailScanner to pass emails between themselves without rescanning everything. I was just wondering whether there is a way of writing a ruleset to sieve out emails with watermarks on to bypass MS content scanning? Kind Regards Kit Wong From martinh at solidstatelogic.com Fri Apr 18 11:23:32 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Apr 18 11:24:11 2008 Subject: watermarking to bypass content scanning? In-Reply-To: Message-ID: <2a3658652ad5e449bf6b3d43ab6c177e@solidstatelogic.com> Kit The heaviest bit of scanning is the spamassassin stuff. If you create a rule that says don't spam scan on internal emails going out you'll achieve the same thing, but still virus scan etc. In MailScanner.conf.. Spam Checks = %rules-dir%/spam.rules In spam.rules, something like.. From: 10.1.1.26 no FromOrTo: default yes Where 10.1.1.26 is the ip-address of the email server... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kit Wong > Sent: 18 April 2008 10:56 > To: mailscanner@lists.mailscanner.info > Subject: watermarking to bypass content scanning? > > Hi All > > I have just upgraded to the latest MS 4.68.8-1 hoping to use the > Watermarking feature to bypass MS content scanning on reply emails sent > out by users on our server. I have enabled Watermarking and its all > there (I can see it in the headers). > > I have just read that watermarking is not used for checking reply emails > but for multiple MailScanner to pass emails between themselves without > rescanning everything. > > I was just wondering whether there is a way of writing a ruleset to > sieve out emails with watermarks on to bypass MS content scanning? > > Kind Regards > > Kit Wong > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Fri Apr 18 11:25:52 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 18 11:26:26 2008 Subject: ClamAV 0.93 released In-Reply-To: <48086AB2.3040303@alexb.ch> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> <223f97700804180145j9aaec81kede3e7e32c44a212@mail.gmail.com> <48086AB2.3040303@alexb.ch> Message-ID: <223f97700804180325u75b4c512tb771afc23acb4806@mail.gmail.com> On 18/04/2008, Alex Broens wrote: > On 4/18/2008 10:45 AM, Glenn Steen wrote: > > > > And should this be synchronized wuith the SA scan limit? I don?t > > know... But having the ability to set things in one place > > (MailScanner.conf, presumably) would be nice. Perhaps a "meta setting" > > for what features to use/not use? > > > > NO PLEASE! :-) > - you wouldn't want to have SA scan a 500kb mail with an attached .doc file > but you do want it checked for Viri.. > or did I get your question upside down? > > Alex Right you are. Sorry for not engaging brain before typing...:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From telecaadmin at gmail.com Fri Apr 18 11:33:10 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Apr 18 11:33:51 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <48086A1A.4050306@farrows.org> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> Message-ID: <480878E6.1080604@gmail.com> > No offence taken, just wondered/interested if someone had given you a > reason not to use it, in which case I would be interested to hear what > it might have been... Just to add some 2 (euro) cents... sendmail's configuration "system" was a complete turn-off to me. postfix was a breeze to configure and also seems much more cleaner by design. Bad / non-fully transparent configuration options more often than not cause security problems - more than bad code. That coupled with sendmail's long history of security problems... Postfix also spots excellent documentation, both online and printed. If you're feeling generous just purchase "The Book Of Postfix". *ALL* maps can be whatever you like them to be. LDAP'ing my users (from an AD) was easy as never thought. Restricting access internal mail groups - easy! Reconfiguring is instant and no more m4 runs and macro stuff and whatnot. Almost all parameters you can ever imagine are changeable. Performance-wise e.g. it does away with many unnecessary DNS lookups etc. OK, I sound somewhat as an advocate, but postfix has made my life easy. I'm a better person now - less grumpy ;-) Cheers, Ronny From Kit at simplysites.co.uk Fri Apr 18 11:52:08 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Fri Apr 18 11:52:57 2008 Subject: watermarking to bypass content scanning? In-Reply-To: <2a3658652ad5e449bf6b3d43ab6c177e@solidstatelogic.com> References: <2a3658652ad5e449bf6b3d43ab6c177e@solidstatelogic.com> Message-ID: Hi Martin Thanks for that. I already have it setup to not scan any "server generate emails" and any whitelisted ip addresses. I have 90% of users use the server to relay emails. Their ip addresses are whitelisted, which by pass any scanning. Its just the emails that users receive that are scanned along with reply emails. EG. User from my server a@myserver.com sends to another server b@anotheruser.com then b@anotheruser.com 's reply should bypass mailscanner also. I just find it unnecessary especially of the original email have a watermark in. Kit -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth Sent: 18 April 2008 11:24 To: MailScanner discussion Subject: RE: watermarking to bypass content scanning? Kit The heaviest bit of scanning is the spamassassin stuff. If you create a rule that says don't spam scan on internal emails going out you'll achieve the same thing, but still virus scan etc. In MailScanner.conf.. Spam Checks = %rules-dir%/spam.rules In spam.rules, something like.. From: 10.1.1.26 no FromOrTo: default yes Where 10.1.1.26 is the ip-address of the email server... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kit Wong > Sent: 18 April 2008 10:56 > To: mailscanner@lists.mailscanner.info > Subject: watermarking to bypass content scanning? > > Hi All > > I have just upgraded to the latest MS 4.68.8-1 hoping to use the > Watermarking feature to bypass MS content scanning on reply emails sent > out by users on our server. I have enabled Watermarking and its all > there (I can see it in the headers). > > I have just read that watermarking is not used for checking reply emails > but for multiple MailScanner to pass emails between themselves without > rescanning everything. > > I was just wondering whether there is a way of writing a ruleset to > sieve out emails with watermarks on to bypass MS content scanning? > > Kind Regards > > Kit Wong > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Scanned by MailScanner. From bertrand.poulet at pasteur-lille.fr Fri Apr 18 12:12:16 2008 From: bertrand.poulet at pasteur-lille.fr (Bertrand Poulet) Date: Fri Apr 18 12:14:49 2008 Subject: commit ineffective with AutoCommit enabled... MailWatch.pm Message-ID: <48088210.3030809@pasteur-lille.fr> hi, having error message on starting MailScanner (4.68.8-1) with MailWatch: # /etc/init.d/MailScanner restart Shutting down MailScanner daemons: MailScanner: commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. i've read about same problem on mailing list : http://lists.mailscanner.info/pipermail/mailscanner/2007-August/077492.html (disabling autocommit) http://lists.mailscanner.info/pipermail/mailscanner/2008-April/083596.html (automatic syntax check = no ) and tried to disabled autocommit. [root@host1 ~]# mysql mailscanner -u user -p mysql> select @@autocommit ; @@autocommit -> 1 so i changed in /etc/my.cnf [mysqld] init_connect='SET autocommit=0' and then mysql> select @@autocommit ; @@autocommit -> 0 but still got the error message 'commit ineffective with AutoCommit enabled...' maybe, because of "the statements specified for the init_connect option are not executed for users that have the SUPER privilege" any idea to solve this issue ? maybe something like giving 'Autocommit' value when connecting to DB in MailWatch.pm and then leave 'automatic syntax check = yes' ? Regards, Gwo. ___________________________________________________________________________ Nouveau : t?l?phonez moins cher avec Yahoo! Messenger ! D?couvez les tarifs exceptionnels pour appeler la France et l'international. T?l?chargez sur http://fr.messenger.yahoo.com From simonmjones at gmail.com Fri Apr 18 12:20:55 2008 From: simonmjones at gmail.com (Simon Jones) Date: Fri Apr 18 12:21:32 2008 Subject: postmaster address Message-ID: <70572c510804180420r79e7a7f6kd364aa1d555af210@mail.gmail.com> Hi all, how do i change the postmaster address in MailScanner? currently it's releasing stuff as postmaster@localhost.domain.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/7fe0bc1a/attachment.html From peter at farrows.org Fri Apr 18 12:32:35 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Apr 18 12:33:22 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <480878E6.1080604@gmail.com> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> Message-ID: <480886D3.4050003@farrows.org> Ronny T. Lampert wrote: >> No offence taken, just wondered/interested if someone had given you a >> reason not to use it, in which case I would be interested to hear >> what it might have been... > > Just to add some 2 (euro) cents... > > sendmail's configuration "system" was a complete turn-off to me. > postfix was a breeze to configure and also seems much more cleaner by > design. > Bad / non-fully transparent configuration options more often than not > cause security problems - more than bad code. > That coupled with sendmail's long history of security problems... > > Postfix also spots excellent documentation, both online and printed. > If you're feeling generous just purchase "The Book Of Postfix". > > *ALL* maps can be whatever you like them to be. > LDAP'ing my users (from an AD) was easy as never thought. > Restricting access internal mail groups - easy! > > Reconfiguring is instant and no more m4 runs and macro stuff and > whatnot. Almost all parameters you can ever imagine are changeable. > > Performance-wise e.g. it does away with many unnecessary DNS lookups etc. > > OK, I sound somewhat as an advocate, but postfix has made my life easy. > I'm a better person now - less grumpy ;-) > > Cheers, > Ronny > Sendmail is a complete piece of cake to use and configure, took me about 2hours to get the hang of it and I never looked back... There is a very good reason its the number 1 MTA for 25 years... More importantly the amount of plugins, configuration tips and online help is massive compared to other mailers. If someone writes a piece of email code, it will nearly always come with instructions for Sendmail. That said its all down to choice, but to say that Sendmail is complicated and difficult to learn doesn't hold water in my book, but there again it depends on each individuals circumstances, if I had to use a different mailer the only other choice is Exim. Sendmail is like masochism you learn to love it the end....and I'm really happy :-) From peter at farrows.org Fri Apr 18 12:33:30 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Apr 18 12:33:39 2008 Subject: commit ineffective with AutoCommit enabled... MailWatch.pm In-Reply-To: <48088210.3030809@pasteur-lille.fr> References: <48088210.3030809@pasteur-lille.fr> Message-ID: <4808870A.8010605@farrows.org> Bertrand Poulet wrote: > hi, > > having error message on starting MailScanner (4.68.8-1) with MailWatch: > # /etc/init.d/MailScanner restart > Shutting down MailScanner daemons: > MailScanner: commit ineffective with AutoCommit enabled > at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 1. > > i've read about same problem on mailing list : > http://lists.mailscanner.info/pipermail/mailscanner/2007-August/077492.html > (disabling autocommit) > http://lists.mailscanner.info/pipermail/mailscanner/2008-April/083596.html > (automatic syntax check = no ) > > and tried to disabled autocommit. > [root@host1 ~]# mysql mailscanner -u user -p > mysql> select @@autocommit ; > @@autocommit -> 1 > > > so i changed in /etc/my.cnf > [mysqld] > init_connect='SET autocommit=0' > > and then > mysql> select @@autocommit ; > @@autocommit -> 0 > > > but still got the error message 'commit ineffective with AutoCommit > enabled...' > maybe, because of "the statements specified for the init_connect > option are not executed for users > that have the SUPER privilege" > > any idea to solve this issue ? > maybe something like giving 'Autocommit' value when connecting to DB > in MailWatch.pm and > then leave 'automatic syntax check = yes' ? > > Regards, > Gwo. > > > Its a just awarning, don't worry about it...unless of course you've got too much time on your hands ;-) From sbanderson at impromed.com Fri Apr 18 13:32:48 2008 From: sbanderson at impromed.com (Scott B. Anderson) Date: Fri Apr 18 13:34:11 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <48085936.4030600@ecs.soton.ac.uk> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> <480775F5.6000006@alexb.ch> <4B16C177313C70448BFF4C80789335B35E86C21E@ES1.impromed.com> <48079DF1.3090202@ecs.soton.ac.uk> <48085936.4030600@ecs.soton.ac.uk> Message-ID: <4B16C177313C70448BFF4C80789335B35E86C333@ES1.impromed.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Friday, April 18, 2008 3:18 AM > To: MailScanner discussion > Subject: Re: Esets AV nor recognized by MailScanner > > > > Julian Field wrote: > > > > > > Scott B. Anderson wrote: > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >>> bounces@lists.mailscanner.info] On Behalf Of Alex Broens > >>> Sent: Thursday, April 17, 2008 11:08 AM > >>> To: MailScanner discussion > >>> Subject: Re: Esets AV nor recognized by MailScanner > >>> > >>> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: > >>> > >>>>> Using latest MS release and Esets AV (ex Nod32) on a test box. > >>>>> > >>>>> "Virus Scanners = auto" doesn't recognize > >>>>> "# esets from www.eset.com" > >>>>> > >>>>> Setting "Virus Scanners = esets" doesn't work either > >>>>> > >>>>> Can anyone reproduce? > >>>>> > >>>>> Thanks > >>>>> > >>>>> Alex > >>>>> > >>>> Alex, is virus.scanners.conf correct for its path ? > >>>> > >>> Hi [ UxBoD ] > >>> > >>> After MS recognizes Eset, it doesn't catch an Eicar.zip, which > >>> clamavmodule does. > >>> > >>> In "esets_wrapper" you've chosen to use esets_scan which doesn't > speak > >>> to the daemon but has to load the signatures every time its called > and > >>> is extremely slow. > >>> > >>> Seems we're still missing something. What OS did you use to test > the > >>> wrapper & co? > >>> > >>> thanks > >>> > >>> Alex > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > >> This could probably be a new thread, but I had to manually change > >> virus.scanners.conf also, so I was wondering if that possibly could > >> be causing my issue using ESET. > >> > >> After updating my virus.scanners.conf to point to > >> /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and > >> finds the EICAR virus, but then this happens on a lot of mails: > >> > >> Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message", > >> name="./m3HH31Pw024758.header", virus="", action="", info="error - > >> unknown compression method ", lines=0 > >> > > Please can you send me the exact queue files of one of these problem > > messages. Attach them (zipped up) to a mail to > > mailscanner@ecs.soton.ac.uk and I'll try to reproduce your problem. > > What it extracts as the ./*.header file would be useful too if you > > can get one (that may be hard). > > > That log entry doesn't appear to actually cause any problems, but I > have > tweaked the code so you won't see it any more. > -- snip -- Thanks for taking the time to look at it. I forgot to mention (doh!) I'm running ESET 2.71.12 and I can't figure out what was going on either. I'll wait for the chatter on clamav .93 to calm down before doing my next upgrade, then test this again. Scott From andy at tireswing.net Fri Apr 18 13:33:27 2008 From: andy at tireswing.net (Andy Norris) Date: Fri Apr 18 13:34:13 2008 Subject: watermarking rules... Message-ID: <20080418123323.09804448064@tireswing3.arsalon.net> Hi, I apologize if someone has answered this question, but I need to know if there's a way to trigger "high spam score actions" with the "no watermark" test. I understand it bypasses SA, but I want the emails gone. Not marked. Just gone. There's no reason for our users to receive the tons of Joe-Job bounces and get all paranoid and make my days even longer. Thanks! Andy From martinh at solidstatelogic.com Fri Apr 18 13:38:33 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Apr 18 13:39:16 2008 Subject: postmaster address In-Reply-To: <70572c510804180420r79e7a7f6kd364aa1d555af210@mail.gmail.com> Message-ID: <2700f3a611425a48a76a1ad51ec764ae@solidstatelogic.com> Simon MailScanner doesn't, but MailWatch can ;-) See the conf.php and this line.. define(QUARANTINE_FROM_ADDR, 'postmaster'); -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Simon Jones > Sent: 18 April 2008 12:21 > To: MailScanner discussion > Subject: postmaster address > > Hi all, > > how do i change the postmaster address in MailScanner? currently it's > releasing stuff as postmaster@localhost.domain.com ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Fri Apr 18 13:41:03 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Apr 18 13:41:14 2008 Subject: watermarking to bypass content scanning? In-Reply-To: Message-ID: <2ebf86a97f1979408899205f9babe912@solidstatelogic.com> Kit I'd suggest reply to's should be scanned as well..there was a research paper from last year where they suggested harvesting the email's and replying to them in order to get around whitelist/blacklists etc. If you don't scan replies then you're open to all sorts of risks. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kit Wong > Sent: 18 April 2008 11:52 > To: MailScanner discussion > Subject: RE: watermarking to bypass content scanning? > > Hi Martin > > Thanks for that. I already have it setup to not scan any "server > generate emails" and any whitelisted ip addresses. > I have 90% of users use the server to relay emails. Their ip addresses > are whitelisted, which by pass any scanning. Its just the emails that > users receive that are scanned along with reply emails. > > EG. User from my server a@myserver.com sends to another server > b@anotheruser.com then b@anotheruser.com 's reply should bypass > mailscanner also. > > I just find it unnecessary especially of the original email have a > watermark in. > > Kit > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Martin.Hepworth > Sent: 18 April 2008 11:24 > To: MailScanner discussion > Subject: RE: watermarking to bypass content scanning? > > Kit > > The heaviest bit of scanning is the spamassassin stuff. > > If you create a rule that says don't spam scan on internal emails going > out you'll achieve the same thing, but still virus scan etc. > > In MailScanner.conf.. > > Spam Checks = %rules-dir%/spam.rules > > In spam.rules, something like.. > > From: 10.1.1.26 no > FromOrTo: default yes > > Where 10.1.1.26 is the ip-address of the email server... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Kit Wong > > Sent: 18 April 2008 10:56 > > To: mailscanner@lists.mailscanner.info > > Subject: watermarking to bypass content scanning? > > > > Hi All > > > > I have just upgraded to the latest MS 4.68.8-1 hoping to use the > > Watermarking feature to bypass MS content scanning on reply emails > sent > > out by users on our server. I have enabled Watermarking and its all > > there (I can see it in the headers). > > > > I have just read that watermarking is not used for checking reply > emails > > but for multiple MailScanner to pass emails between themselves without > > rescanning everything. > > > > I was just wondering whether there is a way of writing a ruleset to > > sieve out emails with watermarks on to bypass MS content scanning? > > > > Kind Regards > > > > Kit Wong > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > Scanned by MailScanner. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From vernon at comp-wiz.com Fri Apr 18 13:51:06 2008 From: vernon at comp-wiz.com (Vernon Webb) Date: Fri Apr 18 13:51:46 2008 Subject: SA-Learn Message-ID: <018301c8a152$de981c40$9bc854c0$@com> This may be a silly question to some, but I would really like to learn more about what sa-learn does. I have created a folder on my server that I move all my SPAM mail to. Mind you this is only SPAM that is NOT labeled as SPAM. Should I be moving all mail, even mail that is labeled as such as well? And exactly what does this do? I assume that it somehow trains MailScanner that this is SPAM, but how? Does it tell it that the mail addressed and IPs that this mails come from are sending bad mail? Is it only local to my server? Does it report these emails as SPAM to some RBL? Please pardon the intrusion if taken as such, I am only trying to better understand how MailScanner works. Thanks Vernon Webb (201) 703-1232 web designs & web hosting by comp-wiz.com, inc. Information in this transmission is privileged & confidential. It is intended for the use of the individual or entity named above. Any review, dissemination, disclosure, alteration, printing, circulation or transmission of this email or it's attachments is prohibited and unlawful. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/13898154/attachment.html From telecaadmin at gmail.com Fri Apr 18 13:58:06 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Fri Apr 18 13:58:43 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <480886D3.4050003@farrows.org> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> Message-ID: <48089ADE.5090708@gmail.com> Cheers Peter - let the sendmail for you and the postfix for me never cease ;-) oOOOOOo oOoOOO|_ |O ~| | |O | | |O |/ oOOo___/ From MailScanner at ecs.soton.ac.uk Fri Apr 18 13:58:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 13:59:06 2008 Subject: postmaster address In-Reply-To: <70572c510804180420r79e7a7f6kd364aa1d555af210@mail.gmail.com> References: <70572c510804180420r79e7a7f6kd364aa1d555af210@mail.gmail.com> Message-ID: <48089AEB.7020708@ecs.soton.ac.uk> It is set in MailScanner.conf in the "Local Postmaster" setting, you probably want to set that to be a full email address such as postmaster@qmail.com. Simon Jones wrote: > Hi all, > > how do i change the postmaster address in MailScanner? currently it's > releasing stuff as postmaster@localhost.domain.com > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 18 14:00:05 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 14:00:23 2008 Subject: commit ineffective with AutoCommit enabled... MailWatch.pm In-Reply-To: <4808870A.8010605@farrows.org> References: <48088210.3030809@pasteur-lille.fr> <4808870A.8010605@farrows.org> Message-ID: <48089B55.3010101@ecs.soton.ac.uk> Peter Farrow wrote: > Bertrand Poulet wrote: >> hi, >> >> having error message on starting MailScanner (4.68.8-1) with MailWatch: >> # /etc/init.d/MailScanner restart >> Shutting down MailScanner daemons: >> MailScanner: commit ineffective with AutoCommit enabled >> at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, >> line 1. >> >> i've read about same problem on mailing list : >> http://lists.mailscanner.info/pipermail/mailscanner/2007-August/077492.html >> (disabling autocommit) >> http://lists.mailscanner.info/pipermail/mailscanner/2008-April/083596.html >> (automatic syntax check = no ) >> >> and tried to disabled autocommit. >> [root@host1 ~]# mysql mailscanner -u user -p >> mysql> select @@autocommit ; >> @@autocommit -> 1 >> >> >> so i changed in /etc/my.cnf >> [mysqld] >> init_connect='SET autocommit=0' >> >> and then >> mysql> select @@autocommit ; >> @@autocommit -> 0 >> >> >> but still got the error message 'commit ineffective with AutoCommit >> enabled...' >> maybe, because of "the statements specified for the init_connect >> option are not executed for users >> that have the SUPER privilege" >> >> any idea to solve this issue ? >> maybe something like giving 'Autocommit' value when connecting to DB >> in MailWatch.pm and >> then leave 'automatic syntax check = yes' ? >> >> Regards, >> Gwo. >> >> >> > Its a just awarning, don't worry about it...unless of course you've > got too much time on your hands ;-) Any ideas of something I could do in MailScanner to stop MailWatch generating this error? If it's an easy thing to stop, I'm quite prepared to add it, as it would stop a significant number of support requests. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Fri Apr 18 14:00:40 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 18 14:01:24 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <480886D3.4050003@farrows.org> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> Message-ID: <48089B78.6070608@USherbrooke.ca> Peter Farrow a ?crit : > Ronny T. Lampert wrote: >>> No offence taken, just wondered/interested if someone had given you >>> a reason not to use it, in which case I would be interested to hear >>> what it might have been... >> >> Just to add some 2 (euro) cents... >> >> sendmail's configuration "system" was a complete turn-off to me. >> postfix was a breeze to configure and also seems much more cleaner by >> design. >> Bad / non-fully transparent configuration options more often than not >> cause security problems - more than bad code. >> That coupled with sendmail's long history of security problems... >> >> Postfix also spots excellent documentation, both online and printed. >> If you're feeling generous just purchase "The Book Of Postfix". >> >> *ALL* maps can be whatever you like them to be. >> LDAP'ing my users (from an AD) was easy as never thought. >> Restricting access internal mail groups - easy! >> >> Reconfiguring is instant and no more m4 runs and macro stuff and >> whatnot. Almost all parameters you can ever imagine are changeable. >> >> Performance-wise e.g. it does away with many unnecessary DNS lookups >> etc. >> >> OK, I sound somewhat as an advocate, but postfix has made my life easy. >> I'm a better person now - less grumpy ;-) >> >> Cheers, >> Ronny >> > Sendmail is a complete piece of cake to use and configure, took me > about 2hours to get the hang of it and I never looked back... > > There is a very good reason its the number 1 MTA for 25 years... More > importantly the amount of plugins, configuration tips and online help > is massive compared to other mailers. If someone writes a piece of > email code, it will nearly always come with instructions for Sendmail. > > That said its all down to choice, but to say that Sendmail is > complicated and difficult to learn doesn't hold water in my book, but > there again it depends on each individuals circumstances, if I had to > use a different mailer the only other choice is Exim. > Sendmail is like masochism you learn to love it the end....and I'm > really happy :-) > My 2 CDN cents (almost worth as much as 2 US cents these days!): I inherited our sendmail setup 5-6 years ago and almost every time I tried to modify something I had to spend lots of time reading the 900+ pages sendmail bat book or Googling around. Sendmail's website is a piece of crap where you almost never find what you are looking for. As for Google results, most of the time they don't apply to our setup or sendmail version. I tried to switch to Postfix but had to go back to sendmail because the LDAP schema we use for sendmail cannot be accessed in Postfix... This was really unfortunate because my limited Postfix experience convinced me that Postfix is way more easy to configure than sendmail's arcane MC or CF files. Nonetheless I think that sendmail is a secure MTA but it is really a PITA to configure! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Fri Apr 18 14:01:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 14:01:45 2008 Subject: Esets AV nor recognized by MailScanner In-Reply-To: <4B16C177313C70448BFF4C80789335B35E86C333@ES1.impromed.com> References: <11678023.241208432515738.JavaMail.root@office.splatnix.net> <480775F5.6000006@alexb.ch> <4B16C177313C70448BFF4C80789335B35E86C21E@ES1.impromed.com> <48079DF1.3090202@ecs.soton.ac.uk> <48085936.4030600@ecs.soton.ac.uk> <4B16C177313C70448BFF4C80789335B35E86C333@ES1.impromed.com> Message-ID: <48089BA7.9020401@ecs.soton.ac.uk> Scott B. Anderson wrote: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: Friday, April 18, 2008 3:18 AM >> To: MailScanner discussion >> Subject: Re: Esets AV nor recognized by MailScanner >> >> >> >> Julian Field wrote: >> >>> Scott B. Anderson wrote: >>> >>>>> -----Original Message----- >>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>> >> [mailto:mailscanner- >> >>>>> bounces@lists.mailscanner.info] On Behalf Of Alex Broens >>>>> Sent: Thursday, April 17, 2008 11:08 AM >>>>> To: MailScanner discussion >>>>> Subject: Re: Esets AV nor recognized by MailScanner >>>>> >>>>> On 4/17/2008 1:41 PM, --[ UxBoD ]-- wrote: >>>>> >>>>> >>>>>>> Using latest MS release and Esets AV (ex Nod32) on a test box. >>>>>>> >>>>>>> "Virus Scanners = auto" doesn't recognize >>>>>>> "# esets from www.eset.com" >>>>>>> >>>>>>> Setting "Virus Scanners = esets" doesn't work either >>>>>>> >>>>>>> Can anyone reproduce? >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> Alex >>>>>>> >>>>>>> >>>>>> Alex, is virus.scanners.conf correct for its path ? >>>>>> >>>>>> >>>>> Hi [ UxBoD ] >>>>> >>>>> After MS recognizes Eset, it doesn't catch an Eicar.zip, which >>>>> clamavmodule does. >>>>> >>>>> In "esets_wrapper" you've chosen to use esets_scan which doesn't >>>>> >> speak >> >>>>> to the daemon but has to load the signatures every time its called >>>>> >> and >> >>>>> is extremely slow. >>>>> >>>>> Seems we're still missing something. What OS did you use to test >>>>> >> the >> >>>>> wrapper & co? >>>>> >>>>> thanks >>>>> >>>>> Alex >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>> This could probably be a new thread, but I had to manually change >>>> virus.scanners.conf also, so I was wondering if that possibly could >>>> be causing my issue using ESET. >>>> >>>> After updating my virus.scanners.conf to point to >>>> /opt/eset/esets/sbin, MailScanner 4.68.8 appears to lint fine and >>>> finds the EICAR virus, but then this happens on a lot of mails: >>>> >>>> Apr 17 12:03:22 ns1 MailScanner[23066]: object="email message", >>>> name="./m3HH31Pw024758.header", virus="", action="", info="error - >>>> unknown compression method ", lines=0 >>>> >>>> >>> Please can you send me the exact queue files of one of these problem >>> messages. Attach them (zipped up) to a mail to >>> mailscanner@ecs.soton.ac.uk and I'll try to reproduce your problem. >>> What it extracts as the ./*.header file would be useful too if you >>> can get one (that may be hard). >>> >> That log entry doesn't appear to actually cause any problems, but I >> have >> tweaked the code so you won't see it any more. >> >> > -- snip -- > Thanks for taking the time to look at it. I forgot to mention (doh!) I'm running ESET 2.71.12 I'm running the same version. It appears to be an error caused by it recognising an email message from the presence of things that look like headers, but then being unable to read the body. It's a bug in their code. > and I can't figure out what was going on either. I'll wait for the chatter on clamav .93 to calm down before doing my next upgrade, then test this again. > > Scott > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 18 14:03:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 14:03:31 2008 Subject: watermarking rules... In-Reply-To: <20080418123323.09804448064@tireswing3.arsalon.net> References: <20080418123323.09804448064@tireswing3.arsalon.net> Message-ID: <48089C11.2050801@ecs.soton.ac.uk> But Joe-Job bounces should have no sender, shouldn't they? In which case the setting "Treat Invalid Watermarks With No Sender as Spam" is the one you want to set. Andy Norris wrote: > > Hi, > > I apologize if someone has answered this question, but I need to know > if there's a way to trigger "high spam score actions" with the "no > watermark" test. I understand it bypasses SA, but I want the emails > gone. Not marked. Just gone. There's no reason for our users to > receive the tons of Joe-Job bounces and get all paranoid and make my > days even longer. > > Thanks! > Andy > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejones70 at gmail.com Fri Apr 18 14:07:13 2008 From: davejones70 at gmail.com (Dave Jones) Date: Fri Apr 18 14:07:49 2008 Subject: Graphic inline Signature Message-ID: <67a55ed50804180607o67ec34bbyd4f806cce38c3302@mail.gmail.com> >> I don't understand why you think this is odd. The bottom most >> signature is the one >> in question since the html is getting appended to the email. The >> bottom of the email >> is normally the original email since email is top-post logic (unlike >> mailing lists). >> >*Content* is usually top-post these days, but *sigs* are usually >bottom-post. >> If you keep appending the same html to the bottom, it just stacks up >> the same thing >> over and over and you would end up with duplicate images and html text >> back to back >> which looks rather odd. So unless I am missing something, the current >> logic ends up >> being a bit odd after you reply back and forth a few times. >> >But it works the same way everyone else does. Most people accept that as >being a setup they prefer, or they would have asked the vendors to change. >The default is mail clients is to top-post new content, but to >bottom-post new sigs. I'm just doing the same thing as them. If you are referring to Yahoo or Hotmail type signatures at the bottom, then you are correct. However, I don't think that Yahoo, Hotmail, AOL or others would put a duplicate signature/advertisement at the bottom of an email. That would look pretty bad. What my company (global fortune 500) is asking for is a signature/logo appended once at the bottom of the original outbound email without duplicates. So far, no other major commercial email products that we have (Exchange/Proofpoint) can even do what MailScanner is doing today with the inline graphic. What I am getting today is a single attachment (thanks to your 4.69 update) but the html is getting duplicated. This ends up giving me a duplicate image tag so the first one displays properly then the second one is a broken link type of box. What would be your hourly rate in US dollars and how many hours do you think it would take to get an option to only send it out on the original email or detect the html at the end of the email and somehow prevent a duplicate back to back? If you want to take the details of this offline, then email me at davejones70 at gmail.com. I want to discuss you creating a PO to my company anyway for some compensation even before this feature request. >Jules -- Dave Jones From andy at tireswing.net Fri Apr 18 14:16:40 2008 From: andy at tireswing.net (Andy Norris) Date: Fri Apr 18 14:17:28 2008 Subject: watermarking rules... In-Reply-To: <20080418123323.09804448064@tireswing3.arsalon.net> References: <20080418123323.09804448064@tireswing3.arsalon.net> Message-ID: <20080418131635.7DF49448072@tireswing3.arsalon.net> Andy, Perhaps you should upgrade your conf file... To everyone else, My apologies. I just did some digging and am finding some settings my conf file did not have. Thanks for your patience, Andy At 07:33 AM 2008-04-18, you wrote: >Hi, > >I apologize if someone has answered this question, but I need to >know if there's a way to trigger "high spam score actions" with the >"no watermark" test. I understand it bypasses SA, but I want the >emails gone. Not marked. Just gone. There's no reason for our users >to receive the tons of Joe-Job bounces and get all paranoid and make >my days even longer. > >Thanks! >Andy > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From Hostmaster at computerservicecentre.com Fri Apr 18 14:28:25 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Fri Apr 18 14:29:00 2008 Subject: SA-Learn In-Reply-To: <018301c8a152$de981c40$9bc854c0$@com> References: <018301c8a152$de981c40$9bc854c0$@com> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A7A7650@commssrv01.computerservicecentre.com> >This may be a silly question to some Far be it from my remit to make the two classic remarks "STFW" or "RTFM", you may like to take a look at the "FM" : http://spamassassin.apache.org/full/3.2.x/doc/sa-learn.html I was going to summarize what it does, but I couldn't think of a clearer or more concise way than the manual already provides. PS - this wasn't intended as a "flame", merely some Friday-afternoon humor ;-) -- Regards, Richard All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/cd1f1e84/attachment.html From spamlists at coders.co.uk Fri Apr 18 14:40:23 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Fri Apr 18 14:41:24 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <48089ADE.5090708@gmail.com> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> <48089ADE.5090708@gmail.com> Message-ID: <4808A4C7.20102@coders.co.uk> Ronny T. Lampert wrote: > Cheers Peter - let the sendmail for you and the postfix for me never > cease ;-) > but doesn't sendmail cause swapping From gerard at seibercom.net Fri Apr 18 14:46:07 2008 From: gerard at seibercom.net (Gerard) Date: Fri Apr 18 14:46:55 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <480886D3.4050003@farrows.org> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> Message-ID: <20080418094607.7e0662b7@scorpio> On Fri, 18 Apr 2008 12:32:35 +0100 Peter Farrow wrote: > There is a very good reason its the number 1 MTA for 25 years... Yes, primarily because it preceded virtually every MTA now available. Many, although not all, operating systems come with Sendmail as the default MTA. That is slowly changing though. In any case, if it works for you that is all that is important. -- Gerard gerard@seibercom.net COMPASS [for the CDC-6000 series] is the sort of assembler one expects from a corporation whose president codes in octal. J. N. Gray -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/cc2c7e3a/signature.bin From gerard at seibercom.net Fri Apr 18 15:06:08 2008 From: gerard at seibercom.net (Gerard) Date: Fri Apr 18 15:07:04 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <48089B78.6070608@USherbrooke.ca> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> <48089B78.6070608@USherbrooke.ca> Message-ID: <20080418100608.4dbda3ec@scorpio> On Fri, 18 Apr 2008 09:00:40 -0400 Denis Beauchemin wrote: [snip] > I tried to switch to Postfix but had to go back to sendmail because > the LDAP schema we use for sendmail cannot be accessed in Postfix... Is that still true with the latest version of Postfix? I have limited experience with LDAP; however, I thought Postfix could handle it quite well. I assume you checked on the Postfix forum for assistance. I do agree with you though that Sendmail is not hardly worth the time and effort to configure. -- Gerard gerard@seibercom.net Catproof is an oxymoron, childproof nearly so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/ad411d85/signature.bin From simonmjones at gmail.com Fri Apr 18 15:09:46 2008 From: simonmjones at gmail.com (Simon Jones) Date: Fri Apr 18 15:10:22 2008 Subject: postmaster address In-Reply-To: <48089AEB.7020708@ecs.soton.ac.uk> References: <70572c510804180420r79e7a7f6kd364aa1d555af210@mail.gmail.com> <48089AEB.7020708@ecs.soton.ac.uk> Message-ID: <70572c510804180709j13d1fd4id8661a6bc7d95e2b@mail.gmail.com> On 18/04/2008, Julian Field wrote: > > It is set in MailScanner.conf in the "Local Postmaster" setting, you > probably want to set that to be a full email address such as > postmaster@qmail.com. > > Simon Jones wrote: > > > Hi all, > > how do i change the postmaster address in MailScanner? currently it's > > releasing stuff as postmaster@localhost.domain.com > postmaster@localhost.domain.com> > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. Genius, i knew it was in there somewhere! thanks guys. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/e9315a31/attachment-0001.html From steinkel at pa.net Fri Apr 18 15:17:23 2008 From: steinkel at pa.net (Leland J. Steinke) Date: Fri Apr 18 15:18:00 2008 Subject: watermarking rules... In-Reply-To: <48089C11.2050801@ecs.soton.ac.uk> References: <20080418123323.09804448064@tireswing3.arsalon.net> <48089C11.2050801@ecs.soton.ac.uk> Message-ID: <4808AD73.9000508@pa.net> Julian Field wrote: > But Joe-Job bounces should have no sender, shouldn't they? In which case > the setting "Treat Invalid Watermarks With No Sender as Spam" is the one > you want to set. Is there an option to set the X-blah-SpamScore: header to a specific number of "Spam Score Characters"? I looked at our 4.66.5 install and recent change logs, but saw nothing. Would it make sense to add this functionality? It would be equivalent to the "Minimum Stars If On Spam List" option. Leland From test at remedial-teacher.nl Fri Apr 18 15:46:22 2008 From: test at remedial-teacher.nl (Test) Date: Fri Apr 18 15:50:02 2008 Subject: commit ineffective with AutoCommit enabled... MailWatch.pm In-Reply-To: <48089B55.3010101@ecs.soton.ac.uk> References: <4808870A.8010605@farrows.org> <48089B55.3010101@ecs.soton.ac.uk> Message-ID: <20080418164455.3113.EE63E960@remedial-teacher.nl> I commented out the commit in MailWatch.pm... sub ExitLogging { # Server exit - commit changes, close socket, and exit gracefully. close(SERVER); #$dbh->commit; $dbh->disconnect; exit; no problems after that,... -- Test From peter at farrows.org Fri Apr 18 15:49:50 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Apr 18 15:50:38 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <4808A4C7.20102@coders.co.uk> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> <48089ADE.5090708@gmail.com> <4808A4C7.20102@coders.co.uk> Message-ID: <4808B50E.2040401@farrows.org> Matt Hampton wrote: > Ronny T. Lampert wrote: >> Cheers Peter - let the sendmail for you and the postfix for me never >> cease ;-) >> > but doesn't sendmail cause swapping > > > ...wait while my gun turret turns round.... From bertrand.poulet at pasteur-lille.fr Fri Apr 18 15:53:04 2008 From: bertrand.poulet at pasteur-lille.fr (Bertrand Poulet) Date: Fri Apr 18 15:54:49 2008 Subject: commit ineffective with AutoCommit enabled... MailWatch.pm Message-ID: <4808B5D0.3040305@pasteur-lille.fr> / />>/ />>/ having error message on starting MailScanner (4.68.8-1) with MailWatch: />>/ # /etc/init.d/MailScanner restart />>/ Shutting down MailScanner daemons: />>/ MailScanner: commit ineffective with AutoCommit enabled />>/ at />>/ /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, />>/ line 1. />>/ />>/ i've read about same problem on mailing list : />>/ http://lists.mailscanner.info/pipermail/mailscanner/2007-August/077492.html />>/ (disabling autocommit) />>/ http://lists.mailscanner.info/pipermail/mailscanner/2008-April/083596.html />>/ (automatic syntax check = no ) />>/ />>/ and tried to disabled autocommit. />>/ [root at host1 ~]# mysql mailscanner -u user -p />>/ mysql> select @@autocommit ; />>/ @@autocommit -> 1 />>/ />>/ />>/ so i changed in /etc/my.cnf />>/ [mysqld] />>/ init_connect='SET autocommit=0' />>/ />>/ and then />>/ mysql> select @@autocommit ; />>/ @@autocommit -> 0 />>/ />>/ />>/ but still got the error message 'commit ineffective with AutoCommit />>/ enabled...' />>/ maybe, because of "the statements specified for the init_connect />>/ option are not executed for users />>/ that have the SUPER privilege" />>/ />>/ any idea to solve this issue ? />>/ maybe something like giving 'Autocommit' value when connecting to DB />>/ in MailWatch.pm and />>/ then leave 'automatic syntax check = yes' ? />>/ />>/ Regards, />>/ Gwo. />>/ />>/ />>/ />/ Its a just awarning, don't worry about it...unless of course you've />/ got too much time on your hands ;-) /Any ideas of something I could do in MailScanner to stop MailWatch generating this error? If it's an easy thing to stop, I'm quite prepared to add it, as it would stop a significant number of support requests. More likely, in mailwatch, setting Autocommit value ? The |connect()| method can take a hash of options. Often-used options include: |AutoCommit|, which when true or false will automatically or not commit database transactions; || my $dbh = DBI->connect( 'dbi:mysql::', 'username','password', { AutoCommit => 0 } ) ; From Denis.Beauchemin at USherbrooke.ca Fri Apr 18 16:09:19 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Apr 18 16:10:24 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <20080418100608.4dbda3ec@scorpio> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> <48089B78.6070608@USherbrooke.ca> <20080418100608.4dbda3ec@scorpio> Message-ID: <4808B99F.3080104@USherbrooke.ca> Gerard a ?crit : > On Fri, 18 Apr 2008 09:00:40 -0400 > Denis Beauchemin wrote: > > [snip] > > >> I tried to switch to Postfix but had to go back to sendmail because >> the LDAP schema we use for sendmail cannot be accessed in Postfix... >> > > Is that still true with the latest version of Postfix? I have limited > experience with LDAP; however, I thought Postfix could handle it quite > well. I assume you checked on the Postfix forum for assistance. I do > agree with you though that Sendmail is not hardly worth the time and > effort to configure. > > Gerard, Yes we checked on the Postfix forum. Our problem has to do with rewriting rules... We would have to change our LDAP schema to be able to switch to Postfix and since we have approx. 50,000 people in our LDAP db, it would have been a big job to make LDAP compatible with Postfix while our production servers continue to use sendmail's schema to deliver mail... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Fri Apr 18 16:18:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 16:18:57 2008 Subject: Graphic inline Signature In-Reply-To: <67a55ed50804180607o67ec34bbyd4f806cce38c3302@mail.gmail.com> References: <67a55ed50804180607o67ec34bbyd4f806cce38c3302@mail.gmail.com> Message-ID: <4808BBB1.9080700@ecs.soton.ac.uk> Dave Jones wrote: >>> I don't understand why you think this is odd. The bottom most >>> signature is the one >>> in question since the html is getting appended to the email. The >>> bottom of the email >>> is normally the original email since email is top-post logic (unlike >>> mailing lists). >>> >>> >> *Content* is usually top-post these days, but *sigs* are usually >> bottom-post. >> >>> If you keep appending the same html to the bottom, it just stacks up >>> the same thing >>> over and over and you would end up with duplicate images and html text >>> back to back >>> which looks rather odd. So unless I am missing something, the current >>> logic ends up >>> being a bit odd after you reply back and forth a few times. >>> >>> >> But it works the same way everyone else does. Most people accept that as >> being a setup they prefer, or they would have asked the vendors to change. >> > > >> The default is mail clients is to top-post new content, but to >> bottom-post new sigs. I'm just doing the same thing as them. >> > If you are referring to Yahoo or Hotmail type signatures at the bottom, then you > are correct. However, I don't think that Yahoo, Hotmail, AOL or others would > put a duplicate signature/advertisement at the bottom of an email. That would > look pretty bad. > > What my company (global fortune 500) is asking for is a signature/logo appended > once at the bottom of the original outbound email without duplicates. > So far, no > other major commercial email products that we have (Exchange/Proofpoint) can > even do what MailScanner is doing today with the inline graphic. What > I am getting > today is a single attachment (thanks to your 4.69 update) but the html > is getting > duplicated. This ends up giving me a duplicate image tag so the first > one displays > properly then the second one is a broken link type of box. > That's not good. > What would be your hourly rate in US dollars and how many hours do you think it > would take to get an option to only send it out on the original email > or detect the html > at the end of the email and somehow prevent a duplicate back to back? > It would be pretty easy for me to do now, as I have already written the code that detects a tag in the HTML signature. (You could do it without the image by putting in a tag without a "src" attribute, so it couldn't actually display anything but would still put "alt" attribute in the outgoing message. It just means there is going to be yet another configuration option, to control whether you want to allow duplicate signatures at all. Probably an hour's work at the most. + 12,000 hours work to allow for the architecture that makes adding this only an hour's extra work :-) > If you want to > take the details of this offline, then email me at davejones70 at > gmail.com. I want > to discuss you creating a PO to my company anyway for some compensation > even before this feature request. > That sounds like a lovely idea to me! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/ad40b611/attachment.html From MailScanner at ecs.soton.ac.uk Fri Apr 18 16:19:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 16:19:49 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <20080418100608.4dbda3ec@scorpio> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> <48089B78.6070608@USherbrooke.ca> <20080418100608.4dbda3ec@scorpio> Message-ID: <4808BC05.7030604@ecs.soton.ac.uk> Gerard wrote: > On Fri, 18 Apr 2008 09:00:40 -0400 > Denis Beauchemin wrote: > > [snip] > > >> I tried to switch to Postfix but had to go back to sendmail because >> the LDAP schema we use for sendmail cannot be accessed in Postfix... >> > > Is that still true with the latest version of Postfix? I have limited > experience with LDAP; however, I thought Postfix could handle it quite > well. I assume you checked on the Postfix forum for assistance. Warning: if you do that, don't mention MailScanner at all. They will all scream, run away and won't let you play with their toys. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 18 17:39:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 18 17:40:27 2008 Subject: watermarking rules... In-Reply-To: <4808AD73.9000508@pa.net> References: <20080418123323.09804448064@tireswing3.arsalon.net> <48089C11.2050801@ecs.soton.ac.uk> <4808AD73.9000508@pa.net> Message-ID: <4808CECA.9050404@ecs.soton.ac.uk> Leland J. Steinke wrote: > Julian Field wrote: >> But Joe-Job bounces should have no sender, shouldn't they? In which >> case the setting "Treat Invalid Watermarks With No Sender as Spam" is >> the one you want to set. > > Is there an option to set the X-blah-SpamScore: header to a specific > number of "Spam Score Characters"? I looked at our 4.66.5 install and > recent change logs, but saw nothing. But the whole point is that header gives you the spam score in a form you can easily manage with mail filters such as sieve and whatever client you use. > > Would it make sense to add this functionality? It would be equivalent > to the "Minimum Stars If On Spam List" option. > > > Leland Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Fri Apr 18 18:15:07 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Apr 18 18:15:48 2008 Subject: spamassassin_update Message-ID: I installed Jule's sa/clamav all-in-one package which installed the spamassassin ruleset into /usr/share/spamassassin. After /etc/cron.daily/update_spamassassin ran, the rules were also found in /var/lib/spamassassin/3.002004. Maybe I'm just having a senior moment here, but I can't find anywhere that tells spamassassin which ruleset to use. How does it know? Do I need to keep the /usr/share/spamassassin rules around? (BTW, I added sare and KAM rulesets to the update routine and they worked a treat, landing in the /var/lib tree.) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From gerard at seibercom.net Fri Apr 18 18:42:23 2008 From: gerard at seibercom.net (Gerard) Date: Fri Apr 18 18:43:09 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <4808BC05.7030604@ecs.soton.ac.uk> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> <48089B78.6070608@USherbrooke.ca> <20080418100608.4dbda3ec@scorpio> <4808BC05.7030604@ecs.soton.ac.uk> Message-ID: <20080418134223.38611c45@scorpio> On Fri, 18 Apr 2008 16:19:33 +0100 Julian Field wrote: [snip] > Warning: if you do that, don't mention MailScanner at all. They will > all scream, run away and won't let you play with their toys. Actually, I thought it had progressed to the 'benign neglect' stage. -- Gerard gerard@seibercom.net It's pretty hard to tell what does bring happiness; poverty and wealth have both failed. Kim Hubbard -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/4ed4f966/signature.bin From glenn.steen at gmail.com Fri Apr 18 19:10:43 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 18 19:11:20 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <20080418134223.38611c45@scorpio> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> <48089B78.6070608@USherbrooke.ca> <20080418100608.4dbda3ec@scorpio> <4808BC05.7030604@ecs.soton.ac.uk> <20080418134223.38611c45@scorpio> Message-ID: <223f97700804181110l5148e242i884146c18150d11b@mail.gmail.com> On 18/04/2008, Gerard wrote: > On Fri, 18 Apr 2008 16:19:33 +0100 > Julian Field wrote: > > [snip] > > > > Warning: if you do that, don't mention MailScanner at all. They will > > all scream, run away and won't let you play with their toys. > > > Actually, I thought it had progressed to the 'benign neglect' stage. LOL! ... Come to think of it, I think you're right... or something like ... "something we actively forget is there..."... Perhaps what you mean with "benign neglect"? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roland at inbox4u.de Fri Apr 18 20:48:02 2008 From: roland at inbox4u.de (Ehle, Roland) Date: Fri Apr 18 20:49:53 2008 Subject: Handling attachments Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F980EE5BFEC9@ts-dc2.TS-Webarts.local> Hi all, if this question has already been asked, please forgive me. I am just wondering, if it could be possible to replace attachments with a certain size by a link and place the attachments in a certain directory. GMX (free mail provider in Germany) offers a Mediacenter, where they put automatically large attachments, to allow to download them later. Thanks. Regards, Roland -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080418/7a8d3a07/attachment.html From mkettler at evi-inc.com Fri Apr 18 21:37:02 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 18 21:37:57 2008 Subject: SA-Learn In-Reply-To: <018301c8a152$de981c40$9bc854c0$@com> References: <018301c8a152$de981c40$9bc854c0$@com> Message-ID: <4809066E.7030500@evi-inc.com> Vernon Webb wrote: > This may be a silly question to some, but I would really like to learn > more about what sa-learn does. I have created a folder on my server that > I move all my SPAM mail to. Mind you this is only SPAM that is NOT > labeled as SPAM. Should I be moving all mail, even mail that is labeled > as such as well? And exactly what does this do? I assume that it somehow > trains MailScanner that this is SPAM, but how? Does it tell it that the > mail addressed and IPs that this mails come from are sending bad mail? > Is it only local to my server? Does it report these emails as SPAM to > some RBL? Please pardon the intrusion if taken as such, I am only trying > to better understand how MailScanner works. Sa-learn trains the bayes database used by SpamAssassin. It doesn't report to RBLs, Razor, or anything else. That's what spamassassin -r is for. As for feeding, I would strongly suggest not make any considerations other than "is this spam or not" when choosing whether to feed a message to sa-learn --spam. If you're only feeding false negatives, you're introducing a bias into your bayes database. That will eventually cause you to miss some of the spam you were detecting. I'd also suggest feeding some nonspam emails to sa-learn with the --ham parameter, instead of the --spam parameter. In general, it's best to give sa-learn a realistic, well balanced diet from your email stream. Obviously it would be difficult to hand classify and train every message you receive, but that would be the theoretical ideal. Head in that direction as far as you can without causing yourself undue stress or hassle. From mkettler at evi-inc.com Fri Apr 18 21:44:58 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Apr 18 21:45:38 2008 Subject: Opinion on X-AntiAbuse: headers? In-Reply-To: <480672D0.5050600@ecs.soton.ac.uk> References: <48066BF5.6000801@vanderkooij.org> <480672D0.5050600@ecs.soton.ac.uk> Message-ID: <4809084A.7030301@evi-inc.com> Julian Field wrote: > > > Hugo van der Kooij wrote: >> * PGP Signed by an unverified key: 04/16/08 at 22:13:23 >> >> Hi, >> >> This might be pushing the boundry of being on or off-topic. > Since when did that stop anyone? :-) >> >> But does anyone know when valid email actually contain X-AntiAbuse: >> headers? > When a non-spammer puts them in by mistake? They certainly aren't worth > the 0's and 1's they are written in. >> So far (2 years now) I have only seen them in spam and never in legit >> traffic. I think over 90% of the times it is a poorly managed website >> with some broken email script. > They may actually be a good indication of spam. Ask the SA folks what > they think. I get these from several of my associates in small companies who use hosted services for web/email. Also, a search of posts to this very lists reveals several posters who have them. Most recently, posts by "Johnny Stork" and "Edward Prendergast" have X-AntiAbuse headers in them. In general, hosted services are ripe with spammers. This is why most hosted services add the headers for their own uses, but that doesn't mean there aren't any legitimate companies using hosted services.. From martinh at solidstatelogic.com Sat Apr 19 10:11:00 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Sat Apr 19 10:11:35 2008 Subject: Handling attachments Message-ID: Hi=20 There's a facility to automatically zip attachments above a certain size, b= ut no inbuilt facility to strip out attatchment afaik. You could look at the compress facility and see how that works for you. We'= ve found it very useful. -- Martin Hepworth Senior Systems Administrator Solid State Logic +44 (0)1865 842300 -----Original Message----- From: Ehle, Roland Sent: 18 April 2008 21:03 To: MailScanner discussion Subject: Handling attachments Hi all, if this question has already been asked, please forgive me. I am just wondering, if it could be possible to replace attachments with a certain size by a link and place the attachments in a certain directory. GMX (free mail provider in Germany) offers a Mediacenter, where they put automatically large attachments, to allow to download them later. Thanks. Regards, Roland ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From igalvarez at gmail.com Sat Apr 19 18:45:07 2008 From: igalvarez at gmail.com (Israel Garcia) Date: Sat Apr 19 18:45:43 2008 Subject: error installing mailscanner Message-ID: <194a2c240804191045r2cf0f15bo226c89723e6f635a@mail.gmail.com> Hi everybody.. I'm installing mailscanner on a CentOS server...BUT I'm getting this error when run ./install from mailscanner TGZ: If this fails due to dependency checks, and you wish to ignore these problems, you can run ./install.sh nodeps Setting Perl5 search path Undefined subroutine &Config::myconfig called. I think your system will build architecture-dependent modules for i386 Rebuilding all the Perl RPMs for your version of Perl Oh good, module File::Spec version 0.82 is already installed. Attempting to build and install perl-ExtUtils-MakeMaker-6.32-1 Installing perl-ExtUtils-MakeMaker-6.32-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.2919 + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + rm -rf ExtUtils-MakeMaker-6.32 + /bin/gzip -dc /usr/src/redhat/SOURCES/ExtUtils-MakeMaker-6.32.tar.gz + tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd ExtUtils-MakeMaker-6.32 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.2919 + umask 022 + cd /usr/src/redhat/BUILD + cd ExtUtils-MakeMaker-6.32 + CFLAGS='-O2 -g -march=i386 -mcpu=i686' + perl Makefile.PL PREFIX=/var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root/usr Use of uninitialized value in split at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 80. Global symbol "%Config" requires explicit package name at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/lib.pm line 10. Global symbol "%Config" requires explicit package name at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/lib.pm line 11. Global symbol "%Config" requires explicit package name at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/lib.pm line 12. Compilation failed in require at Makefile.PL line 12. BEGIN failed--compilation aborted at Makefile.PL line 12. error: Bad exit status from /var/tmp/rpm-tmp.2919 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.2919 (%build) ....... Can you help me? regards Israel From MailScanner at ecs.soton.ac.uk Sat Apr 19 19:24:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 19 19:25:11 2008 Subject: spamassassin_update In-Reply-To: References: Message-ID: <480A38D7.9030507@ecs.soton.ac.uk> Kevin Miller wrote: > I installed Jule's sa/clamav all-in-one package which installed the > spamassassin ruleset into /usr/share/spamassassin. After > /etc/cron.daily/update_spamassassin ran, the rules were also found in > /var/lib/spamassassin/3.002004. Maybe I'm just having a senior moment > here, but I can't find anywhere that tells spamassassin which ruleset to > use. How does it know? > It knows where to look, it's hardwired in the code. It will look in /var/lib/spamassassin/ before it looks in /etc/mail/spamassassin or /usr/share/spamassassin. > Do I need to keep the /usr/share/spamassassin rules around? > Theoretically not, but I wouldn't advise deleting them. > (BTW, I added sare and KAM rulesets to the update routine and they > worked a treat, landing in the /var/lib tree.) > Good, glad they helped. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 19 19:30:53 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 19 19:31:10 2008 Subject: Handling attachments In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F980EE5BFEC9@ts-dc2.TS-Webarts.local> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F980EE5BFEC9@ts-dc2.TS-Webarts.local> Message-ID: <480A3A5D.2070203@ecs.soton.ac.uk> Ehle, Roland wrote: > I am just wondering, if it could be possible to replace attachments > with a certain size by a link and place the attachments in a certain > directory. GMX (free mail provider in Germany) offers a Mediacenter, > where they put automatically large attachments, to allow to download > them later. It can't currently do this. If you use IMAP instead of POP then the imap client can do this automatically, so there is no need to do it. It could be added, but no-one has ever asked for it before, so I haven't provided it. Are there many other people wanting this which would make it worth the while? It could be implemented as a side-effect of a Custom Function, which would avoid you needing to modify the main code. But it would be a fair bit of work to do. I could write it for you, but it will cost you, my time doesn't come cheap. It all depends how much you want it :-) Storing all the attachments in a directory (which would depend on the recipient's email address) can already be done with the extensions to the "store" spam action I have added recently. The only extra work you would need to do would be to replace the attachments in the file with HTML files containing links pointing to the directories. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Apr 19 19:48:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 19 19:48:54 2008 Subject: error installing mailscanner In-Reply-To: <194a2c240804191045r2cf0f15bo226c89723e6f635a@mail.gmail.com> References: <194a2c240804191045r2cf0f15bo226c89723e6f635a@mail.gmail.com> Message-ID: <480A3E62.2040608@ecs.soton.ac.uk> The only non-shell commands run that could generate the 'Undefined subroutine' errors are these: perl -V and rpm -q So to get this, your Perl installation is *seriously* screwed. You shouldn't need the "nodeps" for starters, you should never need that in any consistent system. I would try to re-install your copy of Perl, something went badly wrong when you installed it. Israel Garcia wrote: > Hi everybody.. I'm installing mailscanner on a CentOS server...BUT I'm > getting this error when run ./install from mailscanner TGZ: > > If this fails due to dependency checks, and you wish to ignore > these problems, you can run > ./install.sh nodeps > > Setting Perl5 search path > > Undefined subroutine &Config::myconfig called. > I think your system will build architecture-dependent modules for i386 > > Rebuilding all the Perl RPMs for your version of Perl > > Oh good, module File::Spec version 0.82 is already installed. > > Attempting to build and install perl-ExtUtils-MakeMaker-6.32-1 > Installing perl-ExtUtils-MakeMaker-6.32-1.src.rpm > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.2919 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd /usr/src/redhat/BUILD > + rm -rf ExtUtils-MakeMaker-6.32 > + /bin/gzip -dc /usr/src/redhat/SOURCES/ExtUtils-MakeMaker-6.32.tar.gz > + tar -xf - > + STATUS=0 > + '[' 0 -ne 0 ']' > + cd ExtUtils-MakeMaker-6.32 > ++ /usr/bin/id -u > + '[' 0 = 0 ']' > + /bin/chown -Rhf root . > ++ /usr/bin/id -u > + '[' 0 = 0 ']' > + /bin/chgrp -Rhf root . > + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > + exit 0 > Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.2919 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd ExtUtils-MakeMaker-6.32 > + CFLAGS='-O2 -g -march=i386 -mcpu=i686' > + perl Makefile.PL PREFIX=/var/tmp/perl-ExtUtils-MakeMaker-6.32-1-root/usr > Use of uninitialized value in split at > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 80. > Global symbol "%Config" requires explicit package name at > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/lib.pm line 10. > Global symbol "%Config" requires explicit package name at > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/lib.pm line 11. > Global symbol "%Config" requires explicit package name at > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/lib.pm line 12. > Compilation failed in require at Makefile.PL line 12. > BEGIN failed--compilation aborted at Makefile.PL line 12. > error: Bad exit status from /var/tmp/rpm-tmp.2919 (%build) > > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.2919 (%build) > > ....... > > Can you help me? > > regards > Israel > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at perm.it Sat Apr 19 22:27:04 2008 From: mailscanner at perm.it (adam) Date: Sat Apr 19 22:27:53 2008 Subject: Installation Message-ID: <480A63A8.9080108@perm.it> Hi, I'm looking for someone to install and configure MailScanner on a new CentOS server with recommended features/plugins, and MailWatch. Please contact me offlist with details and prices, or recommendations. Thanks, adam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080419/6854d0cf/attachment.html From paul.hutchings at mira.co.uk Sun Apr 20 21:23:30 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sun Apr 20 21:24:23 2008 Subject: problems with dkim-milter and mailscanner/postfix Message-ID: I'm trying to get our smtp relay to sign outgoing email with dkim-milter. I've followed http://www.howtoforge.net/postfix-dkim-with-dkim-milter-centos5.1 and things are loosely working, however: Incoming messages appear to be getting stuck in the hold queue (nothing obvious other than the queueid! when you run mailq). When this happens it also appears that the MailScanner processes go a bit ape and top shows them using all CPU. I'm also seeing some errors on inbound mail from gmail (me testing by emailing myself) along the lines of: Apr 20 20:58:10 relay dkim-filter[1481]: ED0091FDA4 SSL error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short Apr 20 20:59:01 relay dkim-filter[1481]: 7AB011FDD2 SSL error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short Apr 20 21:08:23 relay dkim-filter[1481]: 545E01FD9F SSL error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short Apr 20 21:13:02 relay dkim-filter[1481]: D5A631FD9F SSL error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short; error:04077068:rsa routines:RSA_verify:bad signature Apr 20 21:13:02 relay dkim-filter[1481]: D5A631FD9F: bad signature data Whilst this would appear to be a dkim-filter error I wasn't sure if it might be relevant to the other problem? It seems that if I remove the lines from main.cf that invoke the dkim milter everything is perfectly fine as before. I'm a little lost as to what and where to start and would appreciate any pointers. Suffice to say I have no real preference what I use I'd just like our smtp relay to be able to use DKIM signatures on outbound email from our primary domain name. TIA, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From MailScanner at ecs.soton.ac.uk Sun Apr 20 22:37:40 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 20 22:38:32 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: References: Message-ID: <480BB7A4.2060602@ecs.soton.ac.uk> Just be sure that your MailScanner.conf file says: Debug = no Debug SpamAssassin = no (the 2nd one is particularly important!) That's the first thing that comes to mind. Paul Hutchings wrote: > I'm trying to get our smtp relay to sign outgoing email with > dkim-milter. > > I've followed > http://www.howtoforge.net/postfix-dkim-with-dkim-milter-centos5.1 and > things are loosely working, however: > > Incoming messages appear to be getting stuck in the hold queue (nothing > obvious other than the queueid! when you run mailq). When this happens > it also appears that the MailScanner processes go a bit ape and top > shows them using all CPU. > > I'm also seeing some errors on inbound mail from gmail (me testing by > emailing myself) along the lines of: > > Apr 20 20:58:10 relay dkim-filter[1481]: ED0091FDA4 SSL > error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too > short > Apr 20 20:59:01 relay dkim-filter[1481]: 7AB011FDD2 SSL > error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too > short > Apr 20 21:08:23 relay dkim-filter[1481]: 545E01FD9F SSL > error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too > short > Apr 20 21:13:02 relay dkim-filter[1481]: D5A631FD9F SSL > error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too > short; error:04077068:rsa routines:RSA_verify:bad signature > Apr 20 21:13:02 relay dkim-filter[1481]: D5A631FD9F: bad signature data > > Whilst this would appear to be a dkim-filter error I wasn't sure if it > might be relevant to the other problem? > > It seems that if I remove the lines from main.cf that invoke the dkim > milter everything is perfectly fine as before. > > I'm a little lost as to what and where to start and would appreciate any > pointers. Suffice to say I have no real preference what I use I'd just > like our smtp relay to be able to use DKIM signatures on outbound email > from our primary domain name. > > TIA, > Paul > > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 44 (0)24 7635 5378 > Fax: 44 (0)24 7635 8378 > mailto:paul.hutchings@mira.co.uk > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Sun Apr 20 23:08:24 2008 From: ka at pacific.net (Ken Anderson) Date: Sun Apr 20 23:09:07 2008 Subject: Handling attachments In-Reply-To: <480A3A5D.2070203@ecs.soton.ac.uk> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F980EE5BFEC9@ts-dc2.TS-Webarts.local> <480A3A5D.2070203@ecs.soton.ac.uk> Message-ID: <480BBED8.5090903@pacific.net> Julian Field wrote: > Ehle, Roland wrote: >> I am just wondering, if it could be possible to replace attachments >> with a certain size by a link and place the attachments in a certain >> directory. GMX (free mail provider in Germany) offers a Mediacenter, >> where they put automatically large attachments, to allow to download >> them later. > It can't currently do this. If you use IMAP instead of POP then the imap > client can do this automatically, so there is no need to do it. It could > be added, but no-one has ever asked for it before, so I haven't provided > it. Are there many other people wanting this which would make it worth > the while? > I doubt it. If the goal is to reduce the size of the 'email' download, why not use a webmail client? Ken > It could be implemented as a side-effect of a Custom Function, which > would avoid you needing to modify the main code. But it would be a fair > bit of work to do. I could write it for you, but it will cost you, my > time doesn't come cheap. It all depends how much you want it :-) > > Storing all the attachments in a directory (which would depend on the > recipient's email address) can already be done with the extensions to > the "store" spam action I have added recently. The only extra work you > would need to do would be to replace the attachments in the file with > HTML files containing links pointing to the directories. > > Jules > From hvdkooij at vanderkooij.org Sun Apr 20 23:43:36 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Apr 20 23:44:23 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: References: Message-ID: <480BC718.3000206@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Hutchings wrote: | I'm trying to get our smtp relay to sign outgoing email with | dkim-milter. | | I've followed | http://www.howtoforge.net/postfix-dkim-with-dkim-milter-centos5.1 and | things are loosely working, however: | | Incoming messages appear to be getting stuck in the hold queue (nothing | obvious other than the queueid! when you run mailq). When this happens | it also appears that the MailScanner processes go a bit ape and top | shows them using all CPU. Hmm. Standard postfix with Centos 5 will not understand milters. So how did you install postfix? Where did you deviate from that description? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIC8cWBvzDRVjxmYERApfHAJ4w1ps1o9i4AAnO2nC5jLqz62x8lACgj0cg cH49bo3r3ktBMGfA3MESmt0= =uFyH -----END PGP SIGNATURE----- From nwp at nz.lemon-computing.com Mon Apr 21 00:00:11 2008 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Mon Apr 21 00:00:53 2008 Subject: OT: Is sendmail safe for SMTP? In-Reply-To: <4808B50E.2040401@farrows.org> References: <3BF93070B3D1B047BA7ABF612958950D02CF612F@hcex.hartwellcorp.com> <48086A1A.4050306@farrows.org> <480878E6.1080604@gmail.com> <480886D3.4050003@farrows.org> <48089ADE.5090708@gmail.com> <4808A4C7.20102@coders.co.uk> <4808B50E.2040401@farrows.org> Message-ID: <88CCF79F-221A-49DA-BD8B-4A81F90B0C7D@nz.lemon-computing.com> On 19/04/2008, at 2:49 AM, Peter Farrow wrote: > Matt Hampton wrote: >> Ronny T. Lampert wrote: >>> Cheers Peter - let the sendmail for you and the postfix for me >>> never cease ;-) >>> >> but doesn't sendmail cause swapping >> >> >> > ...wait while my gun turret turns round.... Surely you mean "wait while I write a heap of m4 macros to appropriately reconfigure my gun turret"... ;-) Cheers, Nick From hugo.dube at servlinks.net Mon Apr 21 01:58:33 2008 From: hugo.dube at servlinks.net (=?iso-8859-1?Q?Hugo_Dub=E9?=) Date: Mon Apr 21 01:59:18 2008 Subject: Mailscanner no work at Fedora 8 Message-ID: <0JZN00BMPHDHYJ90@VL-MO-MR005.ip.videotron.ca> Hello, I installed the new version 4.68.8-1 at Fedora 8. I try this setup on tree server and MailScanner not working correctly. I have my email correctly but my system don?t scan Spam and virus. In my maillong on my linux, I have a log to sendmail but noting of MailScanner other start and stop services. I have other servers on Fedora 7 or 6 and MailScanner work correctly. Do you help me? _________________________________________ Hugo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080420/5f3db143/attachment.html From p.katzmann at thiesen.com Mon Apr 21 07:57:50 2008 From: p.katzmann at thiesen.com (Peter Katzmann) Date: Mon Apr 21 07:58:52 2008 Subject: Is there a spam check for x-enevelope-to != rcpt-to field Message-ID: <480C3AEE.7010409@thiesen.com> Hello, plenty of spam has always a discrepancy between the x-enevelope-to field and the rcpt-to field. Sometimes its like a small typo for example joe.smith!= joesmith sometimes its totally different like johnford!=joesmith. So i looked for a long time if there is some filter but didn't find one. Propably someone on the list here has a hint for me ? Thanks for any pointer peter _______________________________________________________ Registergericht / Court of jurisdiction: Amtsgericht Gie?en HRB 5708 Gesch?ftsf?hrer / Managing Director: Edith Thiesen, J?rgen Thiesen USt.-Id: DE 175 623 789 Ust.-Nr: 018 246 00743 FA Fulda Hauptsitz / Headquarters: Thiesen Hardware & Software Design GmbH / Im Tiegel 9 / 36367 Wartenberg / Germany From edward at tdcs.com.au Mon Apr 21 08:00:22 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Mon Apr 21 08:01:28 2008 Subject: Mailscanner no work at Fedora 8 In-Reply-To: <0JZN00BMPHDHYJ90@VL-MO-MR005.ip.videotron.ca> References: <0JZN00BMPHDHYJ90@VL-MO-MR005.ip.videotron.ca> Message-ID: Hello, I installed the new version 4.68.8-1 at Fedora 8. I try this setup on tree server and MailScanner not working correctly. I have my email correctly but my system don't scan Spam and virus. In my maillong on my linux, I have a log to sendmail but noting of MailScanner other start and stop services. I have other servers on Fedora 7 or 6 and MailScanner work correctly. Do you help me? Anything useful in the logs? Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080421/28ddd403/attachment.html From MailScanner at ecs.soton.ac.uk Mon Apr 21 09:01:56 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 21 09:02:52 2008 Subject: Is there a spam check for x-enevelope-to != rcpt-to field In-Reply-To: <480C3AEE.7010409@thiesen.com> References: <480C3AEE.7010409@thiesen.com> Message-ID: <480C49F4.5090302@ecs.soton.ac.uk> I assume you mean the X-Envelope-To header and the To header. There is no requirement for these to be the same, as any mailing list posting will show you. You cannot use the difference to detect spam, as you would fire a false alarm on every mailing list posting. Peter Katzmann wrote: > Hello, > plenty of spam has always a discrepancy between the x-enevelope-to > field and the rcpt-to field. > Sometimes its like a small typo for example joe.smith!= joesmith > sometimes its totally different like johnford!=joesmith. > > So i looked for a long time if there is some filter but didn't find one. > Propably someone on the list here has a hint for me ? > > Thanks for any pointer > > peter > > > _______________________________________________________ > Registergericht / Court of jurisdiction: Amtsgericht Gie?en HRB 5708 > Gesch?ftsf?hrer / Managing Director: Edith Thiesen, J?rgen Thiesen > USt.-Id: DE 175 623 789 > Ust.-Nr: 018 246 00743 FA Fulda > > Hauptsitz / Headquarters: > Thiesen Hardware & Software Design GmbH / Im Tiegel 9 / 36367 > Wartenberg / Germany > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hugo.dube at servlinks.net Mon Apr 21 13:15:16 2008 From: hugo.dube at servlinks.net (=?iso-8859-1?Q?Hugo_Dub=E9?=) Date: Mon Apr 21 13:16:05 2008 Subject: Mailscanner no work at Fedora 8 In-Reply-To: Message-ID: <0JZO00DPJCPQQQ70@VL-MO-MR003.ip.videotron.ca> Hello, I installed the new version 4.68.8-1 at Fedora 8. I try this setup on tree server and MailScanner not working correctly. I have my email correctly but my system don?t scan Spam and virus. In my maillong on my linux, I have a log to sendmail but noting of MailScanner other start and stop services. I have other servers on Fedora 7 or 6 and MailScanner work correctly. Do you help me? Anything useful in the logs? Ed. No, I have sendmail log but anything of MailScanner. I have de the log MailScanner want start or stop the service but anything other log -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080421/d95d6164/attachment.html From glenn.steen at gmail.com Mon Apr 21 13:25:49 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 21 13:26:24 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: <480BC718.3000206@vanderkooij.org> References: <480BC718.3000206@vanderkooij.org> Message-ID: <223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com> On 21/04/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Paul Hutchings wrote: > | I'm trying to get our smtp relay to sign outgoing email with > | dkim-milter. > | > | I've followed > | > http://www.howtoforge.net/postfix-dkim-with-dkim-milter-centos5.1 > and > | things are loosely working, however: > | > | Incoming messages appear to be getting stuck in the hold queue (nothing > | obvious other than the queueid! when you run mailq). When this happens > | it also appears that the MailScanner processes go a bit ape and top > | shows them using all CPU. > > > Hmm. Standard postfix with Centos 5 will not understand milters. So how > did you install postfix? > > Where did you deviate from that description? > > Hugo. Another relevant question is ... what version of MS is in use here?If too old, there's only falkey PF milter support, or even none at all... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kyrian-list at ore.org Mon Apr 21 14:51:48 2008 From: kyrian-list at ore.org (kyrian (List)) Date: Mon Apr 21 14:59:07 2008 Subject: 'Debug SpamAssassin'? RE: Mailscanner no work at Fedora 8 In-Reply-To: <200804211102.m3LB2A0K029212@safir.blacknight.ie> References: <200804211102.m3LB2A0K029212@safir.blacknight.ie> Message-ID: <480C9BF4.5090400@ore.org> > I installed the new version 4.68.8-1 at Fedora 8. I try this setup on tree > server and MailScanner not working correctly. > If nothing else, make sure you have 'Debug SpamAssassin' disabled, regardless of whether you have 'Debug' enabled. I hit this bug on FC8 at the weekend and Julian's already put a fix for it in the next version... You'll probably find that upgrade_MailScanner_conf has set it to 'yes' overriding your previous setting and this has triggered it. Or maybe you have a different bug, or maybe not... K. From steinkel at pa.net Mon Apr 21 14:58:53 2008 From: steinkel at pa.net (Leland J. Steinke) Date: Mon Apr 21 14:59:32 2008 Subject: watermarking rules... In-Reply-To: <4808CECA.9050404@ecs.soton.ac.uk> References: <20080418123323.09804448064@tireswing3.arsalon.net> <48089C11.2050801@ecs.soton.ac.uk> <4808AD73.9000508@pa.net> <4808CECA.9050404@ecs.soton.ac.uk> Message-ID: <480C9D9D.8010201@pa.net> Julian Field wrote: > > > Leland J. Steinke wrote: >> Julian Field wrote: >>> But Joe-Job bounces should have no sender, shouldn't they? In which >>> case the setting "Treat Invalid Watermarks With No Sender as Spam" is >>> the one you want to set. >> >> Is there an option to set the X-blah-SpamScore: header to a specific >> number of "Spam Score Characters"? I looked at our 4.66.5 install and >> recent change logs, but saw nothing. > But the whole point is that header gives you the spam score in a form > you can easily manage with mail filters such as sieve and whatever > client you use. Yes. I just realized that my original question was not as complete as I thought. If the "Treat Invalid Watermarks With No Sender as Spam" and "Check Watermarks To Skip Spam Checks" settings are yes, is there an option to set the X-SpamScore to a specific minimum value, similar to the function of the "Minimum Stars If On Spam List"? As of now, the only header that is added is "X-blah-SpamCheck: spam(no watermark or sender address)", which is not as easily parsable by procmail, maildrop, or sieve as a string of "s" characters. We are running version 4.66.5. Leland From MailScanner at ecs.soton.ac.uk Mon Apr 21 15:45:56 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 21 15:46:44 2008 Subject: watermarking rules... In-Reply-To: <480C9D9D.8010201@pa.net> References: <20080418123323.09804448064@tireswing3.arsalon.net> <48089C11.2050801@ecs.soton.ac.uk> <4808AD73.9000508@pa.net> <4808CECA.9050404@ecs.soton.ac.uk> <480C9D9D.8010201@pa.net> Message-ID: <480CA8A4.2080807@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Leland J. Steinke wrote: > Julian Field wrote: >> >> >> Leland J. Steinke wrote: >>> Julian Field wrote: >>>> But Joe-Job bounces should have no sender, shouldn't they? In which >>>> case the setting "Treat Invalid Watermarks With No Sender as Spam" >>>> is the one you want to set. >>> >>> Is there an option to set the X-blah-SpamScore: header to a specific >>> number of "Spam Score Characters"? I looked at our 4.66.5 install >>> and recent change logs, but saw nothing. >> But the whole point is that header gives you the spam score in a form >> you can easily manage with mail filters such as sieve and whatever >> client you use. > > Yes. I just realized that my original question was not as complete as > I thought. > > If the "Treat Invalid Watermarks With No Sender as Spam" and "Check > Watermarks To Skip Spam Checks" settings are yes, is there an option > to set the X-SpamScore to a specific minimum value, similar to the > function of the "Minimum Stars If On Spam List"? As of now, the only > header that is added is "X-blah-SpamCheck: spam(no watermark or sender > address)", which is not as easily parsable by procmail, maildrop, or > sieve as a string of "s" characters. > > We are running version 4.66.5. You are absolutely correct. There is currently no setting for this. I guess I could write one. How many other people would find it useful too? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFIDKilEfZZRxQVtlQRAikRAJ9mjC0rlqsGF1TCaYTPl36i9HB4kgCgxmWJ Zajngf+HF1JdS2OIMYqi3sA= =nNqD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Apr 21 15:54:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 21 15:54:24 2008 Subject: watermarking rules... In-Reply-To: <480C9D9D.8010201@pa.net> References: <20080418123323.09804448064@tireswing3.arsalon.net> <48089C11.2050801@ecs.soton.ac.uk> <4808AD73.9000508@pa.net> <4808CECA.9050404@ecs.soton.ac.uk> <480C9D9D.8010201@pa.net> Message-ID: <480CAA8F.8020905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Leland J. Steinke wrote: > Julian Field wrote: >> >> >> Leland J. Steinke wrote: >>> Julian Field wrote: >>>> But Joe-Job bounces should have no sender, shouldn't they? In which >>>> case the setting "Treat Invalid Watermarks With No Sender as Spam" >>>> is the one you want to set. >>> >>> Is there an option to set the X-blah-SpamScore: header to a specific >>> number of "Spam Score Characters"? I looked at our 4.66.5 install >>> and recent change logs, but saw nothing. >> But the whole point is that header gives you the spam score in a form >> you can easily manage with mail filters such as sieve and whatever >> client you use. > > Yes. I just realized that my original question was not as complete as > I thought. > > If the "Treat Invalid Watermarks With No Sender as Spam" and "Check > Watermarks To Skip Spam Checks" settings are yes, is there an option > to set the X-SpamScore to a specific minimum value, similar to the > function of the "Minimum Stars If On Spam List"? As of now, the only > header that is added is "X-blah-SpamCheck: spam(no watermark or sender > address)", which is not as easily parsable by procmail, maildrop, or > sieve as a string of "s" characters. You can set the "Treat Invalid Watermarks With No Sender as Spam = 5" which is added to the spam score of the message. Is this good enough for you, as this will change the number of spam stars? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFIDKqQEfZZRxQVtlQRAq5RAJ9kxbHNLKtA2sdfeBBSJRCW/pa/KACfekbk V40Awaabee9/0iOBmx5NCEU= =+yYW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Mon Apr 21 15:59:57 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Apr 21 16:00:48 2008 Subject: watermarking rules... In-Reply-To: <480CA8A4.2080807@ecs.soton.ac.uk> Message-ID: Jules Looking at the settings you can indeed set a score to add to SA score # If the message has an invalid watermark and no sender address, then it # is a delivery error (DSN) for a message which didn't come from us. # Delivery errors have no sender address. # So we probably want to treat it as spam, or high-scoring spam. # This option can take one of 4 values: # "spam", # "high-scoring spam", # "nothing" or # a number greater than 0. # If it is set to a number, then that is added to the message's spam score # and it's spam status is updated accordingly. # If you set it to "nothing" then there probably isn't much # point in checking watermarks at all. But it could still be useful in # rulesets and Custom Functions. # This can also be the filename of a ruleset. Treat Invalid Watermarks With No Sender as Spam = high-scoring spam -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 21 April 2008 15:46 > To: MailScanner discussion > Subject: Re: watermarking rules... > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Leland J. Steinke wrote: > > Julian Field wrote: > >> > >> > >> Leland J. Steinke wrote: > >>> Julian Field wrote: > >>>> But Joe-Job bounces should have no sender, shouldn't they? In which > >>>> case the setting "Treat Invalid Watermarks With No Sender as Spam" > >>>> is the one you want to set. > >>> > >>> Is there an option to set the X-blah-SpamScore: header to a specific > >>> number of "Spam Score Characters"? I looked at our 4.66.5 install > >>> and recent change logs, but saw nothing. > >> But the whole point is that header gives you the spam score in a form > >> you can easily manage with mail filters such as sieve and whatever > >> client you use. > > > > Yes. I just realized that my original question was not as complete as > > I thought. > > > > If the "Treat Invalid Watermarks With No Sender as Spam" and "Check > > Watermarks To Skip Spam Checks" settings are yes, is there an option > > to set the X-SpamScore to a specific minimum value, similar to the > > function of the "Minimum Stars If On Spam List"? As of now, the only > > header that is added is "X-blah-SpamCheck: spam(no watermark or sender > > address)", which is not as easily parsable by procmail, maildrop, or > > sieve as a string of "s" characters. > > > > We are running version 4.66.5. > You are absolutely correct. There is currently no setting for this. I > guess I could write one. > How many other people would find it useful too? > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFIDKilEfZZRxQVtlQRAikRAJ9mjC0rlqsGF1TCaYTPl36i9HB4kgCgxmWJ > Zajngf+HF1JdS2OIMYqi3sA= > =nNqD > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From steinkel at pa.net Mon Apr 21 16:47:54 2008 From: steinkel at pa.net (Leland J. Steinke) Date: Mon Apr 21 16:48:58 2008 Subject: watermarking rules... In-Reply-To: <480CAA8F.8020905@ecs.soton.ac.uk> References: <20080418123323.09804448064@tireswing3.arsalon.net> <48089C11.2050801@ecs.soton.ac.uk> <4808AD73.9000508@pa.net> <4808CECA.9050404@ecs.soton.ac.uk> <480C9D9D.8010201@pa.net> <480CAA8F.8020905@ecs.soton.ac.uk> Message-ID: <480CB72A.8090407@pa.net> > You can set the "Treat Invalid Watermarks With No Sender as Spam = 5" > which is added to the spam score of the message. Is this good enough for > you, as this will change the number of spam stars? That will be perfect. It looks like our latest MailScanner upgrade round lost that option in the shuffle. Thanks, Leland From ecasarero at gmail.com Mon Apr 21 17:09:02 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Apr 21 17:09:37 2008 Subject: OT: [ARG] Job Offer: MSCanner/Sendmail Linux Admin Message-ID: <7d9b3cf20804210909q52c530c5kaf3a52b4c774ccd1@mail.gmail.com> Hi, sorry to bother with this OT, but at my office we can't find anyone that applies to this job. We are looking for an Linux-Administrator, he/she will have to manage some MailScanner/Sendmail servers (primary task). For further Details please contact me at ecasarero (at) gmail (dot) com We will acept applies from people in South America (better if argentinian) as we are considering workers over internet. Regards, From paul.hutchings at mira.co.uk Mon Apr 21 17:44:37 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Mon Apr 21 17:45:13 2008 Subject: problems with dkim-milter and mailscanner/postfix References: <480BC718.3000206@vanderkooij.org> <223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com> Message-ID: Sorry I've missed a lot of info, wasn't sure exactly what was relevant. I'm on Centos 5.x with Postfix 2.3.3 and 4.68.8. Oddly enough upgrading MailScanner to the latest release (it was on 4.67.9 I think) would appear to have fixed whatever was happening. DKIM still isn't working but that's down to some issues getting the DNS record in place properly. Cheers, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 21 April 2008 13:26 To: MailScanner discussion Subject: Re: problems with dkim-milter and mailscanner/postfix On 21/04/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Paul Hutchings wrote: > | I'm trying to get our smtp relay to sign outgoing email with > | dkim-milter. > | > | I've followed > | > http://www.howtoforge.net/postfix-dkim-with-dkim-milter-centos5.1 > and > | things are loosely working, however: > | > | Incoming messages appear to be getting stuck in the hold queue (nothing > | obvious other than the queueid! when you run mailq). When this happens > | it also appears that the MailScanner processes go a bit ape and top > | shows them using all CPU. > > > Hmm. Standard postfix with Centos 5 will not understand milters. So how > did you install postfix? > > Where did you deviate from that description? > > Hugo. Another relevant question is ... what version of MS is in use here?If too old, there's only falkey PF milter support, or even none at all... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From glenn.steen at gmail.com Mon Apr 21 18:56:51 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 21 18:57:26 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: References: <480BC718.3000206@vanderkooij.org> <223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com> Message-ID: <223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com> On 21/04/2008, Paul Hutchings wrote: > Sorry I've missed a lot of info, wasn't sure exactly what was relevant. > > I'm on Centos 5.x with Postfix 2.3.3 and 4.68.8. > > Oddly enough upgrading MailScanner to the latest release (it was on > 4.67.9 I think) would appear to have fixed whatever was happening. There was a bug in the queue file handling code for "postfix with milter" that should only have concerned later versions of Postfix , but ... Likely that is what fixed it. The fix to that code, I mean:-). The symptoms indicate that at least... Then again, there are many things that can have that particular effect:-). > DKIM still isn't working but that's down to some issues getting the DNS > record in place properly. Good luck. > Cheers, > > Paul > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Apr 21 19:09:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 21 19:10:04 2008 Subject: watermarking rules... In-Reply-To: <480CB72A.8090407@pa.net> References: <20080418123323.09804448064@tireswing3.arsalon.net> <48089C11.2050801@ecs.soton.ac.uk> <4808AD73.9000508@pa.net> <4808CECA.9050404@ecs.soton.ac.uk> <480C9D9D.8010201@pa.net> <480CAA8F.8020905@ecs.soton.ac.uk> <480CB72A.8090407@pa.net> Message-ID: <480CD84D.6050707@ecs.soton.ac.uk> Leland J. Steinke wrote: >> You can set the "Treat Invalid Watermarks With No Sender as Spam = 5" >> which is added to the spam score of the message. Is this good enough >> for you, as this will change the number of spam stars? > > That will be perfect. It looks like our latest MailScanner upgrade > round lost that option in the shuffle. Always use "upgrade_MailScanner_conf" to update your MailScanner.conf file, and you will be guaranteed not to "lose" options when upgrading. Just run it, and it will tell you how to use it. You can use a similar script for the "languages.conf" file in the reports directory. I don't change that file very often, but if you never check it you will be missing some new text substitutions, so your users will get very strange-looking reports thrown at them! Just run "upgrade_languages_conf" and it will tell you how to use it, just like the upgrade_MailScanner_conf command. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.hutchings at mira.co.uk Mon Apr 21 21:43:46 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Mon Apr 21 21:44:45 2008 Subject: problems with dkim-milter and mailscanner/postfix References: <480BC718.3000206@vanderkooij.org><223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com> <223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com> Message-ID: I'm pretty sure the DNS records were correct but for some reason outbound mail wasn't being signed. Appreciate any suggestions on the "best" choice of DKIM add-on to sign outbound email using Postix on Centos 5. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 21 April 2008 18:57 To: MailScanner discussion Subject: Re: problems with dkim-milter and mailscanner/postfix On 21/04/2008, Paul Hutchings wrote: > Sorry I've missed a lot of info, wasn't sure exactly what was relevant. > > I'm on Centos 5.x with Postfix 2.3.3 and 4.68.8. > > Oddly enough upgrading MailScanner to the latest release (it was on > 4.67.9 I think) would appear to have fixed whatever was happening. There was a bug in the queue file handling code for "postfix with milter" that should only have concerned later versions of Postfix , but ... Likely that is what fixed it. The fix to that code, I mean:-). The symptoms indicate that at least... Then again, there are many things that can have that particular effect:-). > DKIM still isn't working but that's down to some issues getting the DNS > record in place properly. Good luck. > Cheers, > > Paul > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From raj4nix at yahoo.co.in Tue Apr 22 07:21:50 2008 From: raj4nix at yahoo.co.in (mailme) Date: Tue Apr 22 07:22:30 2008 Subject: relay on postfix Message-ID: <94858.41191.qm@web7606.mail.in.yahoo.com> Hi List, My postfix configuration is not relaying local network. My network is 192.168.0.0/24. As per posfix main.cf and docs the default is to allow mynetworks_style = subnet. Why this is not working. I checked to over ride the default by setting mynetworks = 127.0.0.0/8, 192.168.0.0/24 mynetworks_style = subnet as said in http://www.postfix.org/basic.html But it didnt worked too. Any help will be helpful. Regards Rajeev Sekhar Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/9c787559/attachment.html From andrew.colin at gmail.com Tue Apr 22 08:10:19 2008 From: andrew.colin at gmail.com (andrew colin) Date: Tue Apr 22 08:10:56 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: References: <480BC718.3000206@vanderkooij.org> <223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com> <223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com> Message-ID: <31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> I have been investigating this issue as i have also come across it, Well as the postfix queue format is not documented my assumptions were just guess work so correct me if i am wrong, i was under the assumption that the integer values at the beginning of the queue file represent the side of the message. What i picked up was that even after the milter inserted the extra headers to the message these values remained the same the perl module resonsible for reading the queue file and processing it was then unable to due to the fact that it was not reading to the wrong place within the queue file. P.S and yes postfix on Centos 5.1 comes with milter support built in. Andrew On Mon, Apr 21, 2008 at 10:43 PM, Paul Hutchings wrote: > I'm pretty sure the DNS records were correct but for some reason > outbound mail wasn't being signed. > > Appreciate any suggestions on the "best" choice of DKIM add-on to sign > outbound email using Postix on Centos 5. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn > Steen > > Sent: 21 April 2008 18:57 > To: MailScanner discussion > Subject: Re: problems with dkim-milter and mailscanner/postfix > > > > On 21/04/2008, Paul Hutchings wrote: > > Sorry I've missed a lot of info, wasn't sure exactly what was > relevant. > > > > I'm on Centos 5.x with Postfix 2.3.3 and 4.68.8. > > > > Oddly enough upgrading MailScanner to the latest release (it was on > > 4.67.9 I think) would appear to have fixed whatever was happening. > There was a bug in the queue file handling code for "postfix with > milter" that should only have concerned later versions of Postfix , > but ... Likely that is what fixed it. The fix to that code, I mean:-). > The symptoms indicate that at least... Then again, there are many > things that can have that particular effect:-). > > > DKIM still isn't working but that's down to some issues getting the > DNS > > record in place properly. > > Good luck. > > > Cheers, > > > > Paul > > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > MIRA Ltd > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > > Registered in England and Wales No. 402570 > VAT Registration GB 114 5409 96 > > The contents of this e-mail are confidential and are solely for the use of the intended recipient. > If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. > You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. > > > -- > > > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- "Dru" To follow the path, look to the master, follow the master, walk with the master, see through the master, become the master. (zen) http://www.topdog.za.net/ From andrew.colin at gmail.com Tue Apr 22 08:11:49 2008 From: andrew.colin at gmail.com (andrew colin) Date: Tue Apr 22 08:12:01 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: <31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> References: <480BC718.3000206@vanderkooij.org> <223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com> <223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com> <31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> Message-ID: <31da51d50804220011x3a6213c7o6fde1bcbb68dd643@mail.gmail.com> Paul, if you need help getting your DKIM signing working post on the howtoforge forum and i will try to help. On Tue, Apr 22, 2008 at 9:10 AM, andrew colin wrote: > I have been investigating this issue as i have also come across it, > Well as the postfix queue format is not > documented my assumptions were just guess work so correct me if i am > wrong, i was under the assumption > that the integer values at the beginning of the queue file represent > the side of the message. > > What i picked up was that even after the milter inserted the extra > headers to the message these values > remained the same the perl module resonsible for reading the queue > file and processing it was then > unable to due to the fact that it was not reading to the wrong place > within the queue file. > > P.S and yes postfix on Centos 5.1 comes with milter support built in. > > Andrew > > On Mon, Apr 21, 2008 at 10:43 PM, Paul Hutchings > > > wrote: > > I'm pretty sure the DNS records were correct but for some reason > > outbound mail wasn't being signed. > > > > Appreciate any suggestions on the "best" choice of DKIM add-on to sign > > outbound email using Postix on Centos 5. > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn > > Steen > > > > Sent: 21 April 2008 18:57 > > To: MailScanner discussion > > Subject: Re: problems with dkim-milter and mailscanner/postfix > > > > > > > > On 21/04/2008, Paul Hutchings wrote: > > > Sorry I've missed a lot of info, wasn't sure exactly what was > > relevant. > > > > > > I'm on Centos 5.x with Postfix 2.3.3 and 4.68.8. > > > > > > Oddly enough upgrading MailScanner to the latest release (it was on > > > 4.67.9 I think) would appear to have fixed whatever was happening. > > There was a bug in the queue file handling code for "postfix with > > milter" that should only have concerned later versions of Postfix , > > but ... Likely that is what fixed it. The fix to that code, I mean:-). > > The symptoms indicate that at least... Then again, there are many > > things that can have that particular effect:-). > > > > > DKIM still isn't working but that's down to some issues getting the > > DNS > > > record in place properly. > > > > Good luck. > > > > > Cheers, > > > > > > Paul > > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > MIRA Ltd > > > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. > > > > Registered in England and Wales No. 402570 > > VAT Registration GB 114 5409 96 > > > > The contents of this e-mail are confidential and are solely for the use of the intended recipient. > > If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. > > You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. > > > > > > -- > > > > > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > "Dru" > To follow the path, look to the master, follow the master, walk with > the master, see through the master, become the master. (zen) > http://www.topdog.za.net/ > -- "Dru" To follow the path, look to the master, follow the master, walk with the master, see through the master, become the master. (zen) http://www.topdog.za.net/ From MailScanner at ecs.soton.ac.uk Tue Apr 22 10:29:01 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 22 10:29:48 2008 Subject: Graphic inline Signature In-Reply-To: <4808BBB1.9080700@ecs.soton.ac.uk> References: <67a55ed50804180607o67ec34bbyd4f806cce38c3302@mail.gmail.com> <4808BBB1.9080700@ecs.soton.ac.uk> Message-ID: <480DAFDD.9030103@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 218 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/df1d8b2a/PGP.bin From MailScanner at ecs.soton.ac.uk Tue Apr 22 10:29:05 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 22 10:29:52 2008 Subject: 4.69.6 released -- Graphic Inline Signatures Message-ID: <480DAFE1.30806@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released a new beta, 4.69.6. This contains: 6 Added new configuration setting "IP Protocol Version Header" which will tell you the IP version number used in the last hop to this server. It produces either "IPv4" or "IPv6" in the header. To stop the header appearing, just set it to be blank. Added at special request by my boss :-) 6 Added new configuration setting "Allow Multiple HTML Signatures". If the message has been signed with an HTML signature containing an tag, whose "alt" attribute contains "MailScanner" and "Signature" and "%org-name%", then it will not be signed again if this option is set to "no". Once a message (with an image in the signature) has been replied to a few times, it starts getting very large and ugly. This option keeps the message size down and makes it look better. This is set to "no" by default as messages look better this way. The Allow Multiple HTML Signatures was requested by Dave Jones, so that should make him happy. The other one just keeps my boss off my back :-) Please give it a try, and let me know if you run into any problems. Thanks folks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFIDa/iEfZZRxQVtlQRAiIlAJwPpNNeQBausSfYSMQviFxpM3EjngCgxY5c LHpfHZ0VYFfPh2Vvk82n1+A= =awEY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 22 10:41:19 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 22 10:41:53 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: <31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> References: <480BC718.3000206@vanderkooij.org> <223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com> <223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com> <31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> Message-ID: <223f97700804220241i5420aae7k7ea52f80697548ca@mail.gmail.com> On 22/04/2008, andrew colin wrote: > I have been investigating this issue as i have also come across it, > Well as the postfix queue format is not > documented my assumptions were just guess work so correct me if i am A bit more sophisticated than that:-). There is the code, and some fairly extensive comments in there, so it is far from pure guessing/reverse engineering. There is an element of that too, but ... :-). > wrong, i was under the assumption > that the integer values at the beginning of the queue file represent > the side of the message. Exactly what have you been looking at? The file "on hold" will not change, since we build a completely new one from scratch. I haven't looked at how the start record is generated (or if it simply is "transported" lately, so don't remeber thsoe details... But I do have some faint recollections that that should be recalculated as the queue file is written... > What i picked up was that even after the milter inserted the extra > headers to the message these values > remained the same the perl module resonsible for reading the queue > file and processing it was then > unable to due to the fact that it was not reading to the wrong place > within the queue file. What are you on about? What perl module and where? What version of MailScanner? MailScanner uses two perl modules to read the message: Postfix.pm (the ReadQf sub) and PFDiskStore.pm (the Body class). It reads all the records comprising the queue file into the message object, doing any adjustments needed, and later on write out a completely new file. So unless you "catch" that new file, you don't know how it has been rewritten/mangled;-). Now, the problem Paul likely had was due to a bug in the Body class... That was fixed in stable release 4.68.8. If you run anything prior to that ... you shouldn't try using milters;-). > P.S and yes postfix on Centos 5.1 comes with milter support built in. If it is PF2.3.x, full body edits aren't possible. > Andrew > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gerard at seibercom.net Tue Apr 22 11:06:35 2008 From: gerard at seibercom.net (Gerard) Date: Tue Apr 22 11:07:35 2008 Subject: relay on postfix In-Reply-To: <94858.41191.qm@web7606.mail.in.yahoo.com> References: <94858.41191.qm@web7606.mail.in.yahoo.com> Message-ID: <20080422060635.5fdafd56@scorpio> On Tue, 22 Apr 2008 11:51:50 +0530 (IST) mailme wrote: > My postfix configuration is not relaying local network. > > My network is 192.168.0.0/24. As per posfix main.cf and docs the > default is to allow mynetworks_style = subnet. > > Why this is not working. I checked to over ride the default by setting > > mynetworks = 127.0.0.0/8, 192.168.0.0/24 > mynetworks_style = subnet > > > as said in http://www.postfix.org/basic.html > > But it didnt worked too. > > Any help will be helpful. You are not supplying any information that would prove useful in debugging your problem. 1) Supply the output of 'postconf -n' 2) Log entries relevant to this issue 3) Describe exactly what you have done to the standard mailscanner configuration. 4) OS, Postfix and Mailscanner versions. -- Gerard gerard@seibercom.net Hubbard's Law: Don't take life too seriously; you won't get out of it alive. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/0f5ce279/signature-0001.bin From paul.hutchings at mira.co.uk Tue Apr 22 15:12:57 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Tue Apr 22 15:13:36 2008 Subject: problems with dkim-milter and mailscanner/postfix References: <480BC718.3000206@vanderkooij.org><223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com><223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com><31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> <223f97700804220241i5420aae7k7ea52f80697548ca@mail.gmail.com> Message-ID: Ok some of the terminology is being lost on me here. The Howtoforge instructions are totally straightforward for me to follow, I suspect whatever is happening relates to either MailScanner (full body edits?) or the version of Postfix. I don't do anything especially complex with Postfix so I could use one of Simon Mudds RPMs to get up to the latest version (assuming he's still churning them out). I also noticed in the logs errors such as: 902141FCDE SSL error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short Which mean nothing to me. Frankly this seems a nightmare :-) -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 22 April 2008 10:41 To: MailScanner discussion Subject: Re: problems with dkim-milter and mailscanner/postfix On 22/04/2008, andrew colin wrote: > I have been investigating this issue as i have also come across it, > Well as the postfix queue format is not > documented my assumptions were just guess work so correct me if i am A bit more sophisticated than that:-). There is the code, and some fairly extensive comments in there, so it is far from pure guessing/reverse engineering. There is an element of that too, but ... :-). > wrong, i was under the assumption > that the integer values at the beginning of the queue file represent > the side of the message. Exactly what have you been looking at? The file "on hold" will not change, since we build a completely new one from scratch. I haven't looked at how the start record is generated (or if it simply is "transported" lately, so don't remeber thsoe details... But I do have some faint recollections that that should be recalculated as the queue file is written... > What i picked up was that even after the milter inserted the extra > headers to the message these values > remained the same the perl module resonsible for reading the queue > file and processing it was then > unable to due to the fact that it was not reading to the wrong place > within the queue file. What are you on about? What perl module and where? What version of MailScanner? MailScanner uses two perl modules to read the message: Postfix.pm (the ReadQf sub) and PFDiskStore.pm (the Body class). It reads all the records comprising the queue file into the message object, doing any adjustments needed, and later on write out a completely new file. So unless you "catch" that new file, you don't know how it has been rewritten/mangled;-). Now, the problem Paul likely had was due to a bug in the Body class... That was fixed in stable release 4.68.8. If you run anything prior to that ... you shouldn't try using milters;-). > P.S and yes postfix on Centos 5.1 comes with milter support built in. If it is PF2.3.x, full body edits aren't possible. > Andrew > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From support-lists at petdoctors.co.uk Tue Apr 22 15:12:44 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Tue Apr 22 15:28:18 2008 Subject: Eicar detection with MailScanner --lint Message-ID: Hi Folks, One of my mail servers throws up 'eicar detected' with clamavmodule and bitdefender when I do a MailScanner --lint but others don't. I *am* getting viruses detected by all the servers, but wondered if the absence of the eicar trigger merits investigating? Thanks Nigel Kendrick From dgottsc at emory.edu Tue Apr 22 15:49:18 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Tue Apr 22 15:50:02 2008 Subject: Spamassassin rules based on IP In-Reply-To: References: <48043CA2.5040602@vanderkooij.org> Message-ID: Can anyone give me any insight into how to do this? I can't determine how I would go about this. Thanks! David Gottschalk UTS Email Team david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gottschalk, David Sent: Tuesday, April 15, 2008 8:07 AM To: MailScanner discussion Subject: RE: Spamassassin rules based on IP I'm not sure I'm following you. Are you saying create spamassassin rules that filter based on IP? David Gottschalk UTS Email Team david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij Sent: Tuesday, April 15, 2008 1:27 AM To: MailScanner discussion Subject: Re: Spamassassin rules based on IP -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gottschalk, David wrote: | Hi All, | Does anyone know if it is possible to have MailScanner use different spamassassin rules based on IP? For example, I'd like one IP subnet to use certain .cf files, and another use different .cf files. I'd searched, but can't seem to find a method to do this. You got to do this the other way around. You have 1 config with rules files and for (almost) each decision you can use a rule file and decide differently based on Sender IP, Sender and/or Recipient. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIBDygBvzDRVjxmYERApnzAKC3p5uX2tGOASa4rLd8fjSYYSbwtgCff+rE hExMs3kuIlzulMxQBGF6W60= =qfiq -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From ms-list at alexb.ch Tue Apr 22 15:50:22 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Apr 22 15:51:08 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: References: <480BC718.3000206@vanderkooij.org><223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com><223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com><31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> <223f97700804220241i5420aae7k7ea52f80697548ca@mail.gmail.com> Message-ID: <480DFB2E.4020706@alexb.ch> On 4/22/2008 4:12 PM, Paul Hutchings wrote: > Ok some of the terminology is being lost on me here. > > The Howtoforge instructions are totally straightforward for me to > follow, I suspect whatever is happening relates to either MailScanner > (full body edits?) or the version of Postfix. > > I don't do anything especially complex with Postfix so I could use one > of Simon Mudds RPMs to get up to the latest version (assuming he's still > churning them out). he is - if you need Postfix with mysql support, compiling from 2.5.1 his sources works beautifully. the rest of the rpms have been very reliable as well. > I also noticed in the logs errors such as: > > 902141FCDE SSL error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 > padding too short > > Which mean nothing to me. > > Frankly this seems a nightmare :-) DKI/DKIM is a nightmare... no matter what. Alex From MailScanner at ecs.soton.ac.uk Tue Apr 22 16:02:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 22 16:03:36 2008 Subject: Eicar detection with MailScanner --lint In-Reply-To: References: Message-ID: <480DFE1B.7010003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nigel Kendrick wrote: > Hi Folks, > > One of my mail servers throws up 'eicar detected' with clamavmodule and > bitdefender when I do a MailScanner --lint but others don't. > That's bad. > I *am* getting viruses detected by all the servers, but wondered if the > absence of the eicar trigger merits investigating? > Definitely. > Thanks > > Nigel Kendrick > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFIDf4bEfZZRxQVtlQRApF3AJ0Uge01vTkcv1J2vKaZWXDYZGxegACgqOUx GbFN1wj3sFz0VCVCey55wzY= =TbDf -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.hutchings at mira.co.uk Tue Apr 22 16:13:47 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Tue Apr 22 16:14:24 2008 Subject: problems with dkim-milter and mailscanner/postfix References: <480BC718.3000206@vanderkooij.org><223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com><223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com><31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> <223f97700804220241i5420aae7k7ea52f80697548ca@mail.gmail.com> <480DFB2E.4020706@alexb.ch> Message-ID: I suppose it's a conversation for a different list so hope I'm not going too OT here, but without getting into the wars about standard X vs standard Y, is it actually worth the effort of getting DKIM working in peoples opinions? We use SPF and obviously it doesn't stop spam but it does stop spoofing. DKIM/DomainKeys seems to make me a "good net citizen" but at present my understanding is all it really does is authenticates? -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From mkettler at evi-inc.com Tue Apr 22 16:21:30 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Apr 22 16:22:34 2008 Subject: Spamassassin rules based on IP In-Reply-To: References: <48043CA2.5040602@vanderkooij.org> Message-ID: <480E027A.1060201@evi-inc.com> There's no provision in spamassassin for conditionally swapping CF files in or out at scan time. SpamAssassin parses all the .cf files once, and once only when an instance is created, and then that pre-parsed ruleset is re-used for all scanning tasks until the instance dies. In order to implement this feature, the rules would have to be re-parsed on a per-message basis, and that's not practical for efficiency reasons. If you have a limited set of rulebases you need, you could create separate SpamAssassin instances and call the different instances depending on which set you want to use, however this isn't really compatible with MailScanner's model of the universe. It's also a massive memory sink in any event. Gottschalk, David wrote: > Can anyone give me any insight into how to do this? > > I can't determine how I would go about this. > > Thanks! > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gottschalk, David > Sent: Tuesday, April 15, 2008 8:07 AM > To: MailScanner discussion > Subject: RE: Spamassassin rules based on IP > > I'm not sure I'm following you. > > Are you saying create spamassassin rules that filter based on IP? > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij > Sent: Tuesday, April 15, 2008 1:27 AM > To: MailScanner discussion > Subject: Re: Spamassassin rules based on IP > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gottschalk, David wrote: > | Hi All, > | Does anyone know if it is possible to have MailScanner use > different spamassassin rules based on IP? For example, I'd like one IP > subnet to use certain .cf files, and another use different .cf files. > I'd searched, but can't seem to find a method to do this. > > You got to do this the other way around. You have 1 config with rules > files and for (almost) each decision you can use a rule file and decide > differently based on Sender IP, Sender and/or Recipient. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIBDygBvzDRVjxmYERApnzAKC3p5uX2tGOASa4rLd8fjSYYSbwtgCff+rE > hExMs3kuIlzulMxQBGF6W60= > =qfiq > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). From lists at tippingmar.com Tue Apr 22 17:29:57 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Tue Apr 22 17:30:47 2008 Subject: watermark error? Message-ID: <480E1285.1050902@tippingmar.com> I've been experimenting with the watermark feature in MailScanner 4.68.8. Sometimes it detects a bad watermark on a valid message. Can anyone tell me why the bad watermark was detected on the following message? The bounce message contains the original message that was watermarked as it left my server. I've munged the email addresses but that is all. Thanks, Mark X-tma-MailScanner-Watermark: 1208821703.40458@P3u/j51WB81cm+xPUF8cmA Return-Path: Received: from smtp01.uk.arup.com (smtp01.uk.arup.com [193.17.187.210]) by mail.tippingmar.com (8.13.8/8.13.8) with ESMTP id m3ENmEjO022488 for ; Mon, 14 Apr 2008 16:48:18 -0700 Message-Id: <200804142348.m3ENmEjO022488@mail.tippingmar.com> Received: from localhost by smtp01.uk.arup.com; 15 Apr 2008 00:48:14 +0100 Date: 15 Apr 2008 00:48:14 +0100 To: nick.xxxx@tippingmar.com From: "Mail Delivery System" Subject: Delivery Status Notification (Failure) MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="8FrS8.4Ijtgoiff.1hONb1.D39Rl7M" X-MailScanner-ID: m3ENmEjO022488 X-tma-MailScanner: Found to be clean X-tma-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=4.004, required 5.5, BAYES_00 -0.50, HTML_MESSAGE 0.00, MSGID_FROM_MTA_HEADER 0.80, PYZOR_CHECK 3.70) --8FrS8.4Ijtgoiff.1hONb1.D39Rl7M content-type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable The following message to was undeliverable. The reason for the problem: 5.1.1 - Bad destination email address 'reject' --8FrS8.4Ijtgoiff.1hONb1.D39Rl7M content-type: message/delivery-status Reporting-MTA: dns; smtp01.uk.arup.com Final-Recipient: rfc822;jason.xxxx@arup.com Action: failed Status: 5.0.0 (permanent failure) Diagnostic-Code: smtp; 5.1.1 - Bad destination email address 'reject' (delivery attempts: 0) --8FrS8.4Ijtgoiff.1hONb1.D39Rl7M content-type: message/rfc822 Received: from mail.tippingmar.com ([66.117.142.70]) by smtp01.uk.arup.com with ESMTP; 15 Apr 2008 00:48:13 +0100 Received: from mail.tippingmar.com ([66.117.142.70]) by smtp01.uk.arup.com with ESMTP; 15 Apr 2008 00:48:13 +0100 X-tma-MailScanner-Watermark: 1208821688.93323@XZJ7MPRd7YTLSHAFTV70cg ^^^^^^^^^^^^^^ that is my watermark in the original message Received: from [192.168.254.76] (Ath64x2-4800-1.tippingmar.com [192.168.254.76]) by mail.tippingmar.com (8.13.8/8.13.8) with ESMTP id m3ENm8OV022480 for ; Mon, 14 Apr 2008 16:48:08 -0700 Message-ID: <4803ED38.8030904@tippingmar.com> Date: Mon, 14 Apr 2008 16:48:08 -0700 From: Nick xxxx Organization: Tipping Mar + associates User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: jason.xxxx@arup.com Subject: Engineers Alliance for the Arts Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-MailScanner-ID: m3ENm8OV022480 X-tma-MailScanner: Found to be clean X-tma-MailScanner-SpamCheck: (the text of the message was here) From dgottsc at emory.edu Tue Apr 22 19:28:58 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Tue Apr 22 19:29:39 2008 Subject: Spamassassin rules based on IP In-Reply-To: <480E027A.1060201@evi-inc.com> References: <48043CA2.5040602@vanderkooij.org> <480E027A.1060201@evi-inc.com> Message-ID: Thanks! David Gottschalk UTS Email Team david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Kettler Sent: Tuesday, April 22, 2008 11:22 AM To: MailScanner discussion Subject: Re: Spamassassin rules based on IP There's no provision in spamassassin for conditionally swapping CF files in or out at scan time. SpamAssassin parses all the .cf files once, and once only when an instance is created, and then that pre-parsed ruleset is re-used for all scanning tasks until the instance dies. In order to implement this feature, the rules would have to be re-parsed on a per-message basis, and that's not practical for efficiency reasons. If you have a limited set of rulebases you need, you could create separate SpamAssassin instances and call the different instances depending on which set you want to use, however this isn't really compatible with MailScanner's model of the universe. It's also a massive memory sink in any event. Gottschalk, David wrote: > Can anyone give me any insight into how to do this? > > I can't determine how I would go about this. > > Thanks! > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gottschalk, David > Sent: Tuesday, April 15, 2008 8:07 AM > To: MailScanner discussion > Subject: RE: Spamassassin rules based on IP > > I'm not sure I'm following you. > > Are you saying create spamassassin rules that filter based on IP? > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij > Sent: Tuesday, April 15, 2008 1:27 AM > To: MailScanner discussion > Subject: Re: Spamassassin rules based on IP > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gottschalk, David wrote: > | Hi All, > | Does anyone know if it is possible to have MailScanner use > different spamassassin rules based on IP? For example, I'd like one IP > subnet to use certain .cf files, and another use different .cf files. > I'd searched, but can't seem to find a method to do this. > > You got to do this the other way around. You have 1 config with rules > files and for (almost) each decision you can use a rule file and decide > differently based on Sender IP, Sender and/or Recipient. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIBDygBvzDRVjxmYERApnzAKC3p5uX2tGOASa4rLd8fjSYYSbwtgCff+rE > hExMs3kuIlzulMxQBGF6W60= > =qfiq > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From dickenson at cfmc.com Tue Apr 22 20:37:52 2008 From: dickenson at cfmc.com (Jim Dickenson) Date: Tue Apr 22 20:38:47 2008 Subject: White-list address ignored Message-ID: I am running: This is CentOS release 4.5 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.58.9 I have this set: Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules In the rules file I have a line like this: From: addr@sbcglobal.net yes The three elements are separated with tabs I got an email where the MailScanner-From header shows this address but it was not white-listed. I ran MailScanner --lint and did not have any errors. What might cause this. I see there is an argument --to=
and I thought maybe it test the address against the various rule sets. I am not sure what the purpose of that option is but it did not show anything what helped me figure out what might be wrong. Any ideas as to what to look at? Thanks, -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ From ssilva at sgvwater.com Tue Apr 22 20:56:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Apr 22 20:57:37 2008 Subject: White-list address ignored In-Reply-To: References: Message-ID: on 4-22-2008 12:37 PM Jim Dickenson spake the following: > I am running: > > This is CentOS release 4.5 (Final) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.58.9 > > > I have this set: > > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > > > > In the rules file I have a line like this: > > From: addr@sbcglobal.net yes > > The three elements are separated with tabs > > > I got an email where the MailScanner-From header shows this address but it > was not white-listed. > > I ran MailScanner --lint and did not have any errors. > > What might cause this. > > I see there is an argument --to=
and I thought maybe it test the > address against the various rule sets. I am not sure what the purpose of > that option is but it did not show anything what helped me figure out what > might be wrong. > > Any ideas as to what to look at? > > Thanks, Could this message have been to multiple people at your site? If so, look at the following in your MailScanner.conf: # Spammers have learnt that they can get their message through by sending # a message with lots of recipients, one of which chooses to whitelist # everything coming to them, including the spammer. # So if a message arrives with more than this number of recipients, ignore # the "Is Definitely Not Spam" whitelist. Ignore Spam Whitelist If Recipients Exceed = 20 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/c49e1321/signature.bin From MailScanner at ecs.soton.ac.uk Tue Apr 22 21:06:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 22 21:07:17 2008 Subject: MailScanner ANNOUNCE: ac.uk users of Spamhaus zones Message-ID: <480E4541.8040306@ecs.soton.ac.uk> This is only relevant to users of the Spamhaus zones (i.e. anyone using SpamAssassin or MailScanner) who are connected to JANet. The JANet mail team already have a subscription to the Spamhaus zones, which they provide under different names on their own DNS servers, which are accessible to all JANet sites. However, the problem with that is that you have to redefine all the SpamAssassin rules that use these zones in order to use their different names. This totally breaks the ability to use sa-update every night (and update_spamassassin) in order to automatically fetch new rulesets. Which is a real pain. So I asked them to provide the zones under their original names as well, so all we needed were 4 entries in our named.conf files to forward the zones to the JANet servers instead of the original Spamhaus servers which it will do by default. My request has been answered :-) So now they have 6 DNS servers (which are all listed in the A records for ns.mail-abuse.ja.net.) which provide the 4 main spamhaus zones under their original names. So you can put your SpamAssassin rules back to how they were by default, and just tweak your named.conf by adding this: zone "sbl.spamhaus.org" { type forward; forward only; // JKF 2008-04-22 Using Janet-provided copy of the zone. forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; 128.86.8.85; 128.86.8.120; 128.86.8.245; }; }; zone "pbl.spamhaus.org" { type forward; forward only; // JKF 2008-04-22 Using Janet-provided copy of the zone. forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; 128.86.8.85; 128.86.8.120; 128.86.8.245; }; }; zone "xbl.spamhaus.org" { type forward; forward only; // JKF 2008-04-22 Using Janet-provided copy of the zone. forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; 128.86.8.85; 128.86.8.120; 128.86.8.245; }; }; zone "zen.spamhaus.org" { type forward; forward only; // JKF 2008-04-22 Using Janet-provided copy of the zone. forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; 128.86.8.85; 128.86.8.120; 128.86.8.245; }; }; Once a month or so, you should check the list of IP addresses you give in the lines above against what you get from the command dig ns.mail-abuse.ja.net. A to make sure your list of IP addresses is up to date. I have asked them to set up an announcements mailing list for us to join so that we get notification of any changes to the list of IP addresses. I'll let you know what I hear about this. They will shortly update their web pages to reflect this new service. I hope this is useful to all the ac.uk sites out there! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 22 21:14:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 22 21:14:30 2008 Subject: White-list address ignored In-Reply-To: References: Message-ID: <480E4715.3050708@ecs.soton.ac.uk> Jim Dickenson wrote: > I am running: > > This is CentOS release 4.5 (Final) > This is Perl version 5.008005 (5.8.5) > This is MailScanner version 4.58.9 > > > I have this set: > > Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules > > > > In the rules file I have a line like this: > > From: addr@sbcglobal.net yes > > The three elements are separated with tabs > > > I got an email where the MailScanner-From header shows this address but it > was not white-listed. > > I ran MailScanner --lint and did not have any errors. > > What might cause this. > > I see there is an argument --to=
and I thought maybe it test the > address against the various rule sets. I am not sure what the purpose of > that option is but it did not show anything what helped me figure out what > might be wrong. > > Any ideas as to what to look at? > Run "MailScanner --help" and you will get this, which explains how to use --to in conjunction with --from and --value. Usage: MailScanner [ -h|-v|--debug|--debug-sa|--lint ] | [ -c|--changed ] | [ --id= ] | [ --inqueuedir= ] | [--value= --from= --to=, --to=, ...] --ip=, --virus= ] This should tell you whether the ruleset is right or not. In normal rulesets, it doesn't matter if they are spaces or tabs or any combination thereof. The only place you have to use tabs is in filename.rules.conf and filetype.rules.conf. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From drtaber at northcarolina.edu Tue Apr 22 21:03:50 2008 From: drtaber at northcarolina.edu (Douglas R Taber) Date: Tue Apr 22 21:19:29 2008 Subject: MailScanner stuck in Infinite loop (again) Message-ID: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E14E@mail-gahub.ad.northcarolina.edu> For some reason my mailscanner has recently started going in to an infinite loop. It'll go fine for a few minutes, and then you'll just see the same messages get scanned over and over and over. If I run MailScanner -debug it spits back: Negative length at /usr/lib/MailScanner/Message.pm line 3168. Anyone have any ideas or suggestions on this? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/7db0ce6b/attachment.html From dickenson at cfmc.com Tue Apr 22 21:37:46 2008 From: dickenson at cfmc.com (Jim Dickenson) Date: Tue Apr 22 21:38:27 2008 Subject: White-list address ignored In-Reply-To: Message-ID: I found the problem. I am in the process of moving our company email to Google Apps, not my idea at all. In preparation for this move I stopped scanning on our gateway system. I white-list email from our network but I did not want to white-list stuff from our gateway so I added a line to the rule. I should have added it at the end but not thinking of implications I did not. The effect was any white-list after that line was ignored. Thanks for listening ;) -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Scott Silva > Reply-To: MailScanner discussion > Date: Tue, 22 Apr 2008 12:56:24 -0700 > To: > Subject: Re: White-list address ignored > > on 4-22-2008 12:37 PM Jim Dickenson spake the following: >> I am running: >> >> This is CentOS release 4.5 (Final) >> This is Perl version 5.008005 (5.8.5) >> This is MailScanner version 4.58.9 >> >> >> I have this set: >> >> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules >> >> >> >> In the rules file I have a line like this: >> >> From: addr@sbcglobal.net yes >> >> The three elements are separated with tabs >> >> >> I got an email where the MailScanner-From header shows this address but it >> was not white-listed. >> >> I ran MailScanner --lint and did not have any errors. >> >> What might cause this. >> >> I see there is an argument --to=
and I thought maybe it test the >> address against the various rule sets. I am not sure what the purpose of >> that option is but it did not show anything what helped me figure out what >> might be wrong. >> >> Any ideas as to what to look at? >> >> Thanks, > Could this message have been to multiple people at your site? > > If so, look at the following in your MailScanner.conf: > > > # Spammers have learnt that they can get their message through by sending > # a message with lots of recipients, one of which chooses to whitelist > # everything coming to them, including the spammer. > # So if a message arrives with more than this number of recipients, ignore > # the "Is Definitely Not Spam" whitelist. > Ignore Spam Whitelist If Recipients Exceed = 20 > > > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From drtaber at northcarolina.edu Tue Apr 22 21:40:11 2008 From: drtaber at northcarolina.edu (Douglas R Taber) Date: Tue Apr 22 21:41:11 2008 Subject: MailScanner stuck in Infinite loop (again) Message-ID: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E150@mail-gahub.ad.northcarolina.edu> Since more info is always better, I've found some more things out. If I stop mailscanner, and delete the file /var/spool/MailScanner/incoming/SpamAssassin.cache.db and restart mailscanner, it will work for a while then start looping again. If I set the SpamAssassin cache to off in MailScanner.conf, it will also work fine. Thoughts? From: Douglas R Taber Sent: Tuesday, April 22, 2008 4:04 PM To: 'mailscanner@lists.mailscanner.info' Subject: MailScanner stuck in Infinite loop (again) For some reason my mailscanner has recently started going in to an infinite loop. It'll go fine for a few minutes, and then you'll just see the same messages get scanned over and over and over. If I run MailScanner -debug it spits back: Negative length at /usr/lib/MailScanner/Message.pm line 3168. Anyone have any ideas or suggestions on this? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/12d9b8e2/attachment.html From norbert.schmidt at interactivedata.com Tue Apr 22 21:55:21 2008 From: norbert.schmidt at interactivedata.com (Norbert Schmidt) Date: Tue Apr 22 21:56:36 2008 Subject: Norbert Schmidt is out of the office Message-ID: I will be out of the office starting 19.04.2008 and will not return until 28.04.2008. I'll answer to your mail, when I get back. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/d16a72c0/attachment.html From mikael at syska.dk Tue Apr 22 22:52:50 2008 From: mikael at syska.dk (Mikael Syska) Date: Tue Apr 22 23:31:59 2008 Subject: Watermark checking doesn't work In-Reply-To: <47FC89BE.1090304@anymore.nl> References: <47FC89BE.1090304@anymore.nl> Message-ID: <6beca9db0804221452u285a25acna0a3d267e059fbc3@mail.gmail.com> Hi, I'm having the same problem ... using all default settings ... watermark beeing added ... but its still tagged as spam, but it should be returned to the user .. MailScanner-4.67.6_1 from freebsd ports tree. Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes # %rules-dir%/watermarking.rules, this is my next project, as only some will use this as there SMTP server Treat Invalid Watermarks With No Sender as Spam = spam Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-Secret Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Am I also missing something here ... or is it broken on FreeBSD 7.0 ? best regards Mikael Syska On Wed, Apr 9, 2008 at 11:17 AM, Arjan Schrijver wrote: > Hi people, > > This watermarking feature sounds very good given all the spam backscatter > I'm receiving the past weeks. So I set the following options in > MailScanner.conf: > > Use Watermarking = yes > Add Watermark = yes > Check Watermarks With No Sender = yes > Treat Invalid Watermarks With No Sender as Spam = spam > Check Watermarks To Skip Spam Checks = no > Watermark Secret = (this is secret) > Watermark Lifetime = 432000 > Watermark Header = X-%org-name%-MailScanner-Watermark: > > > Now, the watermark is being added to each mail fine. I get the header in > every outgoing mail. When I send a mail to a nonexisting address, it gets > interesting. The DSN is being returned as it should, including my original > X-%org-name%-MailScanner-Watermark header. However, MailScanner doesn't > think it is a legitimate watermark, or it can't find the sender address. I > get this logline for the DSN: > > Apr 9 10:53:37 arenta MailScanner[32447]: Message 82BDF1E018B.CC35D from > ######### has no (or invalid) watermark or sender address > > Is there more configuration I need to do, or is this feature simply still > in development and it doesn't work? > > Kind regards, > Arjan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Wed Apr 23 00:03:33 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 23 00:04:18 2008 Subject: MailScanner stuck in Infinite loop (again) In-Reply-To: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E14E@mail-gahub.ad.northcarolina.edu> References: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E14E@mail-gahub.ad.northcarolina.edu> Message-ID: on 4-22-2008 1:03 PM Douglas R Taber spake the following: > For some reason my mailscanner has recently started going in to an > infinite loop. It?ll go fine for a few minutes, and then you?ll just see > the same messages get scanned over and over and over. If I run > MailScanner ?debug it spits back: > > Negative length at /usr/lib/MailScanner/Message.pm line 3168. > > > > Anyone have any ideas or suggestions on this? > The standard questions will be asked; Mailscanner version OS MTA Have you done any updates to anything at the time this started happening? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/82769f80/signature.bin From ssilva at sgvwater.com Wed Apr 23 00:12:31 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 23 00:12:50 2008 Subject: White-list address ignored In-Reply-To: References: Message-ID: on 4-22-2008 1:37 PM Jim Dickenson spake the following: > I found the problem. > > I am in the process of moving our company email to Google Apps, not my idea > at all. In preparation for this move I stopped scanning on our gateway > system. I white-list email from our network but I did not want to white-list > stuff from our gateway so I added a line to the rule. I should have added it > at the end but not thinking of implications I did not. The effect was any > white-list after that line was ignored. > > Thanks for listening ;) I hope you tried to inform your PHB's that Google is a large spam source, and your mail will probably get caught up in the turmoil. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/d331f386/signature.bin From ssilva at sgvwater.com Wed Apr 23 00:25:09 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 23 00:25:50 2008 Subject: MailScanner stuck in Infinite loop (again) In-Reply-To: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E150@mail-gahub.ad.northcarolina.edu> References: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E150@mail-gahub.ad.northcarolina.edu> Message-ID: on 4-22-2008 1:40 PM Douglas R Taber spake the following: > Since more info is always better, I?ve found some more things out. > > > > If I stop mailscanner, and delete the file > /var/spool/MailScanner/incoming/SpamAssassin.cache.db and restart > mailscanner, it will work for a while then start looping again. > > > > If I set the SpamAssassin cache to off in MailScanner.conf, it will also > work fine. > Post a MailScanner -V output. And also run a MailScanner --lint and look for errors. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/7733cc79/signature-0001.bin From drtaber at northcarolina.edu Wed Apr 23 00:57:29 2008 From: drtaber at northcarolina.edu (Douglas R Taber) Date: Wed Apr 23 00:58:12 2008 Subject: MailScanner stuck in Infinite loop (again) In-Reply-To: Message-ID: On 4/22/08 7:03 PM, "Scott Silva" wrote: on 4-22-2008 1:03 PM Douglas R Taber spake the following: > For some reason my mailscanner has recently started going in to an > infinite loop. It'll go fine for a few minutes, and then you'll just see > the same messages get scanned over and over and over. If I run > MailScanner -debug it spits back: > > Negative length at /usr/lib/MailScanner/Message.pm line 3168. > > > > Anyone have any ideas or suggestions on this? > The standard questions will be asked; Mailscanner version OS MTA Have you done any updates to anything at the time this started happening? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! Mailscanner is current stable build. OS is RHEL4 MTA is sendmail 8.x.x It started happening yesterday, but no updates in at least a week, if not more. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080422/78de0918/attachment.html From philip at zeiglers.net Wed Apr 23 01:20:14 2008 From: philip at zeiglers.net (Philip Zeigler) Date: Wed Apr 23 01:21:32 2008 Subject: {Spam?} dkim-milter and MailScanner Message-ID: <480E80BE.1080902@zeiglers.net> I am attempting to use dkim-milter (Sendmail DKIM Filter v2.2.1) with MailScanner. Are there any particular configuration steps I need to be aware of when using MailScanner? The reason I am asking because I get a "body altered" error from the dkim.org test reflector. It also appears that the h= value is extremely large which seems to cause the b= value to get truncated. OS: CentOS 5.1 (64-bit) MTA: sendmail MailScanner 4.66.2 Thanks, Philip -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejones70 at gmail.com Wed Apr 23 02:14:14 2008 From: davejones70 at gmail.com (Dave Jones) Date: Wed Apr 23 02:14:49 2008 Subject: MailScanner defunct processes Message-ID: <67a55ed50804221814x24ae2873g2d7811c1cc6c16df@mail.gmail.com> I have installed the latest beta code 4.69.6-1 to test the latest feature that Julian added for us. I have installed this version on 4 servers with nearly identical configurations. Three of the four servers are running perfectly. Two of these servers are identical. One of the 2 twin servers (call it "server2") is running perfectly but the second one starts up it's children and 15 or 16 of the 20 MailScanner processes go defunct after apparently running through a batch of processing. Four to five MailScanner processes appear to be normal either "waiting for messages", "checking with SpamAssassin", or "MCP checks", etc. [root@server2 MailScanner]# ps -ef | grep MailScanner root 8594 1 0 20:56 ? 00:00:00 MailScanner: starting child root 17727 8594 2 21:06 ? 00:00:03 MailScanner: checking with SpamAssassin root 18639 8594 0 21:07 ? 00:00:00 [MailScanner] root 18723 8594 0 21:07 ? 00:00:00 [MailScanner] root 18787 8594 1 21:07 ? 00:00:00 [MailScanner] root 18856 8594 1 21:07 ? 00:00:00 [MailScanner] root 18929 8594 1 21:07 ? 00:00:00 [MailScanner] root 19012 8594 1 21:07 ? 00:00:00 [MailScanner] root 19125 8594 1 21:07 ? 00:00:00 [MailScanner] root 19188 8594 1 21:07 ? 00:00:00 [MailScanner] root 19259 8594 1 21:07 ? 00:00:00 [MailScanner] root 19333 8594 1 21:08 ? 00:00:00 [MailScanner] root 19407 8594 2 21:08 ? 00:00:00 [MailScanner] root 19478 8594 2 21:08 ? 00:00:00 [MailScanner] root 19554 8594 2 21:08 ? 00:00:00 [MailScanner] root 19656 8594 3 21:08 ? 00:00:00 [MailScanner] root 19737 8594 3 21:08 ? 00:00:00 [MailScanner] root 19805 8594 5 21:08 ? 00:00:00 [MailScanner] root 19871 8594 8 21:08 ? 00:00:00 [MailScanner] root 19925 8594 10 21:08 ? 00:00:00 MailScanner: checking with SpamAssassin root 19992 19925 0 21:08 ? 00:00:00 MailScanner: checking with SpamAssassin root 19993 8594 0 21:08 ? 00:00:00 MailScanner: waiting for messages root 19996 17727 0 21:08 ? 00:00:00 MailScanner: checking with SpamAssassin [root@server2 MailScanner]# MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /mnt/ramdisk/SpamAssassin-Temp Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1088. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1090. Building a message batch to scan... Have a batch of 30 messages. Error PPS:0 [root@server2 MailScanner]# MailScanner -v Running on Linux server2 2.6.18-53.el5 #1 SMP Wed Oct 10 16:34:19 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux This is Red Hat Enterprise Linux Server release 5.1 (Tikanga) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.69.6 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 1.04 Carp 2.007 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 0.16 OLE::Storage_Lite 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.13 Sys::Syslog 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.36 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.56 DBI 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Encode::Detect missing Error 0.19 ExtUtils::CBuilder missing ExtUtils::ParseXS 2.35 Getopt::Long missing Inline missing IO::String 1.05 IO::Zlib 2.24 IP::Country missing Mail::ClamAV 3.002004 Mail::SpamAssassin missing Mail::SPF missing Mail::SPF::Query 0.2808 Module::Build missing Net::CIDR::Lite 0.63 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP missing NetAddr::IP missing Parse::RecDescent missing SAVI 2.52 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.35 URI missing version 0.66 YAML [root@server2 MailScanner]# -- Dave Jones From hvdkooij at vanderkooij.org Wed Apr 23 05:56:45 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Apr 23 05:57:40 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: References: <480BC718.3000206@vanderkooij.org><223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com><223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com><31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> <223f97700804220241i5420aae7k7ea52f80697548ca@mail.gmail.com> <480DFB2E.4020706@alexb.ch> Message-ID: <480EC18D.7060100@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Hutchings wrote: | I suppose it's a conversation for a different list so hope I'm not going | too OT here, but without getting into the wars about standard X vs | standard Y, is it actually worth the effort of getting DKIM working in | peoples opinions? | | We use SPF and obviously it doesn't stop spam but it does stop spoofing. | | DKIM/DomainKeys seems to make me a "good net citizen" but at present my | understanding is all it really does is authenticates? One of the main DKIM players is yahoo. Another is google. I happen to get a lot of spam with valid DKIM stuff from Yahoo. Others are not keen on Google. So it seems to me DKIM is not adding anything except a large header block to each message. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIDsGLBvzDRVjxmYERAmnSAJ4xN0Qxx6IDPiHJCareJUVL8vsWEwCgiZJb NXfRtZcMuoHfUsh+JJFmJCA= =ZaKH -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Wed Apr 23 06:06:40 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Apr 23 06:06:49 2008 Subject: Spamassassin rules based on IP In-Reply-To: References: <48043CA2.5040602@vanderkooij.org> Message-ID: <480EC3E0.8010101@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gottschalk, David wrote: | Can anyone give me any insight into how to do this? | | I can't determine how I would go about this. One idea to get something done. Write a SA rule to catch the condition for which you want to bypass a rule. Then write a compound rule to counteract the effect of the normal SA rule. Say you have a rule to give 3 points if the string "many dollars" is present. Then you happen to use this string a lot in outgoing mail because mortgages is your business and you need to remind your customers to pay their bill. So you write a rule to detect it is an outgoing message. Then write a rule to give -3 points if the condition for the "many dollars" is met along with the condition you set for outgoing messages. It is a lot of work and you get a very big rulebase you need to maintain ~ yourself. But technically you could make it work. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIDsPeBvzDRVjxmYERAh9fAJ9WkZtN2FnRgJAiFOWtmrjWYwocTgCgmtuR q/qXQ6XkAM/vEmjrrXBYUrA= =WTyt -----END PGP SIGNATURE----- From P.G.M.Peters at utwente.nl Wed Apr 23 08:18:06 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Wed Apr 23 08:18:58 2008 Subject: Watermark checking doesn't work In-Reply-To: <6beca9db0804221452u285a25acna0a3d267e059fbc3@mail.gmail.com> References: <47FC89BE.1090304@anymore.nl> <6beca9db0804221452u285a25acna0a3d267e059fbc3@mail.gmail.com> Message-ID: <480EE2AE.4050506@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikael Syska wrote on 22-4-2008 23:52: > I'm having the same problem ... using all default settings ... > watermark beeing added ... but its still tagged as spam, but it should > be returned to the user .. > > MailScanner-4.67.6_1 from freebsd ports tree. My version is 4.68.8. > Use Watermarking = yes > Add Watermark = yes > Check Watermarks With No Sender = yes # > %rules-dir%/watermarking.rules, this is my next project, as only some > will use this as there SMTP server > Treat Invalid Watermarks With No Sender as Spam = spam > Check Watermarks To Skip Spam Checks = yes > Watermark Secret = %org-name%-Secret > Watermark Lifetime = 604800 > Watermark Header = X-%org-name%-MailScanner-Watermark: > > Am I also missing something here ... or is it broken on FreeBSD 7.0 ? I'm having some strange effects with watermarking on Redhat/CentOS. I want to use it to prevent scanning when it has already been scanned by one of the other internal mail servers. Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = nothing Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-Secret Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: When I send a test e-mail through two of the servers I still see the following: > Received: from mailscanner1.noc.iaf.nl (boron.noc.iaf.nl [80.89.224.150]) > by smtp.iaf.nl (8.13.1/8.13.1) with ESMTP id m3ME2Msl004782 > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); > Tue, 22 Apr 2008 16:02:27 +0200 > X-IAF-MailScanner-Watermark: 1209481573.98826@JgxHIFe7Jrion51pd2GRDg > Received: from mailscanner1.noc.iaf.nl (boron.noc.iaf.nl [80.89.224.150]) > by smtp.iaf.nl (8.13.1/8.13.1) with ESMTP id m3ME2Msl004782 > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); > Tue, 22 Apr 2008 16:02:27 +0200 > X-IAF-MailScanner-Watermark: 1209477740.67923@OthQNKUf2CAsnvfTirb/NA > Received: from mx1.iaf.nl (mx1.iaf.nl [80.89.224.65]) > by mailscanner1.noc.iaf.nl (8.13.8/8.13.8) with ESMTP id m3ME2I3n027923; > Tue, 22 Apr 2008 16:02:18 +0200 Both smtp.iaf.nl and mailscanner1.noc.iaf.nl run MailScanner with watermarking enabled. So I think smtp.iaf.nl should detect the watermark. > X-IAF-MailScanner: Found to be clean, Found to be clean > X-IAF-MailScanner-From: p.g.m.peters@utwente.nl Both IAF MailScanners seems to have scanned the message. Both have added "Found to be clean". Multiple Headers = append - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIDuKtelLo80lrIdIRAkNyAJwLnsIDgpdt7CuAQMDskB85Jkzl4gCgk0kC OuAayJcYLx2Ev+JhwPLPrI4= =ESPl -----END PGP SIGNATURE----- From myeasytech at yahoo.com.hk Wed Apr 23 08:23:54 2008 From: myeasytech at yahoo.com.hk (barry kwok) Date: Wed Apr 23 08:24:30 2008 Subject: null envelope sender Message-ID: <97385.56019.qm@web31505.mail.mud.yahoo.com> I don't know whether this is a mailscanner or postfix problem (or client si= de problem).=0A=0AWhen checking the maillog, I found that some clients (loc= al senders) or outside MTAs (normal emails) have null envelope sender. They= comes in random. The same clients will have normal envelope sender sometim= es. =0A=0AThis may not a problem before I add watermark features in MailSca= nner. But those normal null envelope sender will have chance to become spam= emails after I adding some scores to null senders.=0A=0ARegards,=0ABarry= =0A=0A=0A =A5X=AEt=A9=CE=A5h=AE=C8=B9C=AE=C9=A1A=A7A=A5i=A5H=C0H=AE=C9= =C0H=A6a=A5=CE=A5=FE=B7s=AA=BAYahoo! Messenger =BA=F4=A4W=AA=A9=B8=F2=A7A= =AA=BA=AAB=A4=CD=A7Y=AE=C9=B3q=B0T=A4=CE=ACd=B8=DF=B9=EF=B8=DC=B0T=AE=A7=AC= =F6=BF=FD! =BD=D0=ABe=A9=B9 http://hk.webmessenger.yahoo.com/ =A5=DF=A7Y=A8= =CF=A5=CE! =0A From spamlists at coders.co.uk Wed Apr 23 10:01:38 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Wed Apr 23 10:02:43 2008 Subject: Watermark checking doesn't work In-Reply-To: <480EE2AE.4050506@utwente.nl> References: <47FC89BE.1090304@anymore.nl> <6beca9db0804221452u285a25acna0a3d267e059fbc3@mail.gmail.com> <480EE2AE.4050506@utwente.nl> Message-ID: <480EFAF2.1000706@coders.co.uk> Peter Peters wrote: > > Both smtp.iaf.nl and mailscanner1.noc.iaf.nl run MailScanner with > watermarking enabled. So I think smtp.iaf.nl should detect the watermark. > > What do the logs say? >> X-IAF-MailScanner: Found to be clean, Found to be clean >> X-IAF-MailScanner-From: p.g.m.peters@utwente.nl >> > > Both IAF MailScanners seems to have scanned the message. Both have added > "Found to be clean". > Multiple Headers = append > Clean is from the Virus checker.... Virus checking is not skipped when a valid water mark is detected..... matt From MailScanner at ecs.soton.ac.uk Wed Apr 23 10:40:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 23 10:41:21 2008 Subject: MailScanner defunct processes In-Reply-To: <67a55ed50804221814x24ae2873g2d7811c1cc6c16df@mail.gmail.com> References: <67a55ed50804221814x24ae2873g2d7811c1cc6c16df@mail.gmail.com> Message-ID: <480F0415.7090606@ecs.soton.ac.uk> Dave Jones wrote: > I have installed the latest beta code 4.69.6-1 to test the latest > feature that Julian added for us. I have installed this version on 4 > servers with nearly identical configurations. Three of the four > servers are running perfectly. Two of these servers are identical. > One of the 2 twin servers (call it "server2") is running perfectly but > the second one starts up it's children and 15 or 16 of the 20 > MailScanner processes go defunct after apparently running through a > batch of processing. Four to five MailScanner processes appear to be > normal either "waiting for messages", "checking with SpamAssassin", or > "MCP checks", etc. > > [root@server2 MailScanner]# ps -ef | grep MailScanner > root 8594 1 0 20:56 ? 00:00:00 MailScanner: starting child > root 17727 8594 2 21:06 ? 00:00:03 MailScanner: checking > with SpamAssassin > root 18639 8594 0 21:07 ? 00:00:00 [MailScanner] > root 18723 8594 0 21:07 ? 00:00:00 [MailScanner] > root 18787 8594 1 21:07 ? 00:00:00 [MailScanner] > root 18856 8594 1 21:07 ? 00:00:00 [MailScanner] > root 18929 8594 1 21:07 ? 00:00:00 [MailScanner] > root 19012 8594 1 21:07 ? 00:00:00 [MailScanner] > root 19125 8594 1 21:07 ? 00:00:00 [MailScanner] > root 19188 8594 1 21:07 ? 00:00:00 [MailScanner] > root 19259 8594 1 21:07 ? 00:00:00 [MailScanner] > root 19333 8594 1 21:08 ? 00:00:00 [MailScanner] > root 19407 8594 2 21:08 ? 00:00:00 [MailScanner] > root 19478 8594 2 21:08 ? 00:00:00 [MailScanner] > root 19554 8594 2 21:08 ? 00:00:00 [MailScanner] > root 19656 8594 3 21:08 ? 00:00:00 [MailScanner] > root 19737 8594 3 21:08 ? 00:00:00 [MailScanner] > root 19805 8594 5 21:08 ? 00:00:00 [MailScanner] > root 19871 8594 8 21:08 ? 00:00:00 [MailScanner] > root 19925 8594 10 21:08 ? 00:00:00 MailScanner: checking > with SpamAssassin > root 19992 19925 0 21:08 ? 00:00:00 MailScanner: checking > with SpamAssassin > root 19993 8594 0 21:08 ? 00:00:00 MailScanner: waiting > for messages > root 19996 17727 0 21:08 ? 00:00:00 MailScanner: checking > with SpamAssassin > [root@server2 MailScanner]# MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > SpamAssassin temp dir = /mnt/ramdisk/SpamAssassin-Temp > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1088. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1090. > Building a message batch to scan... > Have a batch of 30 messages. > Error PPS:0 > There's your problem. I don't know what is generating "Error PPS:0" but that's certainly the problem. Do a grep -rl 'Error PPS' /usr/lib/perl5 and see what it says. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From a.peacock at chime.ucl.ac.uk Wed Apr 23 12:49:59 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Wed Apr 23 12:50:36 2008 Subject: MailScanner ANNOUNCE: ac.uk users of Spamhaus zones In-Reply-To: <480E4541.8040306@ecs.soton.ac.uk> References: <480E4541.8040306@ecs.soton.ac.uk> Message-ID: <480F2267.2000307@chime.ucl.ac.uk> Hu Julian, Many thanks for this. I was aware (and use) the JANet subscription to the MAPS+ lists, but wasn't aware of the Spamhaus list feeds. Your DNS forwarder solution makes this very neat indeed, and I have adopted it today. Julian Field wrote: > This is only relevant to users of the Spamhaus zones (i.e. anyone using > SpamAssassin or MailScanner) who are connected to JANet. > > The JANet mail team already have a subscription to the Spamhaus zones, > which they provide under different names on their own DNS servers, which > are accessible to all JANet sites. > > However, the problem with that is that you have to redefine all the > SpamAssassin rules that use these zones in order to use their different > names. This totally breaks the ability to use sa-update every night (and > update_spamassassin) in order to automatically fetch new rulesets. Which > is a real pain. > > So I asked them to provide the zones under their original names as well, > so all we needed were 4 entries in our named.conf files to forward the > zones to the JANet servers instead of the original Spamhaus servers > which it will do by default. > > My request has been answered :-) > > So now they have 6 DNS servers (which are all listed in the A records > for ns.mail-abuse.ja.net.) which provide the 4 main spamhaus zones under > their original names. > So you can put your SpamAssassin rules back to how they were by default, > and just tweak your named.conf by adding this: > > zone "sbl.spamhaus.org" { > type forward; > forward only; > // JKF 2008-04-22 Using Janet-provided copy of the zone. > forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; > 128.86.8.85; 128.86.8.120; 128.86.8.245; }; > }; zone "pbl.spamhaus.org" { > type forward; > forward only; > // JKF 2008-04-22 Using Janet-provided copy of the zone. > forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; > 128.86.8.85; 128.86.8.120; 128.86.8.245; }; > }; zone "xbl.spamhaus.org" { > type forward; > forward only; > // JKF 2008-04-22 Using Janet-provided copy of the zone. > forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; > 128.86.8.85; 128.86.8.120; 128.86.8.245; }; > }; > zone "zen.spamhaus.org" { > type forward; > forward only; > // JKF 2008-04-22 Using Janet-provided copy of the zone. > forwarders { 194.82.174.182; 194.83.56.228; 194.83.56.244; > 128.86.8.85; 128.86.8.120; 128.86.8.245; }; > }; > > Once a month or so, you should check the list of IP addresses you give > in the lines above against what you get from the command > dig ns.mail-abuse.ja.net. A > to make sure your list of IP addresses is up to date. I have asked them > to set up an announcements mailing list for us to join so that we get > notification of any changes to the list of IP addresses. I'll let you > know what I hear about this. > > They will shortly update their web pages to reflect this new service. > > I hope this is useful to all the ac.uk sites out there! > > Jules > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From P.G.M.Peters at utwente.nl Wed Apr 23 13:00:20 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Wed Apr 23 13:01:01 2008 Subject: Watermark checking doesn't work In-Reply-To: <480EFAF2.1000706@coders.co.uk> References: <47FC89BE.1090304@anymore.nl> <6beca9db0804221452u285a25acna0a3d267e059fbc3@mail.gmail.com> <480EE2AE.4050506@utwente.nl> <480EFAF2.1000706@coders.co.uk> Message-ID: <480F24D4.1080709@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Hampton wrote on 23-4-2008 11:01: >> Both smtp.iaf.nl and mailscanner1.noc.iaf.nl run MailScanner with >> watermarking enabled. So I think smtp.iaf.nl should detect the watermark. >> >> > What do the logs say? If shows MS has skipped spam scanning. Because of the size of the logfile (over 4GB) we didn't check it thorough enough. >>> X-IAF-MailScanner: Found to be clean, Found to be clean >>> X-IAF-MailScanner-From: p.g.m.peters@utwente.nl >> >> Both IAF MailScanners seems to have scanned the message. Both have added >> "Found to be clean". >> Multiple Headers = append > > Clean is from the Virus checker.... Virus checking is not skipped when a > valid water mark is detected..... I would have expected to have the e-mail unscanned fully. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIDyTUelLo80lrIdIRAsIjAJ9y9UmjlKcj4bJH9cNDKpPL4PqpQQCeJhuM o7qRHurKLnuk+rnFyfZdzyM= =qN1M -----END PGP SIGNATURE----- From bbecken at aafp.org Wed Apr 23 15:24:29 2008 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Apr 23 15:25:10 2008 Subject: Missing packages when using the version option Message-ID: <480F004C.D87E.0068.3@aafp.org> Running "MailScanner --version" does not show the following packages as being installed: perl-Math-BigRat perl-Test-Simple pkgs: MailScanner-4.68.8-1.rpm.tar.gz install-Clam-0.93-SA-3.2.4.tar.gz I checked the MailScanner "install.sh" and those packages are present. Minor request to have those packages added so they show up as MailScanner packages during the --version. thanks. Brad From MailScanner at ecs.soton.ac.uk Wed Apr 23 15:28:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 23 15:31:36 2008 Subject: more on the "extracting attachments and 100% cpu" issue In-Reply-To: <20080423135627.GI6265@logger.dc-uoit.net> References: <20080422215833.GH6265@logger.dc-uoit.net> <480EE3D9.1020103@ecs.soton.ac.uk> <20080423123240.GA5319@logger.dc-uoit.net> <480F343E.6080302@ecs.soton.ac.uk> <20080423135627.GI6265@logger.dc-uoit.net> Message-ID: <480F4797.2080703@ecs.soton.ac.uk> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 264 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080423/577c1b15/PGP.bin From davejones70 at gmail.com Wed Apr 23 15:16:38 2008 From: davejones70 at gmail.com (Dave Jones) Date: Wed Apr 23 15:35:12 2008 Subject: MailScanner defunct processes Message-ID: <67a55ed50804230716t33b0e16ak7d3964446aee31b0@mail.gmail.com> >> [root@server2 MailScanner]# MailScanner --debug >> In Debugging mode, not forking... >> Trying to setlogsock(unix) >> SpamAssassin temp dir = /mnt/ramdisk/SpamAssassin-Temp >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1088. >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1090. >> Building a message batch to scan... >> Have a batch of 30 messages. >> Error PPS:0 >> >There's your problem. I don't know what is generating "Error PPS:0" but >that's certainly the problem. Do a > grep -rl 'Error PPS' /usr/lib/perl5 >and see what it says. >Jules [root@server2 MailScanner]# grep -rl 'Error PPS' /usr/lib/perl5 /usr/lib/perl5/site_perl/5.8.8/OLE/Storage_Lite.pm [root@server2 MailScanner]# -- Dave Jones From darren at torsion.co.uk Wed Apr 23 15:36:41 2008 From: darren at torsion.co.uk (Darren Walker) Date: Wed Apr 23 15:39:09 2008 Subject: Clamav problem In-Reply-To: <463CAF50.8030305@ecs.soton.ac.uk> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu><085b01c78f29$f30cc540$0301a8c0@SAHOMELT> <463CAF50.8030305@ecs.soton.ac.uk> Message-ID: <02a601c8a54f$75f689f0$1001a8c0@Lappy2> Hi I have been running MailScanner Clam and Fprot for some months on a Centos/BlueQuartz server. The last few days Clam has been hogging 70-80% of the CPU and I cant find a way to turn it off or uninstall it. I know this may be a bit 'off list' but can anyone tell me how I can stop it. Thanks Darren -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 23 16:29:35 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 23 16:30:21 2008 Subject: 4.69.7 -- 100% CPU bug fixed Message-ID: <480F55DF.7020602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have fixed the bug that exhibits as MailScanner freezing while occupying 100% CPU time around the time it is extracting attachments. This only occurs when "--debug-sa" is set or the "Debug SpamAssassin = yes" setting is made. Download as usual from www.mailscanner.info. Best regards, Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFID1XgEfZZRxQVtlQRAixWAJ4+pZDFNI33dImYOwB8IrKhVa4WbQCg5/WC E19Ky7lIocNZ9NOGpBKmpNA= =wS7n -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 23 16:31:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 23 16:32:19 2008 Subject: Missing packages when using the version option In-Reply-To: <480F004C.D87E.0068.3@aafp.org> References: <480F004C.D87E.0068.3@aafp.org> Message-ID: <480F566F.7040602@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brad Beckenhauer wrote: > Running "MailScanner --version" does not show the following packages as > being installed: > > perl-Math-BigRat > perl-Test-Simple > > pkgs: > MailScanner-4.68.8-1.rpm.tar.gz > install-Clam-0.93-SA-3.2.4.tar.gz > > I checked the MailScanner "install.sh" and those packages are present. > Minor request to have those packages added so they show up as > MailScanner packages during the --version. > > Those are present in the latest release, so I must have already fixed that. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFID1ZwEfZZRxQVtlQRAvwlAJ42RGn9udwRoJO/MiE/KJLTYasLwwCfe9Nr 4fZlptHuNwEVd/+ltFmVkX8= =pWWc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From admin at lctn.org Wed Apr 23 16:49:20 2008 From: admin at lctn.org (admin@lctn.org) Date: Wed Apr 23 16:50:30 2008 Subject: spamassassin rules Message-ID: <1435277.01208965759958.JavaMail.root@mail.lctn.org> Anyone already have some spamassassin rules configured for content filtering in english and spanish? I am setting up a student email server for our member school districts, and this has been requested. -- Raymond Norton LCTN -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080423/e82f6ea8/attachment.html From Kevin_Miller at ci.juneau.ak.us Wed Apr 23 17:23:42 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Apr 23 17:23:12 2008 Subject: Feature List - startup script enhancement Message-ID: I don't know if this would be easy to implement or not, but thought I'd throw it out anyway. I'm using sendmail with milters and adding a whitelist entry is a (minor) pain because I have to stop MailScanner, then the milters, make the edit, then restart it all again. Naturally, the milters have to be started before sendmail. MailScanner starts the sendmail daemon, of course, so what I was wondering is if the MailScanner startup script could be modified such that the milters are started before sendmail. Since there's no way to know what milters are running, or how many, the script would probably have to have something like a PRELOAD (and probably POSTUNLOAD) variable pointing to a text file listing the milters to start - say, /etc/MailScaner/milters.conf. If it's empty, it's skipped. If not, the milters are loaded before sendmail or postfix or whatever. If that's easy, I think it would be a nice feature. If it's a pain to implement, then don't worry about it. Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From bbecken at aafp.org Wed Apr 23 17:24:08 2008 From: bbecken at aafp.org (Brad Beckenhauer) Date: Wed Apr 23 17:24:57 2008 Subject: Missing packages when using the version option In-Reply-To: <480F566F.7040602@ecs.soton.ac.uk> References: <480F004C.D87E.0068.3@aafp.org> <480F566F.7040602@ecs.soton.ac.uk> Message-ID: <480F1C57.D87E.0068.3@aafp.org> >>> On 4/23/2008 at 10:31 AM, in message <480F566F.7040602@ecs.soton.ac.uk>, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Brad Beckenhauer wrote: >> Running "MailScanner --version" does not show the following packages as >> being installed: >> >> perl-Math-BigRat >> perl-Test-Simple >> >> pkgs: >> MailScanner-4.68.8-1.rpm.tar.gz >> install-Clam-0.93-SA-3.2.4.tar.gz >> >> I checked the MailScanner "install.sh" and those packages are present. >> Minor request to have those packages added so they show up as >> MailScanner packages during the --version. >> >> > Those are present in the latest release, so I must have already fixed that. > > Jules > I am running the current version: 4.68.8-1. The perl-Math-BigRat and perl-Test-Simple packages are present in the tarball, but perl-Math-BigRat and perl-Test-Simple are not listed when you do a "MailScanner --version". [root]# MailScanner --version | grep Simple [root]# MailScanner --version | grep BigRat Or am I missing something? # MailScanner --version Running on Linux mx.aafp.org 2.6.18-53.1.14.el5 #1 SMP Wed Mar 5 11:36:49 EST 2008 i686 i686 i386 GNU/Linux This is CentOS release 5 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.68.8 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 1.04 Carp 2.008 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.19 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.18 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.13 Sys::Syslog 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.29 Archive::Tar 0.21 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.14 DBD::SQLite 1.602 DBI 1.10 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 missing Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.35 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.21 Mail::ClamAV 3.002004 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.52 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML [root]# MailScanner --version | grep Simple [root]# MailScanner --version | grep BigRat > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-1 > > wj8DBQFID1ZwEfZZRxQVtlQRAvwlAJ42RGn9udwRoJO/MiE/KJLTYasLwwCfe9Nr > 4fZlptHuNwEVd/+ltFmVkX8= > =pWWc > -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Wed Apr 23 17:51:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 23 17:52:05 2008 Subject: Feature List - startup script enhancement In-Reply-To: References: Message-ID: <480F6909.5080608@ecs.soton.ac.uk> The milters should be started and stopped independently of sendmail (and hence MailScanner). Your milters should have their own init.d scripts. What are you adding the "whitelist entry" to? I use 2 or 3 milters with sendmail (and MailScanner) and don't start or stop the milters at all. Kevin Miller wrote: > I don't know if this would be easy to implement or not, but thought I'd > throw it out anyway. > > I'm using sendmail with milters and adding a whitelist entry is a > (minor) pain because I have to stop MailScanner, then the milters, make > the edit, then restart it all again. > > Naturally, the milters have to be started before sendmail. MailScanner > starts the sendmail daemon, of course, so what I was wondering is if the > MailScanner startup script could be modified such that the milters are > started before sendmail. Since there's no way to know what milters are > running, or how many, the script would probably have to have something > like a PRELOAD (and probably POSTUNLOAD) variable pointing to a text > file listing the milters to start - say, /etc/MailScaner/milters.conf. > If it's empty, it's skipped. If not, the milters are loaded before > sendmail or postfix or whatever. > > If that's easy, I think it would be a nice feature. If it's a pain to > implement, then don't worry about it. > > Thanks... > > ...Kevin > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Wed Apr 23 18:08:07 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Apr 23 18:07:30 2008 Subject: Feature List - startup script enhancement In-Reply-To: <480F6909.5080608@ecs.soton.ac.uk> References: <480F6909.5080608@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > The milters should be started and stopped independently of sendmail > (and hence MailScanner). Your milters should have their own init.d > scripts. Some would argue that sendmail/postfix/etc should be started independently. I don't, of course, hold that viewpoint. The two milters I'm runnign are smf-spf and smf-sav. They do have their own init scripts. > What are you adding the "whitelist entry" to? Mostly the smf-sav conf file. It seems that businesses like to get designer domains, but when they send to us from those domains I get tempfails on the SAV. I usually suggest that the business talk to their email provider to enable address verification, but generally they haven't a clue, and the email associated w/their domain is hosted by some 3rd party site that may or may not have good tech support. Since it's always the bigwigs that cant' get their mail, a whitelist entry is the path of least resistance. > I use 2 or 3 milters with sendmail (and MailScanner) and don't start > or stop the milters at all. So you're never white/blacklisting in the milters? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Wed Apr 23 18:12:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 23 18:13:03 2008 Subject: Missing packages when using the version option In-Reply-To: <480F1C57.D87E.0068.3@aafp.org> References: <480F004C.D87E.0068.3@aafp.org> <480F566F.7040602@ecs.soton.ac.uk> <480F1C57.D87E.0068.3@aafp.org> Message-ID: <480F6DF5.7010200@ecs.soton.ac.uk> Brad Beckenhauer wrote: >>>> On 4/23/2008 at 10:31 AM, in message >>>> > <480F566F.7040602@ecs.soton.ac.uk>, Julian > Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Brad Beckenhauer wrote: >> >>> Running "MailScanner --version" does not show the following packages >>> > as > >>> being installed: >>> >>> perl-Math-BigRat >>> perl-Test-Simple >>> >>> pkgs: >>> MailScanner-4.68.8-1.rpm.tar.gz >>> install-Clam-0.93-SA-3.2.4.tar.gz >>> >>> I checked the MailScanner "install.sh" and those packages are >>> > present. > >>> Minor request to have those packages added so they show up as >>> MailScanner packages during the --version. >>> >>> >>> >> Those are present in the latest release, so I must have already fixed >> > that. > >> Jules >> >> > > I am running the current version: 4.68.8-1. > The perl-Math-BigRat and perl-Test-Simple packages are present in the > tarball, but perl-Math-BigRat and perl-Test-Simple are not listed when > you do a "MailScanner --version". > > [root]# MailScanner --version | grep Simple > [root]# MailScanner --version | grep BigRat > > Or am I missing something? > > # MailScanner --version > Running on > Linux mx.aafp.org 2.6.18-53.1.14.el5 #1 SMP Wed Mar 5 11:36:49 EST 2008 > i686 i686 i386 GNU/Linux > This is CentOS release 5 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.68.8 > Module versions are: > 1.00 AnyDBM_File > 1.23 Archive::Zip > 1.04 Carp > 2.008 Compress::Zlib > 1.119 Convert::BinHex > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.19 File::Temp > 0.92 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 3.05 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.03 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.09 POSIX > 1.18 Scalar::Util > 1.78 Socket > 1.4 Sys::Hostname::Long > 0.13 Sys::Syslog > 1.68 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.29 Archive::Tar > 0.21 bignum > 1.82 Business::ISBN > 1.10 Business::ISBN::Data > 1.08 Data::Dump > 1.814 DB_File > 1.14 DBD::SQLite > 1.602 DBI > 1.10 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.10 Digest::SHA1 > missing Encode::Detect > 0.17008 Error > 0.18 ExtUtils::CBuilder > 2.18 ExtUtils::ParseXS > 2.35 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.04 IO::Zlib > 2.21 IP::Country > 0.21 Mail::ClamAV > 3.002004 Mail::SpamAssassin > v2.004 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > 0.002.2 Net::DNS::Resolver::Programmable > missing Net::LDAP > 4.004 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.52 Test::Harness > 0.95 Test::Manifest > 1.98 Text::Balanced > 1.35 URI > 0.7203 version > 0.62 YAML > [root]# MailScanner --version | grep Simple > [root]# MailScanner --version | grep BigRat > Found and fixed. It will be in the next release. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Apr 23 20:16:35 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Apr 23 20:17:59 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: <480EC18D.7060100@vanderkooij.org> References: <480BC718.3000206@vanderkooij.org><223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com><223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com><31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> <223f97700804220241i5420aae7k7ea52f80697548ca@mail.gmail.com> <480DFB2E.4020706@alexb.ch> <480EC18D.7060100@vanderkooij.org> Message-ID: on 4-22-2008 9:56 PM Hugo van der Kooij spake the following: > Paul Hutchings wrote: > | I suppose it's a conversation for a different list so hope I'm not going > | too OT here, but without getting into the wars about standard X vs > | standard Y, is it actually worth the effort of getting DKIM working in > | peoples opinions? > | > | We use SPF and obviously it doesn't stop spam but it does stop spoofing. > | > | DKIM/DomainKeys seems to make me a "good net citizen" but at present my > | understanding is all it really does is authenticates? > > One of the main DKIM players is yahoo. Another is google. I happen to > get a lot of spam with valid DKIM stuff from Yahoo. Others are not keen > on Google. So it seems to me DKIM is not adding anything except a large > header block to each message. > > Hugo. > DKIM is only as valuable as SPF. It lets you know if a mail came from the servers it says it did. Many ISP's send lots of spam, and don't seem to try and stop it. Neither technology helps here. It takes a lot of processor power and a good set of rules to catch spam. And then if you do some post work like blocking persistent sources for a period of time, you get more benefits. As for spam from Yahoo, I don't think I get much valid mail from yahoo, and I have thought about writing a meta rule for DKIM that cancels any score help if it comes from yahoo or google. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080423/94617f3d/signature.bin From jaearick at colby.edu Wed Apr 23 20:36:45 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Apr 23 20:37:36 2008 Subject: problems with dkim-milter and mailscanner/postfix In-Reply-To: References: <480BC718.3000206@vanderkooij.org><223f97700804210525q2d33f321te90f9f3a7ac2d302@mail.gmail.com><223f97700804211056q2feaadbeu1ad760e60df42eeb@mail.gmail.com><31da51d50804220010y1c35c7a3m8aa44d2bfeed672e@mail.gmail.com> <223f97700804220241i5420aae7k7ea52f80697548ca@mail.gmail.com> <480DFB2E.4020706@alexb.ch> <480EC18D.7060100@vanderkooij.org> Message-ID: On Wed, 23 Apr 2008, Scott Silva wrote: > on 4-22-2008 9:56 PM Hugo van der Kooij spake the following: >> Paul Hutchings wrote: >> | I suppose it's a conversation for a different list so hope I'm not going >> | too OT here, but without getting into the wars about standard X vs >> | standard Y, is it actually worth the effort of getting DKIM working in >> | peoples opinions? >> | >> | We use SPF and obviously it doesn't stop spam but it does stop spoofing. >> | >> | DKIM/DomainKeys seems to make me a "good net citizen" but at present my >> | understanding is all it really does is authenticates? >> >> One of the main DKIM players is yahoo. Another is google. I happen to >> get a lot of spam with valid DKIM stuff from Yahoo. Others are not keen >> on Google. So it seems to me DKIM is not adding anything except a large >> header block to each message. >> >> Hugo. >> > DKIM is only as valuable as SPF. It lets you know if a mail came from the > servers it says it did. Many ISP's send lots of spam, and don't seem to try > and stop it. Neither technology helps here. It takes a lot of processor power > and a good set of rules to catch spam. And then if you do some post work like > blocking persistent sources for a period of time, you get more benefits. > > As for spam from Yahoo, I don't think I get much valid mail from yahoo, and I > have thought about writing a meta rule for DKIM that cancels any score help > if it comes from yahoo or google. I just deployed dkim-milter a week or so ago; I had an SPF entry for a long time. Other than the clutter in the mail headers, I haven't noticed any difference in spam. The one thing I did notice with SpamAssassin is that references to DKIM_SIGNED disappeared from the "MailScanner ... is spam, SpamAssassin (..." syslogging coming from MailScanner, after dkim-milter went live. Jeff Earickson Colby College From peter at farrows.org Wed Apr 23 20:42:58 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Apr 23 20:43:49 2008 Subject: Watermarking Message-ID: <480F9142.9090205@farrows.org> Hi There, is there a way of watermarking without having the full blown mailscanner operation. My clients email out through their Linux firewall/smarthosts, but the return mail comes back through a cluster of scanners. Watermarking here causes them not to receive delivery failure reports, unless they smarthost outgoing through my servers which I don't want to do for volume reasons. What I would like to do is use a sendmail milter of some description, on the clients outbound relays, to add a watermark generated from the same "secret" which my scanners can verify if it comes back through the mailscanner servers as a failure notice. If the answer is no, I'll build a cluster of outgoing only customer relays with Mailscanner on them and get all clients to use it as a smarthoust... Regards Pete -- horizontal ruler Peter Farrow Inexcom Logo Inexcom Ltd Office: 08450 949 747 Fax: 01249 461 548 Mobile: 07799605617 Skype: peter_farrow Web: www.inexcom.co.uk Registered in England and Wales, number:05598456 -------------- next part -------------- Skipped content of type multipart/related From hvdkooij at vanderkooij.org Thu Apr 24 06:15:02 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 24 06:15:56 2008 Subject: Clamav problem In-Reply-To: <02a601c8a54f$75f689f0$1001a8c0@Lappy2> References: <20070504123613.hz8h28ltwkcko8o8@luna.eco.unibs.it> <463B5E8A.2080400@sendit.nodak.edu><085b01c78f29$f30cc540$0301a8c0@SAHOMELT> <463CAF50.8030305@ecs.soton.ac.uk> <02a601c8a54f$75f689f0$1001a8c0@Lappy2> Message-ID: <48101756.2090403@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Darren Walker wrote: | Hi | I have been running MailScanner Clam and Fprot for some months on a | Centos/BlueQuartz server. The last few days Clam has been hogging 70-80% of | the CPU and I cant find a way to turn it off or uninstall it. I know this | may be a bit 'off list' but can anyone tell me how I can stop it. Stop calling it from MS. Look for this line and read the comments in the config file: Virus Scanners = Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIEBdUBvzDRVjxmYERAk12AJ9ik187bPsp9zFIzreccRyxNtx3RwCdGrbn aPmSWnwQXpi6kqlCWJnFzCQ= =m3Lr -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Apr 24 06:35:35 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Apr 24 06:36:09 2008 Subject: Watermarking In-Reply-To: <480F9142.9090205@farrows.org> References: <480F9142.9090205@farrows.org> Message-ID: <48101C27.9040805@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Farrow wrote: | Hi There, | | is there a way of watermarking without having the full blown mailscanner | operation. If you disable most of the features then wouldn't accomplish the same task? Don't scan, don't ..... Just a thought. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIEBwlBvzDRVjxmYERAlhKAKCV/ncSxy3dYLGrSuMCccafp1kzoQCgnMG4 fHqclYFoYaawaHyhKuudsa0= =9lDh -----END PGP SIGNATURE----- From ismail at ismailozatay.net Thu Apr 24 07:46:57 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Thu Apr 24 07:47:39 2008 Subject: install mailscanner on un-buntu 7.10 Message-ID: <004a01c8a5d6$fda8c660$65cba8c0@pc> hi there ; i am trying to install mailscanner on my ubuntu 7.10 server with postfix.first i installed it from tarball but did not work.then i installed it with apt-get install mailscanner and set mailscanner.conf file.when i start the daemon i get these errors ; Variable "$FIELD_NAME" is not imported at /usr/share/MailScanner/MailScanner/Message.pm line 6367. Variable "$FIELD_NAME" is not imported at /usr/share/MailScanner/MailScanner/Message.pm line 6370. Global symbol "$FIELD_NAME" requires explicit package name at /usr/share/MailScanner/MailScanner/Message.pm line 6367. Global symbol "$FIELD_NAME" requires explicit package name at /usr/share/MailScanner/MailScanner/Message.pm line 6370. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. how can i install mailscanner on ubuntu 7.10 without any problems. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080424/f91e7490/attachment.html From neilw at dcdata.co.za Thu Apr 24 08:23:30 2008 From: neilw at dcdata.co.za (Neil Wilson) Date: Thu Apr 24 08:26:39 2008 Subject: Mailscanner upgrade Message-ID: <48103572.1070205@dcdata.co.za> Hi guys, I've just tried to upgrade my MS on a Slackware server and when I try start MS I get the following errrors. Starting MailScanner... Variable "$FIELD_NAME" is not imported at /opt/MailScanner/lib/MailScanner/Message.pm line 6040. Variable "$FIELD_NAME" is not imported at /opt/MailScanner/lib/MailScanner/Message.pm line 6043. Global symbol "$FIELD_NAME" requires explicit package name at /opt/MailScanner/lib/MailScanner/Message.pm line 6040. Global symbol "$FIELD_NAME" requires explicit package name at /opt/MailScanner/lib/MailScanner/Message.pm line 6043. Compilation failed in require at /opt/MailScanner/bin/MailScanner line 79. BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner line 79. Slackware 10.2.0 This is perl, v5.8.6 built for i486-linux Any help will be greatly appreciated. Thanks. Regards. Neil This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From peter at farrows.org Thu Apr 24 08:42:38 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Apr 24 08:43:40 2008 Subject: Watermarking In-Reply-To: <48101C27.9040805@vanderkooij.org> References: <480F9142.9090205@farrows.org> <48101C27.9040805@vanderkooij.org> Message-ID: <481039EE.5050500@farrows.org> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Farrow wrote: > | Hi There, > | > | is there a way of watermarking without having the full blown > mailscanner > | operation. > > If you disable most of the features then wouldn't accomplish the same > task? Don't scan, don't ..... > > Just a thought. > > Hugo. > Yes but... thats a lot of unecessary code...just wondered if there was an alternative... Pete -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk From MailScanner at ecs.soton.ac.uk Thu Apr 24 08:51:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 24 08:52:05 2008 Subject: Mailscanner upgrade In-Reply-To: <48103572.1070205@dcdata.co.za> References: <48103572.1070205@dcdata.co.za> Message-ID: <48103BF9.6080608@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Make sure you upgrade all the dependencies as well. Neil Wilson wrote: > Hi guys, > > I've just tried to upgrade my MS on a Slackware server and when I try > start MS I get the following errrors. > > Starting MailScanner... > Variable "$FIELD_NAME" is not imported at > /opt/MailScanner/lib/MailScanner/Message.pm line 6040. > Variable "$FIELD_NAME" is not imported at > /opt/MailScanner/lib/MailScanner/Message.pm line 6043. > Global symbol "$FIELD_NAME" requires explicit package name at > /opt/MailScanner/lib/MailScanner/Message.pm line 6040. > Global symbol "$FIELD_NAME" requires explicit package name at > /opt/MailScanner/lib/MailScanner/Message.pm line 6043. > Compilation failed in require at /opt/MailScanner/bin/MailScanner line > 79. > BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner > line 79. > > Slackware 10.2.0 > This is perl, v5.8.6 built for i486-linux > > Any help will be greatly appreciated. > > Thanks. > > Regards. > > Neil > > This email and all contents are subject to the following disclaimer: > http://www.dcdata.co.za/emaildisclaimer.html > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEDv6EfZZRxQVtlQRAlWCAKCMljdGngPGgd7h36KCxFBcec6AiACeP1Dn hPJaJBh77Ba7xvfKM8Q3Yfc= =d5L6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 24 08:51:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 24 08:52:21 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <004a01c8a5d6$fda8c660$65cba8c0@pc> References: <004a01c8a5d6$fda8c660$65cba8c0@pc> Message-ID: <48103C12.7000203@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 They have obviously missed a dependency. Start with perl-MailTools. Ismail OZATAY wrote: > hi there ; > > i am trying to install mailscanner on my ubuntu 7.10 server with > postfix.first i installed it from tarball but did not work.then i > installed it with apt-get install mailscanner and set mailscanner.conf > file.when i start the daemon i get these errors ; > > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > how can i install mailscanner on ubuntu 7.10 without any problems. > > Thanks Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-9 wj8DBQFIEDwTEfZZRxQVtlQRAu9aAKCWJn5zkCvD6ugOlRA9M5qJlMvLiACfVBc4 Q2kC203vbg1/Jj+L2P4OBig= =DHH2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 24 08:56:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 24 08:56:21 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <004a01c8a5d6$fda8c660$65cba8c0@pc> References: <004a01c8a5d6$fda8c660$65cba8c0@pc> Message-ID: <48103D16.8040009@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Around line 6357 of Message.pm, please can you confirm it says our $FIELD_NAME = '[^\x00-\x1f\x7f-\xff :]+:'; please? Ismail OZATAY wrote: > hi there ; > > i am trying to install mailscanner on my ubuntu 7.10 server with > postfix.first i installed it from tarball but did not work.then i > installed it with apt-get install mailscanner and set mailscanner.conf > file.when i start the daemon i get these errors ; > > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > how can i install mailscanner on ubuntu 7.10 without any problems. > > Thanks Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-9 wj8DBQFIED0WEfZZRxQVtlQRAqflAJ4oDOJq2PJEc8DaI7vA0EAoCTvlagCdENs6 ELeTg3Hwr1JKLnj+m/Xl+vI= =LZ93 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Thu Apr 24 09:25:26 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Apr 24 09:26:19 2008 Subject: Watermarking In-Reply-To: <481039EE.5050500@farrows.org> Message-ID: <0f85d0280f8b704a9b0342504fc67eea@solidstatelogic.com> Peter We'll you could always forward to the incoming MS machines, and not scan messages for those trusted IP's. If you send from a non-MX ip-address for a domain you can end up with other issues WRT to people scanning that email. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Peter Farrow > Sent: 24 April 2008 08:43 > To: MailScanner discussion > Subject: Re: Watermarking > > Hugo van der Kooij wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Peter Farrow wrote: > > | Hi There, > > | > > | is there a way of watermarking without having the full blown > > mailscanner > > | operation. > > > > If you disable most of the features then wouldn't accomplish the same > > task? Don't scan, don't ..... > > > > Just a thought. > > > > Hugo. > > > Yes but... thats a lot of unecessary code...just wondered if there was > an alternative... > > Pete > > > > -- > This message has been scanned for viruses and > dangerous content by the Inexcom system Scanner, > and is believed to be clean. > Advanced heuristic mail scanning server [-]. > http://www.inexcom.co.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From neilw at dcdata.co.za Thu Apr 24 09:44:03 2008 From: neilw at dcdata.co.za (Neil Wilson) Date: Thu Apr 24 09:47:11 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <48103D16.8040009@ecs.soton.ac.uk> References: <004a01c8a5d6$fda8c660$65cba8c0@pc> <48103D16.8040009@ecs.soton.ac.uk> Message-ID: <48104853.1070304@dcdata.co.za> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Around line 6357 of Message.pm, please can you confirm it says > our $FIELD_NAME = '[^\x00-\x1f\x7f-\xff :]+:'; > please? > My Message.pm is only 6231 lines long. Line 6066 $arr->[1] =~ /\A$FIELD_NAME/o; # JKF End mod here Line 6069 while(scalar(@{$arr}) && $arr->[0] =~ /\A($FIELD_NAME|From )/o) These are the only references to FIELD_NAME Should I download my MailTools and install from a cpan module? This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From neilw at dcdata.co.za Thu Apr 24 10:07:34 2008 From: neilw at dcdata.co.za (Neil Wilson) Date: Thu Apr 24 10:10:46 2008 Subject: Mailscanner upgrade In-Reply-To: <48103BF9.6080608@ecs.soton.ac.uk> References: <48103572.1070205@dcdata.co.za> <48103BF9.6080608@ecs.soton.ac.uk> Message-ID: <48104DD6.4040405@dcdata.co.za> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Make sure you upgrade all the dependencies as well. Ok I found the problem.. /opt/MailScanner is a symlink to the correct version, but this was still pointing to my old version. 2008-04-24 10:53 MailScanner -> MailScanner-4.68.8-1/ 2006-08-01 10:02 MailScanner-4.55.9/ 2008-04-01 17:28 MailScanner-4.68.8-1/ Hope this helps others... Thanks Jules! This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From MailScanner at ecs.soton.ac.uk Thu Apr 24 10:36:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 24 10:37:37 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <48104853.1070304@dcdata.co.za> References: <004a01c8a5d6$fda8c660$65cba8c0@pc> <48103D16.8040009@ecs.soton.ac.uk> <48104853.1070304@dcdata.co.za> Message-ID: <481054AF.4030805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neil Wilson wrote: > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Around line 6357 of Message.pm, please can you confirm it says >> our $FIELD_NAME = '[^\x00-\x1f\x7f-\xff :]+:'; >> please? >> > > My Message.pm is only 6231 lines long. > > Line 6066 $arr->[1] =~ /\A$FIELD_NAME/o; > # JKF End mod here > > Line 6069 while(scalar(@{$arr}) && $arr->[0] =~ /\A($FIELD_NAME|From > )/o) > > These are the only references to FIELD_NAME > > Should I download my MailTools and install from a cpan module? How old is your version of MailScanner? I suspect you need to upgrade to fix this problem. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-9 wj8DBQFIEFSwEfZZRxQVtlQRArrAAKCYwRmTERuSf9K/62jJY3UUcRY+NgCfa4hV FcJXhhnTH/eW1+x27F23DWk= =H/TR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Thu Apr 24 13:25:43 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Apr 24 13:26:37 2008 Subject: Watermarking In-Reply-To: <480F9142.9090205@farrows.org> References: <480F9142.9090205@farrows.org> Message-ID: <48107C47.6080300@nerc.ac.uk> Peter Farrow wrote: > What I would like to do is use a sendmail milter of some description, on the > clients outbound relays, to add a watermark generated from the same "secret" > which my scanners can verify if it comes back through the mailscanner servers as > a failure notice. milter-null. install it on both in and outbound MTAs using the same secret. GREG > > If the answer is no, I'll build a cluster of outgoing only customer relays with > Mailscanner on them and get all clients to use it as a smarthoust... > > Regards > > Pete > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From Carl.Andrews at crackerbarrel.com Thu Apr 24 14:38:47 2008 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Thu Apr 24 14:39:27 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <004a01c8a5d6$fda8c660$65cba8c0@pc> Message-ID: I am running Ubuntu also and have the same problem - since 7.10 I believe, running 8.04 now. You need to install libmailtools-perl_1.74-1_all.deb to correct it. After running any system updates (apt-get update && apt-get dist-upgrade, etc) you will have to reinstall libmailtools-perl_1.74-1_all.deb. You should be able to get a copy from here -> http://mirror.ne.gov/ubuntu/pool/universe/libm/libmailtools-perl/ once downloaded: sudo dpkg -i libmailtools-perl_1.74-1_all.deb ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ismail OZATAY Sent: Thursday, April 24, 2008 1:47 AM To: MailScanner discussion Subject: install mailscanner on un-buntu 7.10 hi there ; i am trying to install mailscanner on my ubuntu 7.10 server with postfix.first i installed it from tarball but did not work.then i installed it with apt-get install mailscanner and set mailscanner.conf file.when i start the daemon i get these errors ; Variable "$FIELD_NAME" is not imported at /usr/share/MailScanner/MailScanner/Message.pm line 6367. Variable "$FIELD_NAME" is not imported at /usr/share/MailScanner/MailScanner/Message.pm line 6370. Global symbol "$FIELD_NAME" requires explicit package name at /usr/share/MailScanner/MailScanner/Message.pm line 6367. Global symbol "$FIELD_NAME" requires explicit package name at /usr/share/MailScanner/MailScanner/Message.pm line 6370. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. how can i install mailscanner on ubuntu 7.10 without any problems. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080424/967a049d/attachment.html From MailScanner at ecs.soton.ac.uk Thu Apr 24 15:32:32 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 24 15:33:26 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: References: Message-ID: <48109A00.7090707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does this apply to the latest version of MailScanner? The latest Ubuntu version appears to be 4.58, which is well over 1 year old! No wonder it doesn't work with the latest versions of everything else :-( Great, they include my software, but never actually test that their build works :-( I am about to test the 8.04 release to see if this fixes the problem. Andrews Carl 455 wrote: > I am running Ubuntu also and have the same problem - since 7.10 I > believe, running 8.04 now. You need to install > libmailtools-perl_1.74-1_all.deb to correct it. After running any > system updates (apt-get update && apt-get dist-upgrade, etc) you will > have to reinstall libmailtools-perl_1.74-1_all.deb. You should be able > to get a copy from here -> > http://mirror.ne.gov/ubuntu/pool/universe/libm/libmailtools-perl/ > > once downloaded: > sudo dpkg -i libmailtools-perl_1.74-1_all.deb > > > > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Ismail OZATAY > *Sent:* Thursday, April 24, 2008 1:47 AM > *To:* MailScanner discussion > *Subject:* install mailscanner on un-buntu 7.10 > > hi there ; > > i am trying to install mailscanner on my ubuntu 7.10 server with > postfix.first i installed it from tarball but did not work.then i > installed it with apt-get install mailscanner and set mailscanner.conf > file.when i start the daemon i get these errors ; > > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > how can i install mailscanner on ubuntu 7.10 without any problems. > > Thanks Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEJoBEfZZRxQVtlQRAhfUAJ0Re65L4bLpD5NKou1uYTQ/QdnJ3ACgktWg zK/6R0XU1bUf4lNnMt958UE= =PJm6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From malli at mcrirents.com Thu Apr 24 16:46:06 2008 From: malli at mcrirents.com (Mohammed Alli) Date: Thu Apr 24 15:45:51 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <48109A00.7090707@ecs.soton.ac.uk> References: <48109A00.7090707@ecs.soton.ac.uk> Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FC89@exchange.computerrents.com> Can you let me know what version of MailScanner is included in Ubuntu 8.04? I'd like to upgrade to the latest Ubuntu. Thanks, -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, April 24, 2008 9:33 AM To: MailScanner discussion Subject: Re: install mailscanner on un-buntu 7.10 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does this apply to the latest version of MailScanner? The latest Ubuntu version appears to be 4.58, which is well over 1 year old! No wonder it doesn't work with the latest versions of everything else :-( Great, they include my software, but never actually test that their build works :-( I am about to test the 8.04 release to see if this fixes the problem. Andrews Carl 455 wrote: > I am running Ubuntu also and have the same problem - since 7.10 I > believe, running 8.04 now. You need to install > libmailtools-perl_1.74-1_all.deb to correct it. After running any > system updates (apt-get update && apt-get dist-upgrade, etc) you will > have to reinstall libmailtools-perl_1.74-1_all.deb. You should be able > to get a copy from here -> > http://mirror.ne.gov/ubuntu/pool/universe/libm/libmailtools-perl/ > > once downloaded: > sudo dpkg -i libmailtools-perl_1.74-1_all.deb > > > > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Ismail OZATAY > *Sent:* Thursday, April 24, 2008 1:47 AM > *To:* MailScanner discussion > *Subject:* install mailscanner on un-buntu 7.10 > > hi there ; > > i am trying to install mailscanner on my ubuntu 7.10 server with > postfix.first i installed it from tarball but did not work.then i > installed it with apt-get install mailscanner and set mailscanner.conf > file.when i start the daemon i get these errors ; > > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > how can i install mailscanner on ubuntu 7.10 without any problems. > > Thanks Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEJoBEfZZRxQVtlQRAhfUAJ0Re65L4bLpD5NKou1uYTQ/QdnJ3ACgktWg zK/6R0XU1bUf4lNnMt958UE= =PJm6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner at barendse.to Thu Apr 24 15:47:50 2008 From: mailscanner at barendse.to (mailscanner@barendse.to) Date: Thu Apr 24 15:47:59 2008 Subject: Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared Message-ID: <20080424-54733.6628.qmail@john-22qi1hdvd0> Dear mailscanner@lists.mailscanner.info From: MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Ladies and Gentlemen, Get Ready for.. Thought I would let you know about the Fashion Footwear SPRING Sale! Men and Women Designer Shoes, Heels, Sandals and Boots, All Half-OFF, Buy Direct, Forget Department Store Prices, Get Exclusive 2008 D&G, Gucci, Versace, Prada, Chanel, Christian Dior, Dsquared, Uggs and More! FREE International Shipping on all Orders! http://albertorg.com/sale/ From Carl.Andrews at crackerbarrel.com Thu Apr 24 15:51:40 2008 From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455) Date: Thu Apr 24 15:52:20 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <48109A00.7090707@ecs.soton.ac.uk> Message-ID: I am not certain. I could upgrade tonight and let you know. I am running ubuntu 8.04 and still need to "patch" after a complete distribution upgrade. I just looked and my version is 4.58.9-2ubuntu1. I never checked the version I just assumed it would be up to date :-(. Guess that is what I get for taking the easy route ... Apt-get install mailscanner -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, April 24, 2008 9:33 AM To: MailScanner discussion Subject: Re: install mailscanner on un-buntu 7.10 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does this apply to the latest version of MailScanner? The latest Ubuntu version appears to be 4.58, which is well over 1 year old! No wonder it doesn't work with the latest versions of everything else :-( Great, they include my software, but never actually test that their build works :-( I am about to test the 8.04 release to see if this fixes the problem. Andrews Carl 455 wrote: > I am running Ubuntu also and have the same problem - since 7.10 I > believe, running 8.04 now. You need to install > libmailtools-perl_1.74-1_all.deb to correct it. After running any > system updates (apt-get update && apt-get dist-upgrade, etc) you will > have to reinstall libmailtools-perl_1.74-1_all.deb. You should be able > to get a copy from here -> > http://mirror.ne.gov/ubuntu/pool/universe/libm/libmailtools-perl/ > > once downloaded: > sudo dpkg -i libmailtools-perl_1.74-1_all.deb > > > > ---------------------------------------------------------------------- > -- > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Ismail OZATAY > *Sent:* Thursday, April 24, 2008 1:47 AM > *To:* MailScanner discussion > *Subject:* install mailscanner on un-buntu 7.10 > > hi there ; > > i am trying to install mailscanner on my ubuntu 7.10 server with > postfix.first i installed it from tarball but did not work.then i > installed it with apt-get install mailscanner and set mailscanner.conf > file.when i start the daemon i get these errors ; > > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > how can i install mailscanner on ubuntu 7.10 without any problems. > > Thanks Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEJoBEfZZRxQVtlQRAhfUAJ0Re65L4bLpD5NKou1uYTQ/QdnJ3ACgktWg zK/6R0XU1bUf4lNnMt958UE= =PJm6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Thu Apr 24 15:58:34 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Apr 24 15:59:24 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9364FC89@exchange.computerrents.com> References: <48109A00.7090707@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FC89@exchange.computerrents.com> Message-ID: <4810A01A.4030008@USherbrooke.ca> Mohammed Alli a ?crit : > Can you let me know what version of MailScanner is included in Ubuntu > 8.04? I'd like to upgrade to the latest Ubuntu. > My Kubuntu 8.04 says: 4.58.9-2ubuntu1 (hardy). Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From malli at mcrirents.com Thu Apr 24 17:19:18 2008 From: malli at mcrirents.com (Mohammed Alli) Date: Thu Apr 24 16:18:56 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: References: <48109A00.7090707@ecs.soton.ac.uk> Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FC8A@exchange.computerrents.com> Well I'm currently using Ubuntu 7.10 with MailScanner v4.58.9. I am tempted to do an upgrade using the deb package, but heard that it installs it to /opt. If there was a way to upgrade without installing to the /opt directory, I think we would be good to go. I like to have the same install route as if we were doing an apt-get install. Can that be done with the .deb package, even if it's from a fresh install? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrews Carl 455 Sent: Thursday, April 24, 2008 9:52 AM To: MailScanner discussion Subject: RE: install mailscanner on un-buntu 7.10 I am not certain. I could upgrade tonight and let you know. I am running ubuntu 8.04 and still need to "patch" after a complete distribution upgrade. I just looked and my version is 4.58.9-2ubuntu1. I never checked the version I just assumed it would be up to date :-(. Guess that is what I get for taking the easy route ... Apt-get install mailscanner -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, April 24, 2008 9:33 AM To: MailScanner discussion Subject: Re: install mailscanner on un-buntu 7.10 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does this apply to the latest version of MailScanner? The latest Ubuntu version appears to be 4.58, which is well over 1 year old! No wonder it doesn't work with the latest versions of everything else :-( Great, they include my software, but never actually test that their build works :-( I am about to test the 8.04 release to see if this fixes the problem. Andrews Carl 455 wrote: > I am running Ubuntu also and have the same problem - since 7.10 I > believe, running 8.04 now. You need to install > libmailtools-perl_1.74-1_all.deb to correct it. After running any > system updates (apt-get update && apt-get dist-upgrade, etc) you will > have to reinstall libmailtools-perl_1.74-1_all.deb. You should be able > to get a copy from here -> > http://mirror.ne.gov/ubuntu/pool/universe/libm/libmailtools-perl/ > > once downloaded: > sudo dpkg -i libmailtools-perl_1.74-1_all.deb > > > > ---------------------------------------------------------------------- > -- > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Ismail OZATAY > *Sent:* Thursday, April 24, 2008 1:47 AM > *To:* MailScanner discussion > *Subject:* install mailscanner on un-buntu 7.10 > > hi there ; > > i am trying to install mailscanner on my ubuntu 7.10 server with > postfix.first i installed it from tarball but did not work.then i > installed it with apt-get install mailscanner and set mailscanner.conf > file.when i start the daemon i get these errors ; > > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > how can i install mailscanner on ubuntu 7.10 without any problems. > > Thanks Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEJoBEfZZRxQVtlQRAhfUAJ0Re65L4bLpD5NKou1uYTQ/QdnJ3ACgktWg zK/6R0XU1bUf4lNnMt958UE= =PJm6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From kevin.murphy at midland-ics.ie Thu Apr 24 16:20:05 2008 From: kevin.murphy at midland-ics.ie (Kevin Murphy) Date: Thu Apr 24 16:21:22 2008 Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared In-Reply-To: <20080424-54733.6628.qmail@john-22qi1hdvd0> References: <20080424-54733.6628.qmail@john-22qi1hdvd0> Message-ID: <00ba01c8a61e$ad52e5e0$07f8b1a0$@murphy@midland-ics.ie> Hello All My recently upgrade MS/SA has picked up a virus. Is it real? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of mailscanner@barendse.to Sent: 24 April 2008 15:48 To: mailscanner@lists.mailscanner.info Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared Warning: This message has had one or more attachments removed Warning: (the entire message). Warning: Please read the "Midland-ICS-Attachment-Warning.txt" attachment(s) for more information. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "the entire message" was believed to be infected by a virus and has been replaced by this warning message. If you wish to receive a copy of the *infected* attachment, please e-mail helpdesk and include the whole of this message in your request. Alternatively, you can call them, with the contents of this message to hand when you call. At Thu Apr 24 16:15:39 2008 the virus scanner said: ClamAVModule: message was infected: Email.Spam.Gen2344.Sanesecurity.08042303 ClamAVModule: msg-20785-42.txt was infected: Email.Spam.Gen2344.Sanesecurity.08042303 Note to Help Desk: Look on the Midland-ICS MailScanner in /var/spool/MailScanner/quarantine/20080424 (message m3OFFcxe026732). -- Postmaster Midland-ICS www.midland-ics.ie For all your IT requirements visit: http://www.transtec.co.uk __________ Information from ESET NOD32 Antivirus, version of virus signature database 3051 (20080424) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. From malli at mcrirents.com Thu Apr 24 17:30:44 2008 From: malli at mcrirents.com (Mohammed Alli) Date: Thu Apr 24 16:29:58 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9364FC8A@exchange.computerrents.com> References: <48109A00.7090707@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FC8A@exchange.computerrents.com> Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FC8B@exchange.computerrents.com> I meant .tar package for other linux. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mohammed Alli Sent: Thursday, April 24, 2008 11:19 AM To: MailScanner discussion Subject: RE: install mailscanner on un-buntu 7.10 Well I'm currently using Ubuntu 7.10 with MailScanner v4.58.9. I am tempted to do an upgrade using the deb package, but heard that it installs it to /opt. If there was a way to upgrade without installing to the /opt directory, I think we would be good to go. I like to have the same install route as if we were doing an apt-get install. Can that be done with the .deb package, even if it's from a fresh install? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Andrews Carl 455 Sent: Thursday, April 24, 2008 9:52 AM To: MailScanner discussion Subject: RE: install mailscanner on un-buntu 7.10 I am not certain. I could upgrade tonight and let you know. I am running ubuntu 8.04 and still need to "patch" after a complete distribution upgrade. I just looked and my version is 4.58.9-2ubuntu1. I never checked the version I just assumed it would be up to date :-(. Guess that is what I get for taking the easy route ... Apt-get install mailscanner -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, April 24, 2008 9:33 AM To: MailScanner discussion Subject: Re: install mailscanner on un-buntu 7.10 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does this apply to the latest version of MailScanner? The latest Ubuntu version appears to be 4.58, which is well over 1 year old! No wonder it doesn't work with the latest versions of everything else :-( Great, they include my software, but never actually test that their build works :-( I am about to test the 8.04 release to see if this fixes the problem. Andrews Carl 455 wrote: > I am running Ubuntu also and have the same problem - since 7.10 I > believe, running 8.04 now. You need to install > libmailtools-perl_1.74-1_all.deb to correct it. After running any > system updates (apt-get update && apt-get dist-upgrade, etc) you will > have to reinstall libmailtools-perl_1.74-1_all.deb. You should be able > to get a copy from here -> > http://mirror.ne.gov/ubuntu/pool/universe/libm/libmailtools-perl/ > > once downloaded: > sudo dpkg -i libmailtools-perl_1.74-1_all.deb > > > > ---------------------------------------------------------------------- > -- > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Ismail OZATAY > *Sent:* Thursday, April 24, 2008 1:47 AM > *To:* MailScanner discussion > *Subject:* install mailscanner on un-buntu 7.10 > > hi there ; > > i am trying to install mailscanner on my ubuntu 7.10 server with > postfix.first i installed it from tarball but did not work.then i > installed it with apt-get install mailscanner and set mailscanner.conf > file.when i start the daemon i get these errors ; > > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/share/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. > how can i install mailscanner on ubuntu 7.10 without any problems. > > Thanks Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEJoBEfZZRxQVtlQRAhfUAJ0Re65L4bLpD5NKou1uYTQ/QdnJ3ACgktWg zK/6R0XU1bUf4lNnMt958UE= =PJm6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Thu Apr 24 16:44:17 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Apr 24 16:44:53 2008 Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared In-Reply-To: <00ba01c8a61e$ad52e5e0$07f8b1a0$@murphy@midland-ics.ie> Message-ID: <71ba1016f6a9f649a5fca87340d6a686@solidstatelogic.com> Hi Looks like SPAM to me. The SANESECURITY clamav virus signatures are spam based. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kevin Murphy > Sent: 24 April 2008 16:20 > To: MailScanner discussion > Subject: RE: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci > Ugg Prada Chanel Dsquared > > Hello All > > My recently upgrade MS/SA has picked up a virus. Is it real? > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > mailscanner@barendse.to > Sent: 24 April 2008 15:48 > To: mailscanner@lists.mailscanner.info > Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg > Prada Chanel Dsquared > > Warning: This message has had one or more attachments removed > Warning: (the entire message). > Warning: Please read the "Midland-ICS-Attachment-Warning.txt" > attachment(s) > for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > was believed to be infected by a virus and has been replaced by this > warning > message. > > If you wish to receive a copy of the *infected* attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Thu Apr 24 16:15:39 2008 the virus scanner said: > ClamAVModule: message was infected: > Email.Spam.Gen2344.Sanesecurity.08042303 > > ClamAVModule: msg-20785-42.txt was infected: > Email.Spam.Gen2344.Sanesecurity.08042303 > > Note to Help Desk: Look on the Midland-ICS MailScanner in > /var/spool/MailScanner/quarantine/20080424 (message m3OFFcxe026732). > -- > Postmaster > Midland-ICS > www.midland-ics.ie > > For all your IT requirements visit: http://www.transtec.co.uk > > __________ Information from ESET NOD32 Antivirus, version of virus > signature > database 3051 (20080424) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > This e-mail is intended solely for the addressee(s) and is strictly > confidential. The unauthorised use, disclosure or copying of this e-mail, > or any information it contains is prohibited. If you have received this e- > mail in error, please notify us immediately and then permanently delete > it. Although Midland Internet & Computer Solutions make every effort to > keep our systems free from viruses you should check this e-mail and any > attachments to it for viruses as we cannot accept any liability for > viruses inadvertently transmitted by use. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From mikea at mikea.ath.cx Thu Apr 24 16:44:56 2008 From: mikea at mikea.ath.cx (mikea) Date: Thu Apr 24 16:45:32 2008 Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared Message-ID: <20080424154456.GA60001@mikea.ath.cx> On Thu, Apr 24, 2008 at 04:20:05PM +0100, Kevin Murphy wrote: > Hello All > > My recently upgrade MS/SA has picked up a virus. Is it real? Not that I can see from looking at the full text of the message using the mutt mailclient and the `less` command on a FreeBSD box. It's just text, nothing more or less. Does anyone else see anything suspicious, or just spam that was sent through Remco's box or forwarded by him, I don't know which. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From MailScanner at ecs.soton.ac.uk Thu Apr 24 17:02:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 24 17:03:11 2008 Subject: install mailscanner on un-buntu 7.10 In-Reply-To: <4810A01A.4030008@USherbrooke.ca> References: <48109A00.7090707@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FC89@exchange.computerrents.com> <4810A01A.4030008@USherbrooke.ca> Message-ID: <4810AF13.1030009@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis Beauchemin wrote: > Mohammed Alli a ?crit : >> Can you let me know what version of MailScanner is included in Ubuntu >> 8.04? I'd like to upgrade to the latest Ubuntu. > > My Kubuntu 8.04 says: 4.58.9-2ubuntu1 (hardy). This stinks. I just downloaded and installed the latest release of Ubuntu (version 8.04). When you run aptitude (not the easiest program in the world to run), you wind up with a build of MailScanner 4.58.9 which doesn't work. Pretty poor show. Did it not occur them to test it, at least to run "MailScanner --help" to see if it will even start up? I have documented what I have been given as a fix on www.mailscanner.info, but this hardly instils confidence in the system (Ubuntu or MailScanner :-( They are shipping a version which is well over a year old, surrounded by more up to date versions of other software so that it doesn't even work at all. How do we go about getting the Ubuntu build of MailScanner updated? I have no experience with it or Debian, apart from the knowledge that building Debian packages is apparently very hard. Is there a more recent build available anywhere? Thanks folks, let's see if we can get this one sorted between us. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEK8UEfZZRxQVtlQRAje2AKDTv8odD2rHN4mTfWKfqfTNrl9tOACeKeAl znhobgs5kyhFM+qDeKz/wxI= =9/Np -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Apr 24 17:04:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 24 17:05:11 2008 Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared In-Reply-To: <00ba01c8a61e$ad52e5e0$07f8b1a0$@murphy@midland-ics.ie> References: <20080424-54733.6628.qmail@john-22qi1hdvd0> <00ba01c8a61e$ad52e5e0$07f8b1a0$@murphy@midland-ics.ie> Message-ID: <4810AFA2.4050505@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Murphy wrote: > Hello All > > My recently upgrade MS/SA has picked up a virus. Is it real? > It's actually a piece of spam, detected by the new SaneSecurity ClamAV signatures that extend ClamAV's abilities into detecting some spam. The clue is in the output here: Email.Spam.Gen2344.Sanesecurity.08042303 This shows that it's the SaneSecurity signatures at work. It is definitely spam, and you definitely don't want it. Hope that helps, Jules. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > mailscanner@barendse.to > Sent: 24 April 2008 15:48 > To: mailscanner@lists.mailscanner.info > Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg > Prada Chanel Dsquared > > Warning: This message has had one or more attachments removed > Warning: (the entire message). > Warning: Please read the "Midland-ICS-Attachment-Warning.txt" attachment(s) > for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > was believed to be infected by a virus and has been replaced by this warning > message. > > If you wish to receive a copy of the *infected* attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Thu Apr 24 16:15:39 2008 the virus scanner said: > ClamAVModule: message was infected: > Email.Spam.Gen2344.Sanesecurity.08042303 > > ClamAVModule: msg-20785-42.txt was infected: > Email.Spam.Gen2344.Sanesecurity.08042303 > > Note to Help Desk: Look on the Midland-ICS MailScanner in > /var/spool/MailScanner/quarantine/20080424 (message m3OFFcxe026732). > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEK+jEfZZRxQVtlQRAsIqAKCzTtTQJy8SOEu0r85PGpeiNDY/3wCg481w 8PxRj2aEMMJ8NcKRnOgYBxo= =M3LC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dstraka at caspercollege.edu Thu Apr 24 17:13:28 2008 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Apr 24 17:14:33 2008 Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared In-Reply-To: <20080424154456.GA60001@mikea.ath.cx> References: <20080424154456.GA60001@mikea.ath.cx> Message-ID: <48105D47.61A4.0000.0@caspercollege.edu> Looks like a List joe-job to me. No payload that I can see. >>> On 4/24/2008 at 9:44 AM, in message <20080424154456.GA60001@mikea.ath.cx>, mikea wrote: > On Thu, Apr 24, 2008 at 04:20:05PM +0100, Kevin Murphy wrote: >> Hello All >> >> My recently upgrade MS/SA has picked up a virus. Is it real? > > Not that I can see from looking at the full text of the message using > the mutt mailclient and the `less` command on a FreeBSD box. It's just > text, nothing more or less. Does anyone else see anything suspicious, > or just spam that was sent through Remco's box or forwarded by him, I > don't know which. From davejones70 at gmail.com Thu Apr 24 17:15:11 2008 From: davejones70 at gmail.com (Dave Jones) Date: Thu Apr 24 17:15:45 2008 Subject: MailScanner defunct processes Message-ID: <67a55ed50804240915m5fb08132sf01a856e12351cc5@mail.gmail.com> >>> [root@server2 MailScanner]# MailScanner --debug >>> In Debugging mode, not forking... >>> Trying to setlogsock(unix) >>> SpamAssassin temp dir = /mnt/ramdisk/SpamAssassin-Temp >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1088. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1090. >>> Building a message batch to scan... >>> Have a batch of 30 messages. >>> Error PPS:0 >>> >>There's your problem. I don't know what is generating "Error PPS:0" but >>that's certainly the problem. Do a >> grep -rl 'Error PPS' /usr/lib/perl5 >>and see what it says. >>Jules >[root@server2 MailScanner]# grep -rl 'Error PPS' /usr/lib/perl5 >/usr/lib/perl5/site_perl/5.8.8/OLE/Storage_Lite.pm >[root@server2 MailScanner]# Update: The Storage_Lite.pm files are identical on the 2 servers. I tried rpmbuild'ing the module but it looks the same. How do I troubleshoot what is using this Perl module and can this functionality be disabled by a MailScanner.conf setting? I don't think we use any OLE document processing. Our Nagios monitoring is now alerting us on some mail loop checks we have in place for the problem server. Further investigating shows the we had a period of around 1 hour and 20 minutes early this morning that MailScanner did not move any messages from the inbound queue to the outbound queue. The maillog shows 276 "is whitelisted" messages for a single message ID but that MailScanner process never goes on to the next step. During this time period, we had almost all (if not all) of the MailScanner processes in a defunct state. I am pretty sure that the normal MailScanner restart "woke up" the email flow based on the maillog. -- Dave Jones From kevin.murphy at midland-ics.ie Thu Apr 24 17:32:38 2008 From: kevin.murphy at midland-ics.ie (Kevin Murphy) Date: Thu Apr 24 17:36:21 2008 Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared In-Reply-To: <4810AFA2.4050505@ecs.soton.ac.uk> References: <20080424-54733.6628.qmail@john-22qi1hdvd0> <00ba01c8a61e$ad52e5e0$07f8b1a0$@murphy@midland-ics.ie> <4810AFA2.4050505@ecs.soton.ac.uk> Message-ID: <00d601c8a628$d0174df0$7045e9d0$@murphy@midland-ics.ie> But originating from the mailscanner lists? Thanks -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 24 April 2008 17:05 To: MailScanner discussion Subject: Re: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Murphy wrote: > Hello All > > My recently upgrade MS/SA has picked up a virus. Is it real? > It's actually a piece of spam, detected by the new SaneSecurity ClamAV signatures that extend ClamAV's abilities into detecting some spam. The clue is in the output here: Email.Spam.Gen2344.Sanesecurity.08042303 This shows that it's the SaneSecurity signatures at work. It is definitely spam, and you definitely don't want it. Hope that helps, Jules. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > mailscanner@barendse.to > Sent: 24 April 2008 15:48 > To: mailscanner@lists.mailscanner.info > Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg > Prada Chanel Dsquared > > Warning: This message has had one or more attachments removed > Warning: (the entire message). > Warning: Please read the "Midland-ICS-Attachment-Warning.txt" attachment(s) > for more information. > > This is a message from the MailScanner E-Mail Virus Protection Service > ---------------------------------------------------------------------- > The original e-mail attachment "the entire message" > was believed to be infected by a virus and has been replaced by this warning > message. > > If you wish to receive a copy of the *infected* attachment, please > e-mail helpdesk and include the whole of this message > in your request. Alternatively, you can call them, with > the contents of this message to hand when you call. > > At Thu Apr 24 16:15:39 2008 the virus scanner said: > ClamAVModule: message was infected: > Email.Spam.Gen2344.Sanesecurity.08042303 > > ClamAVModule: msg-20785-42.txt was infected: > Email.Spam.Gen2344.Sanesecurity.08042303 > > Note to Help Desk: Look on the Midland-ICS MailScanner in > /var/spool/MailScanner/quarantine/20080424 (message m3OFFcxe026732). > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEK+jEfZZRxQVtlQRAsIqAKCzTtTQJy8SOEu0r85PGpeiNDY/3wCg481w 8PxRj2aEMMJ8NcKRnOgYBxo= =M3LC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __________ Information from ESET NOD32 Antivirus, version of virus signature database 3052 (20080424) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. From MailScanner at ecs.soton.ac.uk Thu Apr 24 18:01:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Apr 24 18:02:25 2008 Subject: MailScanner defunct processes In-Reply-To: <67a55ed50804240915m5fb08132sf01a856e12351cc5@mail.gmail.com> References: <67a55ed50804240915m5fb08132sf01a856e12351cc5@mail.gmail.com> Message-ID: <4810BCF7.5070900@ecs.soton.ac.uk> Dave Jones wrote: >>>> [root@server2 MailScanner]# MailScanner --debug >>>> In Debugging mode, not forking... >>>> Trying to setlogsock(unix) >>>> SpamAssassin temp dir = /mnt/ramdisk/SpamAssassin-Temp >>>> Use of uninitialized value in concatenation (.) or string at >>>> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1088. >>>> Use of uninitialized value in concatenation (.) or string at >>>> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1090. >>>> Building a message batch to scan... >>>> Have a batch of 30 messages. >>>> Error PPS:0 >>>> >>>> >>> There's your problem. I don't know what is generating "Error PPS:0" but >>> that's certainly the problem. Do a >>> grep -rl 'Error PPS' /usr/lib/perl5 >>> and see what it says. >>> > > >>> Jules >>> > > >> [root@server2 MailScanner]# grep -rl 'Error PPS' /usr/lib/perl5 >> /usr/lib/perl5/site_perl/5.8.8/OLE/Storage_Lite.pm >> [root@server2 MailScanner]# >> > Update: The Storage_Lite.pm files are identical on the 2 servers. I > tried rpmbuild'ing the module but it looks the same. How do I > troubleshoot what is using this Perl module and can this functionality > be disabled by a MailScanner.conf setting? I don't think we use any > OLE document processing. > > Our Nagios monitoring is now alerting us on some mail loop checks we > have in place for the problem server. Further investigating shows the > we had a period of around 1 hour and 20 minutes early this morning > that MailScanner did not move any messages from the inbound queue to > the outbound queue. The maillog shows 276 "is whitelisted" messages > for a single message ID but that MailScanner process never goes on to > the next step. During this time period, we had almost all (if not > all) of the MailScanner processes in a defunct state. I am pretty > sure that the normal MailScanner restart "woke up" the email flow > based on the maillog. > Any chance you could find the problem message and send me a zipped-up copy of it for me to work with? The only way to disable the Storage_Lite code is to comment out the calls to sub "ExtractOle" in Message.pm (in /usr/lib/MailScanner/MailScanner). Otherwise it is automatically used whenever it sees an attachment which starts with the "magic" strings that define a Microsoft Office document. If we can narrow down the problem to a particular call in Storage_Lite, then I can post a bugfix to the maintainer. Without it, there's little I can do. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Apr 24 20:18:10 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 24 20:19:25 2008 Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared In-Reply-To: <7885.07553884319$1209056079@news.gmane.org> References: <20080424-54733.6628.qmail@john-22qi1hdvd0> <00ba01c8a61e$ad52e5e0$07f8b1a0$@murphy@midland-ics.ie> <4810AFA2.4050505@ecs.soton.ac.uk> <7885.07553884319$1209056079@news.gmane.org> Message-ID: on 4-24-2008 9:32 AM Kevin Murphy spake the following: > But originating from the mailscanner lists? > Thanks > Somebody posted a spam message to the list. The list just forwarded it like it does for every other message. Somebody that has the list address on their system might be infected with a bot. If we can trust the first header; Original-Received: from john-22qi1hdvd0 (79-71-180-150.dynamic.dsl.as9105.com [79.71.180.150]) by safir.blacknight.ie (8.13.1/8.13.1) with SMTP id m3OElolH018008 for ; Thu, 24 Apr 2008 15:47:57 +0100 It came from a dynamic IP that seems to be registered to Tiscali UK Ltd. Anybody out that way want to open a can of whoop ass? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080424/82a710f5/signature.bin From ssilva at sgvwater.com Thu Apr 24 20:26:05 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Apr 24 20:26:32 2008 Subject: {Virus?} Subject: 2008 Designer Shoes Collection from Gucci Ugg Prada Chanel Dsquared In-Reply-To: <48105D47.61A4.0000.0@caspercollege.edu> References: <20080424154456.GA60001@mikea.ath.cx> <48105D47.61A4.0000.0@caspercollege.edu> Message-ID: on 4-24-2008 9:13 AM Daniel Straka spake the following: > Looks like a List joe-job to me. No payload that I can see. > Just the sane security spam signatures. They always register as a virus because they are caught by clam instead of spamassassin. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080424/d8943426/signature.bin From wilson.galafassi at gmail.com Thu Apr 24 21:09:00 2008 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Thu Apr 24 21:09:38 2008 Subject: filename block Message-ID: <4810e8dd.0807c00a.3f3d.ffff8d3a@mx.google.com> Hello. I want to some emails have all filename and filetypes unblocked. So i have created this 2 files: /etc/MailScanner/filetype.rules.rules and /etc/MailScanner/filename.rules.rules Inside that files: FromOrTo: admin@domain.com /etc/MailScanner/filetype.rules.allowall.conf FromOrTo: admin@domain.com /etc/MailScanner/filename.rules.allowall.conf But when i send some exe file the email is blocked. What i have to configure to this feature work? Thanks, Wilson Galafasi From naolson at gmail.com Thu Apr 24 23:23:44 2008 From: naolson at gmail.com (Nathan Olson) Date: Thu Apr 24 23:24:18 2008 Subject: MIME content incorrectly identified as executable Message-ID: <8f54b4330804241523o11d55b44pb57ba1be24a77a36@mail.gmail.com> One of our users sent an HTML email which I believe contained multiple MIME entities. These entities were referenced in the email using content-id URLs (RFC 2111). The content-id URLs ended in '.com', which MailScanner's Filename Checks identified as executables, but the content 'pointed' at was actually a gif file. Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: arrowbullet.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: logos/students_fly_cheaper_sm.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: icons/magnifying_glass.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: navigation/logo.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: bkgrds/cornerTR.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: bkgrds/cornerTL.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: bkgrds/cornerBR.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: bkgrds/cornerBL.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: bkgrds/connectionBg.gif@studentuniverse.com) Apr 23 13:10:46 vaccine4 MailScanner[25520]: Filename Checks: Windows/DOS Executable (m3NIAiY7025040 cid: clear.gif@studentuniverse.com) From wilson.galafassi at gmail.com Fri Apr 25 03:18:54 2008 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Fri Apr 25 03:19:39 2008 Subject: Notices From Message-ID: <48113f8c.050cc00a.0425.ffffa7ae@mx.google.com> Hello. I have enabled the option "Send Notices = yes" in MailScanner.conf and i have changed the "Notices From =" to other sender. But the messages still sending with from "MailScanner". How i can fix this? Thanks, Wilson Galafassi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080424/a59c0db2/attachment.html From hvdkooij at vanderkooij.org Fri Apr 25 06:04:47 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Apr 25 06:05:32 2008 Subject: Notices From In-Reply-To: <48113f8c.050cc00a.0425.ffffa7ae@mx.google.com> References: <48113f8c.050cc00a.0425.ffffa7ae@mx.google.com> Message-ID: <4811666F.1070005@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wilson A. Galafassi Jr. wrote: | I have enabled the option ?Send Notices = yes? in MailScanner.conf and i | have changed the ?Notices From =? to other sender. But the messages | still sending with from ?MailScanner?. My guess is you are looking at the From: line and not at the actual SMTP communication. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIEWZtBvzDRVjxmYERAoFDAKC0B/UOo8o5V4ymYE6L90J5zTdcZACfU6BC afv2mqSeObX+qKHDeqWXib0= =kw8i -----END PGP SIGNATURE----- From simonmjones at gmail.com Fri Apr 25 12:25:54 2008 From: simonmjones at gmail.com (Simon Jones) Date: Fri Apr 25 12:26:32 2008 Subject: Sig rules Message-ID: <70572c510804250425l6faa0e00l7be8c2b5adfa17ff@mail.gmail.com> Hi all, is it possible to switch off the signature or replace the "This message has been scanned for viruses and dangerous content ..." for email addresses that are excluded from the scanner by being listed in the /etc/MailScanner/rules/scan.messages.rules file in the format of email@domain.com no ? SMJ From P.G.M.Peters at utwente.nl Fri Apr 25 12:44:04 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Fri Apr 25 12:44:41 2008 Subject: Watermarking checking for everything Message-ID: <4811C404.1050506@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Could it be possible to have MS not do anything with a message that checks OK with respect to the watermark? Just like when MS encounters a message that should not be scanned according to the rules. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIEcQDelLo80lrIdIRAkTYAKCXzRFPJwjysDuCSQv2F5LhP4i9JACfYBNM YjTpZGJu2S6Kt5BVCdlLBPY= =cqUf -----END PGP SIGNATURE----- From davejones70 at gmail.com Fri Apr 25 13:41:48 2008 From: davejones70 at gmail.com (Dave Jones) Date: Fri Apr 25 13:42:22 2008 Subject: MailScanner defunct processes Message-ID: <67a55ed50804250541l5d95948ah1c1ae80987684d3d@mail.gmail.com> >>> [root@server2 MailScanner]# grep -rl 'Error PPS' /usr/lib/perl5 >>> /usr/lib/perl5/site_perl/5.8.8/OLE/Storage_Lite.pm >>> [root@server2 MailScanner]# >>> >> Update: The Storage_Lite.pm files are identical on the 2 servers. I >> tried rpmbuild'ing the module but it looks the same. How do I >> troubleshoot what is using this Perl module and can this functionality >> be disabled by a MailScanner.conf setting? I don't think we use any >> OLE document processing. >> >> Our Nagios monitoring is now alerting us on some mail loop checks we >> have in place for the problem server. Further investigating shows the >> we had a period of around 1 hour and 20 minutes early this morning >> that MailScanner did not move any messages from the inbound queue to >> the outbound queue. The maillog shows 276 "is whitelisted" messages >> for a single message ID but that MailScanner process never goes on to >> the next step. During this time period, we had almost all (if not >> all) of the MailScanner processes in a defunct state. I am pretty >> sure that the normal MailScanner restart "woke up" the email flow >> based on the maillog. >> >Any chance you could find the problem message and send me a zipped-up >copy of it for me to work with? >The only way to disable the Storage_Lite code is to comment out the >calls to sub "ExtractOle" in Message.pm (in >/usr/lib/MailScanner/MailScanner). Otherwise it is automatically used >whenever it sees an attachment which starts with the "magic" strings >that define a Microsoft Office document. I ended up commenting out 2 lines that were a single call to UnpackOle and mail is flowing again with no defunct processes. We were up to about 4,000 messages in the mqueue.in this morning and rising fast due to an email campaign blasting out messages. We had to do something. Thanks so much for your temporary fix! >If we can narrow down the problem to a particular call in Storage_Lite, >then I can post a bugfix to the maintainer. Without it, there's little I >can do. It appears that nearly every message is causing a problem so how can I accurately pick out one of them that will help you troubleshoot? >Jules -- Dave Jones From martinh at solidstatelogic.com Fri Apr 25 13:48:30 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Apr 25 13:49:11 2008 Subject: Sig rules In-Reply-To: <70572c510804250425l6faa0e00l7be8c2b5adfa17ff@mail.gmail.com> Message-ID: <6e8763805ddfb44da692d8ce3e651705@solidstatelogic.com> Simon Quick answer is yes, as you describe. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Simon Jones > Sent: 25 April 2008 12:26 > To: MailScanner discussion > Subject: Sig rules > > Hi all, is it possible to switch off the signature or replace the > "This message has been scanned for viruses and > dangerous content ..." for email addresses that are excluded from the > scanner by being listed in the > /etc/MailScanner/rules/scan.messages.rules file in the format of > email@domain.com no ? > > SMJ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Apr 25 14:08:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 25 14:08:43 2008 Subject: Watermarking checking for everything In-Reply-To: <4811C404.1050506@utwente.nl> References: <4811C404.1050506@utwente.nl> Message-ID: <4811D7C9.1040508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Peters wrote: > * PGP Signed by an unverified key: 04/25/08 at 12:44:03 > > Hi, > > Could it be possible to have MS not do anything with a message that > checks OK with respect to the watermark? Just like when MS encounters a > message that should not be scanned according to the rules. > Not easily, no. The watermark checking is done relatively late on in the process. I don't think this would be trivial to implement at all. I would need quite a lot of people to want it before trying to code this. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEdfKEfZZRxQVtlQRAlisAKDBQoWIARS9QUMZYNvrCVeleakOkwCeONbs iqmTg6D3WfR2DITEL5BSVYc= =MsDh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Apr 25 14:09:48 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Apr 25 14:10:07 2008 Subject: MailScanner defunct processes In-Reply-To: <67a55ed50804250541l5d95948ah1c1ae80987684d3d@mail.gmail.com> References: <67a55ed50804250541l5d95948ah1c1ae80987684d3d@mail.gmail.com> Message-ID: <4811D81C.3080102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Jones wrote: >>>> [root@server2 MailScanner]# grep -rl 'Error PPS' /usr/lib/perl5 >>>> /usr/lib/perl5/site_perl/5.8.8/OLE/Storage_Lite.pm >>>> [root@server2 MailScanner]# >>>> >>>> >>> Update: The Storage_Lite.pm files are identical on the 2 servers. I >>> tried rpmbuild'ing the module but it looks the same. How do I >>> troubleshoot what is using this Perl module and can this functionality >>> be disabled by a MailScanner.conf setting? I don't think we use any >>> OLE document processing. >>> >>> Our Nagios monitoring is now alerting us on some mail loop checks we >>> have in place for the problem server. Further investigating shows the >>> we had a period of around 1 hour and 20 minutes early this morning >>> that MailScanner did not move any messages from the inbound queue to >>> the outbound queue. The maillog shows 276 "is whitelisted" messages >>> for a single message ID but that MailScanner process never goes on to >>> the next step. During this time period, we had almost all (if not >>> all) of the MailScanner processes in a defunct state. I am pretty >>> sure that the normal MailScanner restart "woke up" the email flow >>> based on the maillog. >>> >>> >> Any chance you could find the problem message and send me a zipped-up >> copy of it for me to work with? >> The only way to disable the Storage_Lite code is to comment out the >> calls to sub "ExtractOle" in Message.pm (in >> /usr/lib/MailScanner/MailScanner). Otherwise it is automatically used >> whenever it sees an attachment which starts with the "magic" strings >> that define a Microsoft Office document. >> > I ended up commenting out 2 lines that were a single call to UnpackOle > and mail is flowing again with no defunct processes. We were up to > about 4,000 messages in the mqueue.in this morning and rising fast due > to an email campaign blasting out messages. We had to do something. > Thanks so much for your temporary fix! > > >> If we can narrow down the problem to a particular call in Storage_Lite, >> then I can post a bugfix to the maintainer. Without it, there's little I >> can do. >> > It appears that nearly every message is causing a problem so how can I > accurately pick out one of them that will help you troubleshoot? > If nearly every message is causing a problem, finding a bundle of messages (most of which demonstrate the problem) should be pretty easy, should it not? :-) A bundle of messages, some of which demonstrate the problem, would do just fine. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIEdgdEfZZRxQVtlQRAkEbAJ438C2VdUQqnfk9JtgqomwSAB+PPACgz858 5iia2XxX7034Az0RO0k4hrg= =Ip0T -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikael at syska.dk Fri Apr 25 14:42:58 2008 From: mikael at syska.dk (Mikael Syska) Date: Fri Apr 25 14:43:41 2008 Subject: Looking for virus.scanners.conf in the wrong dir, settings are right as I can see Message-ID: <6beca9db0804250642o6c233242v3bd28bc306d5f34d@mail.gmail.com> Hi, What is happening here ... this is going to be a test environment: Running FreeBSD-7.0 I have a production server, with the same settings, same MailScanner version from the freebsd portstree... and its working. Are there any thing I'm missing here ... root [/var/spool]# cat /usr/local/etc/MailScanner/MailScanner.conf | grep scanners.conf # 3rd column of virus.scanners.conf matches the location you have # virus.scanners.conf file assumes the default installation locations Virus Scanner Definitions = %etc-dir%/virus.scanners.conf root [/var/spool]# cat /usr/local/etc/MailScanner/MailScanner.conf | grep etc-dir %etc-dir% = /usr/local/etc/MailScanner Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Filename Rules = %etc-dir%/filename.rules.conf Filetype Rules = %etc-dir%/filetype.rules.conf Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf root [/var/spool]# MailScanner --lint Trying to setlogsock(unix) Cannot read definitions from /etc/MailScanner/virus.scanners.conf, No such file or directory at /usr/local/lib/MailScanner/MailScanner/Config.pm line 1621 root [/var/spool]# pkg_info | grep MailS MailScanner-4.67.6_1 Powerful virus/spam scanning framework for mail gateways root [/var/spool]# mvh Mikael Syska From simonmjones at gmail.com Fri Apr 25 14:50:08 2008 From: simonmjones at gmail.com (Simon Jones) Date: Fri Apr 25 14:50:29 2008 Subject: Sig rules In-Reply-To: <6e8763805ddfb44da692d8ce3e651705@solidstatelogic.com> References: <70572c510804250425l6faa0e00l7be8c2b5adfa17ff@mail.gmail.com> <6e8763805ddfb44da692d8ce3e651705@solidstatelogic.com> Message-ID: <70572c510804250650p120891cfuf78467323bb0966c@mail.gmail.com> Thanks Martin, any chance of a pointer to the relevent docs? I'm not sure what to search on. SMJ 2008/4/25 Martin.Hepworth : > Simon > > Quick answer is yes, as you describe. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Simon Jones > > Sent: 25 April 2008 12:26 > > To: MailScanner discussion > > Subject: Sig rules > > > > Hi all, is it possible to switch off the signature or replace the > > "This message has been scanned for viruses and > > dangerous content ..." for email addresses that are excluded from the > > scanner by being listed in the > > /etc/MailScanner/rules/scan.messages.rules file in the format of > > email@domain.com no ? > > > > SMJ > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solidstatelogic.com Fri Apr 25 15:13:44 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Apr 25 15:14:51 2008 Subject: Sig rules In-Reply-To: <70572c510804250650p120891cfuf78467323bb0966c@mail.gmail.com> Message-ID: Simon Have a look in the rule/EXMAPLES and README files. I'm pretty sure there's an example signature rule in there. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Simon Jones > Sent: 25 April 2008 14:50 > To: MailScanner discussion > Subject: Re: Sig rules > > Thanks Martin, any chance of a pointer to the relevent docs? I'm not > sure what to search on. > > SMJ > > 2008/4/25 Martin.Hepworth : > > Simon > > > > Quick answer is yes, as you describe. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Simon Jones > > > Sent: 25 April 2008 12:26 > > > To: MailScanner discussion > > > Subject: Sig rules > > > > > > Hi all, is it possible to switch off the signature or replace the > > > "This message has been scanned for viruses and > > > dangerous content ..." for email addresses that are excluded from the > > > scanner by being listed in the > > > /etc/MailScanner/rules/scan.messages.rules file in the format of > > > email@domain.com no ? > > > > > > SMJ > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From kgoods at cropusainsurance.com Fri Apr 25 19:20:30 2008 From: kgoods at cropusainsurance.com (Ken Goods) Date: Fri Apr 25 19:26:39 2008 Subject: filename block Message-ID: <13C0059880FDD3118DC600508B6D4A6D023467A9@aiainsurance.com> Wilson A. Galafassi Jr. wrote: > Hello. > > I want to some emails have all filename and filetypes unblocked. > So i have created this 2 files: > > /etc/MailScanner/filetype.rules.rules and > /etc/MailScanner/filename.rules.rules > > Inside that files: > FromOrTo: admin@domain.com > /etc/MailScanner/filetype.rules.allowall.conf FromOrTo: > admin@domain.com /etc/MailScanner/filename.rules.allowall.conf > > > But when i send some exe file the email is blocked. > > What i have to configure to this feature work? > > Thanks, > Wilson Galafasi I think you're close but you didn't say what was in your filename.rules.allowall.conf file... maybe you just need to edit your MailScanner.conf? Here's what I did... there may be an easier/different way. Create two files in your /etc/MailScanner directory: filename.allow.all.conf filetype.allow.all.conf Both containing... allow . - - This rule allows all filetypes and names (remember to use tabs between) Create two files in your rules directory: filetype.rules containing.... To: admin@domain.com /etc/MailScanner/filetype.allow.all.conf FromOrTo: default /etc/MailScanner/filetype.rules.conf (the filetype rule default file) filename.rules containing.... To: admin@domain.com /etc/MailScanner/filename.allow.all.conf FromOrTo: default /etc/MailScanner/filename.rules.conf (the filename rule default file) Then in MailScanner.conf edit and add.... Filename Rules = /etc/MailScanner/rules/filename.rules and.. Filetype Rules = /etc/MailScanner/rules/filetype.rules When an email comes in to admin@domain.com MailScanner directs it to the allow.conf's and for everyone else it goes to the default conf's. You may need to adjust the paths depending on your distribution. Hope this helps. Ken Goods Network Administrator CropUSA Insurance, Inc. From mrebsamen at unimatrix0.ch Fri Apr 25 20:08:53 2008 From: mrebsamen at unimatrix0.ch (Marco Rebsamen) Date: Fri Apr 25 20:08:30 2008 Subject: releasing mail from quarantine doesn't work with postfix ? Message-ID: <200804252108.53288.mrebsamen@unimatrix0.ch> Hi, I got some troubles on releasing mails from the quarantine. I got a postfix Server on a SuSE 10.3 and followed the instructions at http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail&s=quarantine But it simply doesn't work... the message stays in the directory. I where in the IRC channel because of this, but nobody could help me... Any suggestions ? Thanks Marco From glenn.steen at gmail.com Fri Apr 25 20:42:25 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Apr 25 20:43:02 2008 Subject: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <200804252108.53288.mrebsamen@unimatrix0.ch> References: <200804252108.53288.mrebsamen@unimatrix0.ch> Message-ID: <223f97700804251242q67882af5m9595e30f9ad57844@mail.gmail.com> 2008/4/25 Marco Rebsamen : > Hi, > > I got some troubles on releasing mails from the quarantine. > I got a postfix Server on a SuSE 10.3 and followed the instructions at > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail&s=quarantine > > But it simply doesn't work... the message stays in the directory. I where in > the IRC channel because of this, but nobody could help me... > > Any suggestions ? > Thanks > Marco Which one of the advice did you follow? In other words.... Do you "store" your quarantined messages as queue files or as RFC822 textfiles? As you can see, the methods differ quite a lot depending on this;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikael at syska.dk Fri Apr 25 20:59:45 2008 From: mikael at syska.dk (Mikael Syska) Date: Fri Apr 25 21:00:26 2008 Subject: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <200804252108.53288.mrebsamen@unimatrix0.ch> References: <200804252108.53288.mrebsamen@unimatrix0.ch> Message-ID: <6beca9db0804251259w29a8d3a4t1a336b87a822594a@mail.gmail.com> Hi On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen wrote: > Hi, > > I got some troubles on releasing mails from the quarantine. > I got a postfix Server on a SuSE 10.3 and followed the instructions at > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail&s=quarantine > > But it simply doesn't work... the message stays in the directory. I where in > the IRC channel because of this, but nobody could help me... I've been on the channel the last 12 hours ... havent seen anything like that on the channel ... The above description aint much of a help ... since there are many ways on that site to release a mail ... > Any suggestions ? Give us some more info, so we might have an idea where the problem is .. best regards Mikael Syska From malli at mcrirents.com Fri Apr 25 22:28:31 2008 From: malli at mcrirents.com (Mohammed Alli) Date: Fri Apr 25 21:28:15 2008 Subject: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <6beca9db0804251259w29a8d3a4t1a336b87a822594a@mail.gmail.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <6beca9db0804251259w29a8d3a4t1a336b87a822594a@mail.gmail.com> Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FC92@exchange.computerrents.com> I just wanted to let everyone know that I've been able to install Ubuntu 8.04 with MailScanner 4.68.8 (Debian .deb package) and MailWatch 1.0.4 with no problems. Everything is working as expected. I call it the SpamSnake. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mikael Syska Sent: Friday, April 25, 2008 3:00 PM To: MailScanner discussion Subject: Re: releasing mail from quarantine doesn't work with postfix ? Hi On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen wrote: > Hi, > > I got some troubles on releasing mails from the quarantine. > I got a postfix Server on a SuSE 10.3 and followed the instructions at > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :postfix:how_to:release_quarantined_mail&s=quarantine > > But it simply doesn't work... the message stays in the directory. I where in > the IRC channel because of this, but nobody could help me... I've been on the channel the last 12 hours ... havent seen anything like that on the channel ... The above description aint much of a help ... since there are many ways on that site to release a mail ... > Any suggestions ? Give us some more info, so we might have an idea where the problem is .. best regards Mikael Syska -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at tippingmar.com Fri Apr 25 22:17:40 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Fri Apr 25 22:18:24 2008 Subject: watermark error? In-Reply-To: <480E1285.1050902@tippingmar.com> References: <480E1285.1050902@tippingmar.com> Message-ID: <48124A74.40603@tippingmar.com> Mark Nienberg wrote: > I've been experimenting with the watermark feature in MailScanner > 4.68.8. Sometimes it detects a bad watermark on a valid message. Can > anyone tell me why the bad watermark was detected on the following > message? The bounce message contains the original message that was > watermarked as it left my server. I've munged the email addresses but > that is all. Thanks, > I've got more examples too if that helps. This happens fairly often. Could it be a misconfiguration on my part? Here is the relevant part of MailScanner.conf. Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes # while testing we just add 1 to the spam score Treat Invalid Watermarks With No Sender as Spam = 1 Check Watermarks To Skip Spam Checks = no Watermark Secret = %org-name%-xxxx Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Mark From mikael at syska.dk Sat Apr 26 00:34:36 2008 From: mikael at syska.dk (Mikael Syska) Date: Sat Apr 26 00:35:25 2008 Subject: watermark error? In-Reply-To: <48124A74.40603@tippingmar.com> References: <480E1285.1050902@tippingmar.com> <48124A74.40603@tippingmar.com> Message-ID: <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> Well ... maybe I see kind a the same ... dont know ... still in testing phase here ... But does it log bad(you mean invalid ?) watermarks ... I havent seen any options to toggle it yet ? There are not output when running "MailScanner --debug --debug-sa" ... so I'm not sure where it output info if it should scan for watermarks ... Using rules to scan some domains .... so... I'm only 95% that mine is working ... Jules, can you give any hints here ... or maybe you Mark :-) mvh Mikael Syska On Fri, Apr 25, 2008 at 11:17 PM, Mark Nienberg wrote: > Mark Nienberg wrote: > > > I've been experimenting with the watermark feature in MailScanner 4.68.8. > Sometimes it detects a bad watermark on a valid message. Can anyone tell me > why the bad watermark was detected on the following message? The bounce > message contains the original message that was watermarked as it left my > server. I've munged the email addresses but that is all. Thanks, > > > > > I've got more examples too if that helps. This happens fairly often. > Could it be a misconfiguration on my part? Here is the relevant part of > MailScanner.conf. > > Use Watermarking = yes > Add Watermark = yes > Check Watermarks With No Sender = yes > # while testing we just add 1 to the spam score > Treat Invalid Watermarks With No Sender as Spam = 1 > Check Watermarks To Skip Spam Checks = no > Watermark Secret = %org-name%-xxxx > Watermark Lifetime = 604800 > Watermark Header = X-%org-name%-MailScanner-Watermark: > > Mark > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mikael at syska.dk Sat Apr 26 00:37:41 2008 From: mikael at syska.dk (Mikael Syska) Date: Sat Apr 26 00:37:54 2008 Subject: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9364FC92@exchange.computerrents.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <6beca9db0804251259w29a8d3a4t1a336b87a822594a@mail.gmail.com> <3B1A431BDA34C54581BE43253BC1BD9364FC92@exchange.computerrents.com> Message-ID: <6beca9db0804251637x3b9c9b11n23e53aa7298e8e4f@mail.gmail.com> Hi, On Fri, Apr 25, 2008 at 11:28 PM, Mohammed Alli wrote: > I just wanted to let everyone know that I've been able to install Ubuntu > 8.04 with MailScanner 4.68.8 (Debian .deb package) and MailWatch 1.0.4 > with no problems. Everything is working as expected. I call it the > SpamSnake. If this is in reply to the other thread on the list, regarding Ubuntu and the 1 year old version of MS, then you have commented the wrong one, or hijacked a thread, dont do that. Nice, but tell Jules it .... not sure his following all threads on the mailing list. mvh Mikael Syska From lists at tippingmar.com Sat Apr 26 01:50:18 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Sat Apr 26 01:51:04 2008 Subject: watermark error? In-Reply-To: <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> References: <480E1285.1050902@tippingmar.com> <48124A74.40603@tippingmar.com> <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> Message-ID: <48127C4A.2090303@tippingmar.com> Mikael Syska wrote: > Well ... maybe I see kind a the same ... dont know ... still in > testing phase here ... > > But does it log bad(you mean invalid ?) watermarks ... I havent seen > any options to toggle it yet ? > An example from the maillog: Apr 24 16:43:09 tesla sendmail[13227]: m3ONh4nm013227: from=<>, size=116484, class=0, nrcpts=1, msgid=<81b350d6-6a83-4301-ac5a-6c93fa7af7a0>, proto=ESMTP, daemon=MTA, relay=server83.appriver.com [72.32.68.79] Apr 24 16:43:10 tesla MailScanner[12395]: New Batch: Scanning 1 messages, 116966 bytes Apr 24 16:43:10 tesla MailScanner[12395]: Spam Checks: Starting Apr 24 16:43:10 tesla MailScanner[12395]: Message m3ONh4nm013227 had bad watermark, added 1 to spam score Apr 24 16:43:13 tesla MailScanner[12395]: Message m3ONh4nm013227 from 72.32.68.79 () to tippingmar.com is not spam, SpamAssassin (not cached, score=1.204, required 5.5, BAYES_00 -0.50, HTML_MESSAGE 0.00, INVALID_MSGID 1.90, MIME_BOUND_MANY_HEX 0.80, RCVD_IN_DNSWL_LOW -1.00) Apr 24 16:43:13 tesla MailScanner[12395]: Spam Checks completed at 47384 bytes per second Apr 24 16:43:13 tesla MailScanner[12395]: Virus and Content Scanning: Starting Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing m3ONh4nm013227 07115In voice6751.pdf (no rule matched) Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing m3ONh4nm013227 msg-123 95-29.html (no rule matched) Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing m3ONh4nm013227 msg-123 95-28.msg (no rule matched) Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing m3ONh4nm013227 msg-123 95-27.html (no rule matched) Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing m3ONh4nm013227 msg-123 95-26.txt Apr 24 16:43:16 tesla MailScanner[12395]: Uninfected: Delivered 1 messages Apr 24 16:43:16 tesla sendmail[13237]: m3ONh4nm013227: to=noyes, delay=00:00:09, xdelay=00:00:00, mailer=local, pri=236484, dsn=2.0.0, stat=Sent Mark From MailScanner at ecs.soton.ac.uk Sat Apr 26 09:56:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 26 09:57:29 2008 Subject: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <6beca9db0804251637x3b9c9b11n23e53aa7298e8e4f@mail.gmail.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <6beca9db0804251259w29a8d3a4t1a336b87a822594a@mail.gmail.com> <3B1A431BDA34C54581BE43253BC1BD9364FC92@exchange.computerrents.com> <6beca9db0804251637x3b9c9b11n23e53aa7298e8e4f@mail.gmail.com> Message-ID: <4812EE46.9000902@ecs.soton.ac.uk> Mikael Syska wrote: > Hi, > > On Fri, Apr 25, 2008 at 11:28 PM, Mohammed Alli wrote: > >> I just wanted to let everyone know that I've been able to install Ubuntu >> 8.04 with MailScanner 4.68.8 (Debian .deb package) and MailWatch 1.0.4 >> with no problems. Everything is working as expected. I call it the >> SpamSnake. >> > > If this is in reply to the other thread on the list, regarding Ubuntu > and the 1 year old version of MS, then you have commented the wrong > one, or hijacked a thread, dont do that. > > Nice, but tell Jules it .... not sure his following all threads on the > mailing list. > What's the instructions for installing the .deb? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrebsamen at unimatrix0.ch Sat Apr 26 11:04:17 2008 From: mrebsamen at unimatrix0.ch (Marco Rebsamen) Date: Sat Apr 26 11:03:52 2008 Subject: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <6beca9db0804251259w29a8d3a4t1a336b87a822594a@mail.gmail.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <6beca9db0804251259w29a8d3a4t1a336b87a822594a@mail.gmail.com> Message-ID: <200804261204.17912.mrebsamen@unimatrix0.ch> Am Freitag, 25. April 2008 21:59:45 schrieb Mikael Syska: > Hi > > On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen wrote: > > Hi, > > > > I got some troubles on releasing mails from the quarantine. > > I got a postfix Server on a SuSE 10.3 and followed the instructions at > > > > > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta: > >postfix:how_to:release_quarantined_mail&s=quarantine > > > > But it simply doesn't work... the message stays in the directory. I > > where in the IRC channel because of this, but nobody could help me... > > I've been on the channel the last 12 hours ... havent seen anything > like that on the channel ... Well I havn't said that I was there within the last 12 hours... > > The above description aint much of a help ... since there are many > ways on that site to release a mail ... > I got these 2 settings in my MailScanner config... Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes and I followed the instructions of "Releasing mail from the quarantine - queue files". And I got no subdirectories in /var/spool/postfix/incoming. I hope this helps..... > > Any suggestions ? > > Give us some more info, so we might have an idea where the problem is .. > > best regards > Mikael Syska From mikael at syska.dk Sat Apr 26 12:13:22 2008 From: mikael at syska.dk (Mikael Syska) Date: Sat Apr 26 12:13:58 2008 Subject: watermark error? In-Reply-To: <48127C4A.2090303@tippingmar.com> References: <480E1285.1050902@tippingmar.com> <48124A74.40603@tippingmar.com> <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> <48127C4A.2090303@tippingmar.com> Message-ID: <6beca9db0804260413w31a2e1aep7f9931bbb5e0295d@mail.gmail.com> Hi, On Sat, Apr 26, 2008 at 2:50 AM, Mark Nienberg wrote: > Mikael Syska wrote: > > > Well ... maybe I see kind a the same ... dont know ... still in > > testing phase here ... > > > > But does it log bad(you mean invalid ?) watermarks ... I havent seen > > any options to toggle it yet ? > > > > > An example from the maillog: > > Apr 24 16:43:09 tesla sendmail[13227]: m3ONh4nm013227: from=<>, > size=116484, class=0, > nrcpts=1, msgid=<81b350d6-6a83-4301-ac5a-6c93fa7af7a0>, proto=ESMTP, > daemon=MTA, > relay=server83.appriver.com [72.32.68.79] > > Apr 24 16:43:10 tesla MailScanner[12395]: New Batch: Scanning 1 messages, > 116966 bytes > Apr 24 16:43:10 tesla MailScanner[12395]: Spam Checks: Starting > > Apr 24 16:43:10 tesla MailScanner[12395]: Message m3ONh4nm013227 had bad > watermark, > added 1 to spam score I get nothing like that in my maillog ... am I supposed to turn something on ? I got: root [/usr/local/etc/MailScanner/rules]# grep "Debug" ../MailScanner.conf # Set Debug to "yes" to stop it running as a daemon and just process Debug = yes Debug SpamAssassin = yes root [/usr/local/etc/MailScanner/rules]# grep "Water" ../MailScanner.conf # Watermarking Use Watermarking = yes Add Watermark = %rules-dir%/watermarking.add.rules Check Watermarks With No Sender = %rules-dir%/watermarking.check.rules Treat Invalid Watermarks With No Sender as Spam = spam Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-something Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Did I miss something or is it just freebsd that is messing with me ? > Apr 24 16:43:13 tesla MailScanner[12395]: Message m3ONh4nm013227 from > 72.32.68.79 () > to tippingmar.com is not spam, SpamAssassin (not cached, score=1.204, > required 5.5, > BAYES_00 -0.50, HTML_MESSAGE 0.00, INVALID_MSGID 1.90, MIME_BOUND_MANY_HEX > 0.80, > RCVD_IN_DNSWL_LOW -1.00) > > Apr 24 16:43:13 tesla MailScanner[12395]: Spam Checks completed at 47384 > bytes per second > Apr 24 16:43:13 tesla MailScanner[12395]: Virus and Content Scanning: > Starting > Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing > m3ONh4nm013227 07115In > voice6751.pdf (no rule matched) > Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing > m3ONh4nm013227 msg-123 > 95-29.html (no rule matched) > Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing > m3ONh4nm013227 msg-123 > 95-28.msg (no rule matched) > Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing > m3ONh4nm013227 msg-123 > 95-27.html (no rule matched) > Apr 24 16:43:16 tesla MailScanner[12395]: Filename Checks: Allowing > m3ONh4nm013227 msg-123 > 95-26.txt > > Apr 24 16:43:16 tesla MailScanner[12395]: Uninfected: Delivered 1 messages > > Apr 24 16:43:16 tesla sendmail[13237]: m3ONh4nm013227: to=noyes, > delay=00:00:09, > xdelay=00:00:00, mailer=local, pri=236484, dsn=2.0.0, stat=Sent > > > > Mark > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From wilson.galafassi at gmail.com Sat Apr 26 13:03:07 2008 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Sat Apr 26 13:03:38 2008 Subject: RES: filename block In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D023467A9@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D023467A9@aiainsurance.com> Message-ID: <481319f7.0807c00a.3fed.ffff911c@mx.google.com> Thanks. Works fine now. -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Ken Goods Enviada em: sexta-feira, 25 de abril de 2008 15:21 Para: 'MailScanner discussion' Assunto: RE: filename block Wilson A. Galafassi Jr. wrote: > Hello. > > I want to some emails have all filename and filetypes unblocked. > So i have created this 2 files: > > /etc/MailScanner/filetype.rules.rules and > /etc/MailScanner/filename.rules.rules > > Inside that files: > FromOrTo: admin@domain.com > /etc/MailScanner/filetype.rules.allowall.conf FromOrTo: > admin@domain.com /etc/MailScanner/filename.rules.allowall.conf > > > But when i send some exe file the email is blocked. > > What i have to configure to this feature work? > > Thanks, > Wilson Galafasi I think you're close but you didn't say what was in your filename.rules.allowall.conf file... maybe you just need to edit your MailScanner.conf? Here's what I did... there may be an easier/different way. Create two files in your /etc/MailScanner directory: filename.allow.all.conf filetype.allow.all.conf Both containing... allow . - - This rule allows all filetypes and names (remember to use tabs between) Create two files in your rules directory: filetype.rules containing.... To: admin@domain.com /etc/MailScanner/filetype.allow.all.conf FromOrTo: default /etc/MailScanner/filetype.rules.conf (the filetype rule default file) filename.rules containing.... To: admin@domain.com /etc/MailScanner/filename.allow.all.conf FromOrTo: default /etc/MailScanner/filename.rules.conf (the filename rule default file) Then in MailScanner.conf edit and add.... Filename Rules = /etc/MailScanner/rules/filename.rules and.. Filetype Rules = /etc/MailScanner/rules/filetype.rules When an email comes in to admin@domain.com MailScanner directs it to the allow.conf's and for everyone else it goes to the default conf's. You may need to adjust the paths depending on your distribution. Hope this helps. Ken Goods Network Administrator CropUSA Insurance, Inc. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From wilson.galafassi at gmail.com Sat Apr 26 13:05:09 2008 From: wilson.galafassi at gmail.com (Wilson A. Galafassi Jr.) Date: Sat Apr 26 13:05:46 2008 Subject: RES: Notices From In-Reply-To: <4811666F.1070005@vanderkooij.org> References: <48113f8c.050cc00a.0425.ffffa7ae@mx.google.com> <4811666F.1070005@vanderkooij.org> Message-ID: <48131a6f.0807c00a.3fa5.ffff8b21@mx.google.com> I want to change the from fied in the mail notification sent to the sender of content blocked. Now appear "MailScanner". It?s possible to change? Thanks, Wilson -----Mensagem original----- De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Hugo van der Kooij Enviada em: sexta-feira, 25 de abril de 2008 02:05 Para: MailScanner discussion Assunto: Re: Notices From -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wilson A. Galafassi Jr. wrote: | I have enabled the option ?Send Notices = yes? in MailScanner.conf and i | have changed the ?Notices From =? to other sender. But the messages | still sending with from ?MailScanner?. My guess is you are looking at the From: line and not at the actual SMTP communication. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIEWZtBvzDRVjxmYERAoFDAKC0B/UOo8o5V4ymYE6L90J5zTdcZACfU6BC afv2mqSeObX+qKHDeqWXib0= =kw8i -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Sat Apr 26 13:57:47 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Apr 26 13:58:31 2008 Subject: watermark error? In-Reply-To: <6beca9db0804260413w31a2e1aep7f9931bbb5e0295d@mail.gmail.com> References: <480E1285.1050902@tippingmar.com> <48124A74.40603@tippingmar.com> <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> <48127C4A.2090303@tippingmar.com> <6beca9db0804260413w31a2e1aep7f9931bbb5e0295d@mail.gmail.com> Message-ID: <481326CB.20004@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mikael Syska wrote: | I get nothing like that in my maillog ... am I supposed to turn something on ? Your spouse? ;-) But did you test on a bounce message? Your sample shows a normal sender. | I got: | root [/usr/local/etc/MailScanner/rules]# grep "Debug" ../MailScanner.conf | # Set Debug to "yes" to stop it running as a daemon and just process | Debug = yes | Debug SpamAssassin = yes Don't do this. Debugging should be started from the commandline but not from the config file. | root [/usr/local/etc/MailScanner/rules]# grep "Water" ../MailScanner.conf | # Watermarking | Use Watermarking = yes | Add Watermark = %rules-dir%/watermarking.add.rules | Check Watermarks With No Sender = %rules-dir%/watermarking.check.rules Please show these rule files as well. | Treat Invalid Watermarks With No Sender as Spam = spam | Check Watermarks To Skip Spam Checks = yes | Watermark Secret = %org-name%-something | Watermark Lifetime = 604800 | Watermark Header = X-%org-name%-MailScanner-Watermark: | | Did I miss something or is it just freebsd that is messing with me ? Must be a BSD thing ;-) Boys Searching for Dates shouldn't filter their email. But I guess the OS shouldn't matter. Your perl setup might be another thing. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIEybJBvzDRVjxmYERAqX4AJ4uVfDrY/kopRu06U1Pb1ie72v+LwCcCRi/ WMmdm0IUZamrX9X4A6WoWek= =TsON -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sat Apr 26 14:55:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Apr 26 14:56:04 2008 Subject: RES: Notices From In-Reply-To: <48131a6f.0807c00a.3fa5.ffff8b21@mx.google.com> References: <48113f8c.050cc00a.0425.ffffa7ae@mx.google.com> <4811666F.1070005@vanderkooij.org> <48131a6f.0807c00a.3fa5.ffff8b21@mx.google.com> Message-ID: <48133441.3040108@ecs.soton.ac.uk> Take a look in the directory set as %report-dir%, which by default is /etc/MailScanner/reports/en but you may well have changed it to a different language. You are probably most interested in the "sender.*" files in that directory. Wilson A. Galafassi Jr. wrote: > I want to change the from fied in the mail notification sent to the sender of content blocked. Now appear "MailScanner". It?s possible to change? > Thanks, > Wilson > > > -----Mensagem original----- > De: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Em nome de Hugo van der Kooij > Enviada em: sexta-feira, 25 de abril de 2008 02:05 > Para: MailScanner discussion > Assunto: Re: Notices From > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Wilson A. Galafassi Jr. wrote: > > | I have enabled the option ?Send Notices = yes? in MailScanner.conf and i > | have changed the ?Notices From =? to other sender. But the messages > | still sending with from ?MailScanner?. > > My guess is you are looking at the From: line and not at the actual SMTP > communication. > > Hugo. > > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIEWZtBvzDRVjxmYERAoFDAKC0B/UOo8o5V4ymYE6L90J5zTdcZACfU6BC > afv2mqSeObX+qKHDeqWXib0= > =kw8i > -----END PGP SIGNATURE----- > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikael at syska.dk Sat Apr 26 14:59:47 2008 From: mikael at syska.dk (Mikael Syska) Date: Sat Apr 26 15:00:28 2008 Subject: watermark error? In-Reply-To: <481326CB.20004@vanderkooij.org> References: <480E1285.1050902@tippingmar.com> <48124A74.40603@tippingmar.com> <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> <48127C4A.2090303@tippingmar.com> <6beca9db0804260413w31a2e1aep7f9931bbb5e0295d@mail.gmail.com> <481326CB.20004@vanderkooij.org> Message-ID: <6beca9db0804260659g2df33785w3c742289b18ed948@mail.gmail.com> Hi, On Sat, Apr 26, 2008 at 2:57 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Mikael Syska wrote: > > | I get nothing like that in my maillog ... am I supposed to turn > something on ? > > Your spouse? ;-) > > But did you test on a bounce message? Your sample shows a normal sender. This is not me that started this thread, but I just joined in as I also have some problems. Sorry for hijacking, but I guess it would help both parts. I have sendt emails from the box to a not existent user at gmail ... and get a NDR, when modifying the rules, to not add watermark, it gets tagged as spam as it should be. So I guess the rules are working ... when turned the "check" rules off ... and default is "yes" to check null senders, it gets tagged. > > | I got: > | root [/usr/local/etc/MailScanner/rules]# grep "Debug" ../MailScanner.conf > | # Set Debug to "yes" to stop it running as a daemon and just process > | Debug = yes > | Debug SpamAssassin = yes > > Don't do this. Debugging should be started from the commandline but not > from the config file. Well, did both things ... still dont get much output. Not using SA btw, since this is only a test box ... > > > | root [/usr/local/etc/MailScanner/rules]# grep "Water" ../MailScanner.conf > | # Watermarking > | Use Watermarking = yes > | Add Watermark = %rules-dir%/watermarking.add.rules > | Check Watermarks With No Sender = %rules-dir%/watermarking.check.rules > > Please show these rule files as well. root [/usr/local/etc/MailScanner/rules]# cat watermarking.add.rules From: mailtrap.dk yes FromOrTo: default no root [/usr/local/etc/MailScanner/rules]# cat watermarking.check.rules To: mailtrap.dk yes FromOrTo: default no > > | Treat Invalid Watermarks With No Sender as Spam = spam > | Check Watermarks To Skip Spam Checks = yes > | Watermark Secret = %org-name%-something > | Watermark Lifetime = 604800 > | Watermark Header = X-%org-name%-MailScanner-Watermark: > | > | Did I miss something or is it just freebsd that is messing with me ? > > Must be a BSD thing ;-) Boys Searching for Dates shouldn't filter their > email. But I guess the OS shouldn't matter. Your perl setup might be > another thing. I'm also lost here ... and want to be sure its not BSD related, but could be. Running FreeBSD 7.0 btw if there are other bsd users out there with the same problem ... > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIEybJBvzDRVjxmYERAqX4AJ4uVfDrY/kopRu06U1Pb1ie72v+LwCcCRi/ > WMmdm0IUZamrX9X4A6WoWek= > =TsON > -----END PGP SIGNATURE----- > -- > > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From hden at kcbbs.gen.nz Sun Apr 27 01:39:14 2008 From: hden at kcbbs.gen.nz (Hendrik den Hartog) Date: Sun Apr 27 01:16:06 2008 Subject: Testing Whitelist Message-ID: <20080427003914.GA27902@mew.kcbbs.gen.nz> Hello Can I please ask for some clarification as to whether it is possible to test the whitelist rules? I see an option of 'MailScanner --value= --from=' Is this for testing? and if so, what would I put in as the value? Cheers! Dave From Andrew.Chester at ukuvuma.co.za Sun Apr 27 03:00:54 2008 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Sun Apr 27 03:01:46 2008 Subject: Andrew Chester is out of the office. Message-ID: I will be out of the office starting 2008/04/27 and will not return until 2008/05/06. I will respond to your message when I return. In case of emergency, please contact Eugene Bredenkamp on 0768107328, or Dawid Van Heerden 0827707919. CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. From malli at mcrirents.com Sun Apr 27 06:06:29 2008 From: malli at mcrirents.com (Mohammed Alli) Date: Sun Apr 27 05:06:16 2008 Subject: Undelivered Messages Solution? References: <480E1285.1050902@tippingmar.com><48124A74.40603@tippingmar.com> <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> <48127C4A.2090303@tippingmar.com><6beca9db0804260413w31a2e1aep7f9931bbb5e0295d@mail.gmail.com> <481326CB.20004@vanderkooij.org> Message-ID: <3B1A431BDA34C54581BE43253BC1BD9302F9BE@exchange.computerrents.com> For everyone that's having the 'Undelivered Mail Returned to Sender' messages. I think postgrey would be the solution. Let me know what you guys think. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3115 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080427/1d6ac6a1/attachment.bin From hvdkooij at vanderkooij.org Sun Apr 27 08:36:29 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Apr 27 08:37:15 2008 Subject: Testing Whitelist In-Reply-To: <20080427003914.GA27902@mew.kcbbs.gen.nz> References: <20080427003914.GA27902@mew.kcbbs.gen.nz> Message-ID: <48142CFD.3040906@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hendrik den Hartog wrote: | Hello | | Can I please ask for some clarification as to whether it is | possible to test the whitelist rules? | | I see an option of 'MailScanner --value= - --from=' | | Is this for testing? and if so, what would I put in as the value? There are some samples in the archives. Like: http://article.gmane.org/gmane.mail.virus.mailscanner/62520 But I must admit that the documentation on this is not abundant at the moment. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIFCz8BvzDRVjxmYERAhRDAJ9EQnPxpRN4HEzsqq0xJ3lcI3eHvQCcDdiP fMxG5VIunA6V4HURyRPFhAE= =ZO2J -----END PGP SIGNATURE----- From gerard at seibercom.net Sun Apr 27 12:19:35 2008 From: gerard at seibercom.net (Gerard) Date: Sun Apr 27 12:20:51 2008 Subject: Andrew Chester is out of the office. In-Reply-To: References: Message-ID: <20080427071935.7f77e4ca@scorpio> On Sun, 27 Apr 2008 04:00:54 +0200 "Andrew Chester" wrote: > > I will be out of the office starting 2008/04/27 and will not return > until 2008/05/06. > > I will respond to your message when I return. > In case of emergency, please contact Eugene Bredenkamp on 0768107328, > or Dawid Van Heerden 0827707919. > > > CONFIDENTIALITY CLAUSE This message is intended only for the use of > the individual or entity to which it is addressed and contains > information that is privileged and confidential. If the reader of > this message is not the intended recipient, or the employee or agent > responsible for delivering the message to the intended recipient, you > are hereby notified that any dissemination, distribution or copying > of this communication is strictly prohibited. If you have received > this communication in error, please notify the sender by telephone. Ya!, Andrew is out of the office. Lets go over there and have a party. I wonder if either of his contacts would mind if we forwarded all his mail to them? At least he sent a legally unenforceable disclosure statement along with his notice. However, since I did receive this message, obviously in error since any moron knows not to send a vacation message to a mail forum, I will just contact Bredenkamp and Heerden and let them know. Obviously, I will call 'collect'. Seriously, can we do something about people who don't have a clue as to how to configure a vacation message? -- Gerard gerard@seibercom.net I went into a general store ... they wouldn't sell me anything specific. Steven Wright -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080427/f1eb3f13/signature.bin From lilvalo at mikiboy.com Sun Apr 27 12:20:52 2008 From: lilvalo at mikiboy.com (Valmiki N. Ramsewak) Date: Sun Apr 27 12:21:50 2008 Subject: SMTP-AUTH mail being marked as spam Message-ID: <20080427112052.GB24975@mikiboy.com> Hi, I run the latest version of mailscanner and postfix 2.3.6. I send mail from my laptop, via the mail server. I have SMTP-AUTH enabled so only credentialed users can send. However any mail sent this way is being marked as spam. This happened to me before and I realized the problem was I wasn't having postfix add the (authenticted user = xyz) line in the mail headers, so I included that and it worked. Now I'm not sure what the problem is. If I login to my my mail server and send mail from mutt it works just fine and doesn't mark it as spam. I do want mailscanner to scan the mail, just not mark authenticated mail as spam, but check for viruses. The spamassassin score is -ve.. but it says its being marked as spam because of spamhaus-ZEN. Granted I'm on a DSL connection with dynamic ip, so I have no control over what my ip address is when I reconnect. Thanks Valmiki -- Got Speed? www.valmiki.net aim: lilvalo From spamtrap71892316634 at anime.net Sun Apr 27 12:45:11 2008 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Sun Apr 27 12:45:50 2008 Subject: Andrew Chester is out of the office. In-Reply-To: <20080427071935.7f77e4ca@scorpio> References: <20080427071935.7f77e4ca@scorpio> Message-ID: On Sun, 27 Apr 2008, Gerard wrote: > On Sun, 27 Apr 2008 04:00:54 +0200 > "Andrew Chester" wrote: >> I will be out of the office starting 2008/04/27 and will not return >> until 2008/05/06. > Ya!, Andrew is out of the office. Lets go over there and have a party. I > wonder if either of his contacts would mind if we forwarded all his > mail to them? At least he sent a legally unenforceable disclosure > statement along with his notice. However, since I did receive this > message, obviously in error since any moron knows not to send a > vacation message to a mail forum, I will just contact Bredenkamp and > Heerden and let them know. Obviously, I will call 'collect'. > > Seriously, can we do something about people who don't have a clue as to > how to configure a vacation message? The oof deserves a forced unsubscription from the list, but the unenforceable legalese raises that to a permanent ban level imo. Allowing such nondisclosure statements on the list is too legally risky and should be totally blocked. -Dan From MailScanner at ecs.soton.ac.uk Sun Apr 27 17:14:53 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 27 17:15:58 2008 Subject: SMTP-AUTH mail being marked as spam In-Reply-To: <20080427112052.GB24975@mikiboy.com> References: <20080427112052.GB24975@mikiboy.com> Message-ID: <4814A67D.3060407@ecs.soton.ac.uk> Valmiki N. Ramsewak wrote: > Hi, > I run the latest version of mailscanner and postfix 2.3.6. I > send mail from my laptop, via the mail server. I have SMTP-AUTH enabled > so only credentialed users can send. However any mail sent this way is > being marked as spam. This happened to me before and I realized the > problem was I wasn't having postfix add the (authenticted user = xyz) > line in the mail headers, so I included that and it worked. Now I'm not > sure what the problem is. > > If I login to my my mail server and send mail from mutt it works > just fine and doesn't mark it as spam. > > I do want mailscanner to scan the mail, just not mark authenticated mail > as spam, but check for viruses. > > The spamassassin score is -ve.. but it says its being marked as spam > because of spamhaus-ZEN. Granted I'm on a DSL connection with dynamic > ip, so I have no control over what my ip address is when I reconnect. > You can't use a blacklist that includes dial-up dynamic addresses on your server, connect from a dial-up dynamic address, and not expect to get blacklisted. Simple logic :-) Can you move your blacklist checking into your MTA and have Postfix not apply blacklist checks to authenticated SMTP connections? By the time MailScanner gets at it, it doesn't know whether you were authenticated or not (but you could write a simple Custom Function to set the "Spam List" setting to different values depending on the first header in the message, and look for the signs that your mail server thinks you are authenticated). Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lilvalo at mikiboy.com Sun Apr 27 17:39:01 2008 From: lilvalo at mikiboy.com (Valmiki N. Ramsewak) Date: Sun Apr 27 17:40:05 2008 Subject: SMTP-AUTH mail being marked as spam In-Reply-To: <4814A67D.3060407@ecs.soton.ac.uk> References: <20080427112052.GB24975@mikiboy.com> <4814A67D.3060407@ecs.soton.ac.uk> Message-ID: <2474BF48-60BC-4894-9932-51C834CA97F3@mikiboy.com> Thank you Julian... I just returned back home and was ready to write a custom function as you described below... Just did as you said in postfix, and it works great, my mail is no longer marked as spam... Hopefully postfix does its part now , which I'm sure it will :) Valmiki On Apr 27, 2008, at 12:14 PM, Julian Field wrote: > > > Valmiki N. Ramsewak wrote: >> Hi, >> I run the latest version of mailscanner and postfix 2.3.6. I >> send mail from my laptop, via the mail server. I have SMTP-AUTH >> enabled >> so only credentialed users can send. However any mail sent this way >> is >> being marked as spam. This happened to me before and I realized the >> problem was I wasn't having postfix add the (authenticted user = xyz) >> line in the mail headers, so I included that and it worked. Now I'm >> not >> sure what the problem is. >> If I login to my my mail server and send mail from mutt it works >> just fine and doesn't mark it as spam. >> >> I do want mailscanner to scan the mail, just not mark authenticated >> mail >> as spam, but check for viruses. >> >> The spamassassin score is -ve.. but it says its being marked as spam >> because of spamhaus-ZEN. Granted I'm on a DSL connection with dynamic >> ip, so I have no control over what my ip address is when I reconnect. >> > You can't use a blacklist that includes dial-up dynamic addresses on > your server, connect from a dial-up dynamic address, and not expect > to get blacklisted. Simple logic :-) > > Can you move your blacklist checking into your MTA and have Postfix > not apply blacklist checks to authenticated SMTP connections? > > By the time MailScanner gets at it, it doesn't know whether you were > authenticated or not (but you could write a simple Custom Function > to set the "Spam List" setting to different values depending on the > first header in the message, and look for the signs that your mail > server thinks you are authenticated). > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gerard at seibercom.net Sun Apr 27 18:10:39 2008 From: gerard at seibercom.net (Gerard) Date: Sun Apr 27 18:11:41 2008 Subject: SMTP-AUTH mail being marked as spam In-Reply-To: <4814A67D.3060407@ecs.soton.ac.uk> References: <20080427112052.GB24975@mikiboy.com> <4814A67D.3060407@ecs.soton.ac.uk> Message-ID: <20080427131039.48023e18@scorpio> On Sun, 27 Apr 2008 17:14:53 +0100 Julian Field wrote: > > > Valmiki N. Ramsewak wrote: > > Hi, > > I run the latest version of mailscanner and postfix 2.3.6. > > I send mail from my laptop, via the mail server. I have SMTP-AUTH > > enabled so only credentialed users can send. However any mail sent > > this way is being marked as spam. This happened to me before and I > > realized the problem was I wasn't having postfix add the > > (authenticted user = xyz) line in the mail headers, so I included > > that and it worked. Now I'm not sure what the problem is. > > > > If I login to my my mail server and send mail from mutt it > > works just fine and doesn't mark it as spam. > > > > I do want mailscanner to scan the mail, just not mark authenticated > > mail as spam, but check for viruses. > > > > The spamassassin score is -ve.. but it says its being marked as spam > > because of spamhaus-ZEN. Granted I'm on a DSL connection with > > dynamic ip, so I have no control over what my ip address is when I > > reconnect. > You can't use a blacklist that includes dial-up dynamic addresses on > your server, connect from a dial-up dynamic address, and not expect > to get blacklisted. Simple logic :-) > > Can you move your blacklist checking into your MTA and have Postfix > not apply blacklist checks to authenticated SMTP connections? > > By the time MailScanner gets at it, it doesn't know whether you were > authenticated or not (but you could write a simple Custom Function to > set the "Spam List" setting to different values depending on the > first header in the message, and look for the signs that your mail > server thinks you are authenticated). > > Jules Are you the only user on the system? If so, just send via port 587. Do not allow Mailscanner to touch that port. You will still receive mail via port 25, which is scanned by Mailscanner. It is fairly trivial to set that up on a Postfix system. -- Gerard gerard@seibercom.net Cogito cogito ergo cogito sum: "I think that I think, therefore I think that I am." Ambrose Bierce, "The Devil's Dictionary" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080427/25274b73/signature.bin From MailScanner at ecs.soton.ac.uk Sun Apr 27 18:30:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Apr 27 18:31:17 2008 Subject: SMTP-AUTH mail being marked as spam In-Reply-To: <20080427131039.48023e18@scorpio> References: <20080427112052.GB24975@mikiboy.com> <4814A67D.3060407@ecs.soton.ac.uk> <20080427131039.48023e18@scorpio> Message-ID: <4814B833.9080302@ecs.soton.ac.uk> Gerard wrote: > On Sun, 27 Apr 2008 17:14:53 +0100 > Julian Field wrote: > > >> Valmiki N. Ramsewak wrote: >> >>> Hi, >>> I run the latest version of mailscanner and postfix 2.3.6. >>> I send mail from my laptop, via the mail server. I have SMTP-AUTH >>> enabled so only credentialed users can send. However any mail sent >>> this way is being marked as spam. This happened to me before and I >>> realized the problem was I wasn't having postfix add the >>> (authenticted user = xyz) line in the mail headers, so I included >>> that and it worked. Now I'm not sure what the problem is. >>> >>> If I login to my my mail server and send mail from mutt it >>> works just fine and doesn't mark it as spam. >>> >>> I do want mailscanner to scan the mail, just not mark authenticated >>> mail as spam, but check for viruses. >>> >>> The spamassassin score is -ve.. but it says its being marked as spam >>> because of spamhaus-ZEN. Granted I'm on a DSL connection with >>> dynamic ip, so I have no control over what my ip address is when I >>> reconnect. >>> >> You can't use a blacklist that includes dial-up dynamic addresses on >> your server, connect from a dial-up dynamic address, and not expect >> to get blacklisted. Simple logic :-) >> >> Can you move your blacklist checking into your MTA and have Postfix >> not apply blacklist checks to authenticated SMTP connections? >> >> By the time MailScanner gets at it, it doesn't know whether you were >> authenticated or not (but you could write a simple Custom Function to >> set the "Spam List" setting to different values depending on the >> first header in the message, and look for the signs that your mail >> server thinks you are authenticated). >> >> Jules >> > > Are you the only user on the system? If so, just send via port 587. Do > not allow Mailscanner to touch that port. You will still receive mail > via port 25, which is scanned by Mailscanner. It is fairly trivial to > set that up on a Postfix system. > If you do that, you won't get any virus scanning either, which is rather a dangerous thing to do. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Sun Apr 27 20:49:09 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sun Apr 27 20:50:30 2008 Subject: Can we nominate Julian? MailScanner? Message-ID: <8B7BD389-E596-4694-9177-3462387E8424@nkpanama.com> http://radar.oreilly.com/archives/2008/04/open-source-award-nominations.html From glenn.steen at gmail.com Sun Apr 27 20:59:09 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Apr 27 20:59:45 2008 Subject: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <200804261204.17912.mrebsamen@unimatrix0.ch> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <6beca9db0804251259w29a8d3a4t1a336b87a822594a@mail.gmail.com> <200804261204.17912.mrebsamen@unimatrix0.ch> Message-ID: <223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com> 2008/4/26 Marco Rebsamen : > Am Freitag, 25. April 2008 21:59:45 schrieb Mikael Syska: > > Hi > > > > On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen > wrote: > > > Hi, > > > > > > I got some troubles on releasing mails from the quarantine. > > > I got a postfix Server on a SuSE 10.3 and followed the instructions at > > > > > > > > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta: > > >postfix:how_to:release_quarantined_mail&s=quarantine > > > > > > But it simply doesn't work... the message stays in the directory. I > > > where in the IRC channel because of this, but nobody could help me... > > > > I've been on the channel the last 12 hours ... havent seen anything > > like that on the channel ... > > Well I havn't said that I was there within the last 12 hours... > > > > The above description aint much of a help ... since there are many > > ways on that site to release a mail ... > > > > I got these 2 settings in my MailScanner config... > > Quarantine Whole Message = yes > Quarantine Whole Messages As Queue Files = yes > > and I followed the instructions of "Releasing mail from the quarantine - queue > files". And I got no subdirectories in /var/spool/postfix/incoming. > > I hope this helps..... A bit:-). Postfix is very particular about the ownership and mode... The file in the incoming directory (that you copy there) should be owned by your postfix user/group (usually "postfix":-) and be mode -rwx------ (chmod 0700 ...), so start by making sure of that. Also ... you might have something informative in the logs perhaps? Look in all logs, if you do logfile splitting (info, warning and error ...). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Sun Apr 27 21:16:09 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Apr 27 21:16:53 2008 Subject: Can we nominate Julian? MailScanner? In-Reply-To: <8B7BD389-E596-4694-9177-3462387E8424@nkpanama.com> References: <8B7BD389-E596-4694-9177-3462387E8424@nkpanama.com> Message-ID: <4814DF09.8030403@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | http://radar.oreilly.com/archives/2008/04/open-source-award-nominations.html I have send in a request. Don't hesitate to copycat. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIFN8HBvzDRVjxmYERAgBRAKCkgsYkEh0/nDa1obrwneNqFbVT0ACgifT6 A3zqHPmUMv8uKB2T4CA+fM8= =YPoG -----END PGP SIGNATURE----- From kevin.murphy at midland-ics.ie Sun Apr 27 22:41:05 2008 From: kevin.murphy at midland-ics.ie (kevin.murphy@midland-ics.ie) Date: Sun Apr 27 22:41:57 2008 Subject: Can we nominate Julian? MailScanner? In-Reply-To: <8B7BD389-E596-4694-9177-3462387E8424@nkpanama.com> References: <8B7BD389-E596-4694-9177-3462387E8424@nkpanama.com> Message-ID: <370540038-1209332473-cardhu_decombobulator_blackberry.rim.net-2137648992-@bxe052.bisx.produk.on.blackberry> Definitely agree Let your email find you with BlackBerry? from Vodafone -----Original Message----- From: Alex Neuman Date: Sun, 27 Apr 2008 14:49:09 To:MailScanner discussion Subject: Can we nominate Julian? MailScanner? http://radar.oreilly.com/archives/2008/04/open-source-award-nominations.html -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrebsamen at unimatrix0.ch Sun Apr 27 23:25:50 2008 From: mrebsamen at unimatrix0.ch (Marco Rebsamen) Date: Sun Apr 27 23:25:23 2008 Subject: ****SPAM**** Re: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <200804261204.17912.mrebsamen@unimatrix0.ch> <223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com> Message-ID: <200804280025.50756.mrebsamen@unimatrix0.ch> Am Sonntag, 27. April 2008 21:59:09 schrieb Glenn Steen: > 2008/4/26 Marco Rebsamen : > > Am Freitag, 25. April 2008 21:59:45 schrieb Mikael Syska: > > > Hi > > > > > > On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen > > > > > > > wrote: > > > > Hi, > > > > > > > > I got some troubles on releasing mails from the quarantine. > > > > I got a postfix Server on a SuSE 10.3 and followed the instructions > > > > at > > > > > > > > > > > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration > > > >:mta: postfix:how_to:release_quarantined_mail&s=quarantine > > > > > > > > But it simply doesn't work... the message stays in the directory. I > > > > where in the IRC channel because of this, but nobody could help > > > > me... > > > > > > I've been on the channel the last 12 hours ... havent seen anything > > > like that on the channel ... > > > > Well I havn't said that I was there within the last 12 hours... > > > > > The above description aint much of a help ... since there are many > > > ways on that site to release a mail ... > > > > I got these 2 settings in my MailScanner config... > > > > Quarantine Whole Message = yes > > Quarantine Whole Messages As Queue Files = yes > > > > and I followed the instructions of "Releasing mail from the quarantine - > > queue files". And I got no subdirectories in /var/spool/postfix/incoming. > > > > I hope this helps..... > > A bit:-). > Postfix is very particular about the ownership and mode... The file in > the incoming directory (that you copy there) should be owned by your > postfix user/group (usually "postfix":-) and be mode -rwx------ (chmod > 0700 ...), so start by making sure of that. > Also ... you might have something informative in the logs perhaps? > Look in all logs, if you do logfile splitting (info, warning and error > ...). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Ok, I checked these permissions... they where right... It looks like the problem is the file name of the queue file. They look like that: 12FC0236A4.1B60B then i get this message in the logile: Apr 27 23:56:48 race-winner postfix/postsuper[25736]: warning: bogus file name: incoming/12FC0236A4.1B60B and When i rename the file and remove the ".06E41" stuff the message gets delivered.... Why do i have such crappy names ?? From gerard at seibercom.net Sun Apr 27 23:32:21 2008 From: gerard at seibercom.net (Gerard) Date: Sun Apr 27 23:33:13 2008 Subject: SMTP-AUTH mail being marked as spam In-Reply-To: <4814B833.9080302@ecs.soton.ac.uk> References: <20080427112052.GB24975@mikiboy.com> <4814A67D.3060407@ecs.soton.ac.uk> <20080427131039.48023e18@scorpio> <4814B833.9080302@ecs.soton.ac.uk> Message-ID: <20080427183221.22b31863@scorpio> On Sun, 27 Apr 2008 18:30:27 +0100 Julian Field wrote: > > > Gerard wrote: > > On Sun, 27 Apr 2008 17:14:53 +0100 > > Julian Field wrote: > > > > > >> Valmiki N. Ramsewak wrote: > >> > >>> Hi, > >>> I run the latest version of mailscanner and postfix 2.3.6. > >>> I send mail from my laptop, via the mail server. I have SMTP-AUTH > >>> enabled so only credentialed users can send. However any mail sent > >>> this way is being marked as spam. This happened to me before and I > >>> realized the problem was I wasn't having postfix add the > >>> (authenticted user = xyz) line in the mail headers, so I included > >>> that and it worked. Now I'm not sure what the problem is. > >>> > >>> If I login to my my mail server and send mail from mutt it > >>> works just fine and doesn't mark it as spam. > >>> > >>> I do want mailscanner to scan the mail, just not mark > >>> authenticated mail as spam, but check for viruses. > >>> > >>> The spamassassin score is -ve.. but it says its being marked as > >>> spam because of spamhaus-ZEN. Granted I'm on a DSL connection with > >>> dynamic ip, so I have no control over what my ip address is when I > >>> reconnect. > >>> > >> You can't use a blacklist that includes dial-up dynamic addresses > >> on your server, connect from a dial-up dynamic address, and not > >> expect to get blacklisted. Simple logic :-) > >> > >> Can you move your blacklist checking into your MTA and have Postfix > >> not apply blacklist checks to authenticated SMTP connections? > >> > >> By the time MailScanner gets at it, it doesn't know whether you > >> were authenticated or not (but you could write a simple Custom > >> Function to set the "Spam List" setting to different values > >> depending on the first header in the message, and look for the > >> signs that your mail server thinks you are authenticated). > >> > >> Jules > >> > > > > Are you the only user on the system? If so, just send via port 587. > > Do not allow Mailscanner to touch that port. You will still receive > > mail via port 25, which is scanned by Mailscanner. It is fairly > > trivial to set that up on a Postfix system. > > > If you do that, you won't get any virus scanning either, which is > rather a dangerous thing to do. If he is the only user of the system, there really is not any risk. He should know whether he is sending SPAM or not. I know several instances of Postfix configured in exactly that manner. Now, if he is hosting a mail server for others, then that is a different matter. I was not lead to believe that however. He still enjoys the protection of Mainscanner on his inbound mail (port 25) so I really do not see the problem. Just my 2?. -- Gerard gerard@seibercom.net A LISP programmer knows the value of everything, but the cost of nothing. Alan Perlis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080427/e64ac065/signature.bin From lilvalo at mikiboy.com Mon Apr 28 00:47:01 2008 From: lilvalo at mikiboy.com (Valmiki N. Ramsewak) Date: Mon Apr 28 00:47:49 2008 Subject: SMTP-AUTH mail being marked as spam In-Reply-To: <20080427183221.22b31863@scorpio> References: <20080427112052.GB24975@mikiboy.com> <4814A67D.3060407@ecs.soton.ac.uk> <20080427131039.48023e18@scorpio> <4814B833.9080302@ecs.soton.ac.uk> <20080427183221.22b31863@scorpio> Message-ID: <50482EEC-E6A5-4301-83E0-76E4D0F0C70F@mikiboy.com> On Apr 27, 2008, at 6:32 PM, Gerard wrote: > On Sun, 27 Apr 2008 18:30:27 +0100 > Julian Field wrote: > >> >> >> Gerard wrote: >>> On Sun, 27 Apr 2008 17:14:53 +0100 >>> Julian Field wrote: >>> >>> >>>> Valmiki N. Ramsewak wrote: >>>> >>>>> Hi, >>>>> I run the latest version of mailscanner and postfix 2.3.6. >>>>> I send mail from my laptop, via the mail server. I have SMTP-AUTH >>>>> enabled so only credentialed users can send. However any mail sent >>>>> this way is being marked as spam. This happened to me before and I >>>>> realized the problem was I wasn't having postfix add the >>>>> (authenticted user = xyz) line in the mail headers, so I included >>>>> that and it worked. Now I'm not sure what the problem is. >>>>> >>>>> If I login to my my mail server and send mail from mutt it >>>>> works just fine and doesn't mark it as spam. >>>>> >>>>> I do want mailscanner to scan the mail, just not mark >>>>> authenticated mail as spam, but check for viruses. >>>>> >>>>> The spamassassin score is -ve.. but it says its being marked as >>>>> spam because of spamhaus-ZEN. Granted I'm on a DSL connection with >>>>> dynamic ip, so I have no control over what my ip address is when I >>>>> reconnect. >>>>> >>>> You can't use a blacklist that includes dial-up dynamic addresses >>>> on your server, connect from a dial-up dynamic address, and not >>>> expect to get blacklisted. Simple logic :-) >>>> >>>> Can you move your blacklist checking into your MTA and have Postfix >>>> not apply blacklist checks to authenticated SMTP connections? >>>> >>>> By the time MailScanner gets at it, it doesn't know whether you >>>> were authenticated or not (but you could write a simple Custom >>>> Function to set the "Spam List" setting to different values >>>> depending on the first header in the message, and look for the >>>> signs that your mail server thinks you are authenticated). >>>> >>>> Jules >>>> >>> >>> Are you the only user on the system? If so, just send via port 587. >>> Do not allow Mailscanner to touch that port. You will still receive >>> mail via port 25, which is scanned by Mailscanner. It is fairly >>> trivial to set that up on a Postfix system. >>> >> If you do that, you won't get any virus scanning either, which is >> rather a dangerous thing to do. > > If he is the only user of the system, there really is not any risk. He > should know whether he is sending SPAM or not. I know several > instances > of Postfix configured in exactly that manner. Now, if he is hosting a > mail server for others, then that is a different matter. I was not > lead > to believe that however. He still enjoys the protection of Mainscanner > on his inbound mail (port 25) so I really do not see the problem. > > Just my 2?. Just to clarify there are other users/domains on my server. But while theoretically your solution is "safe" for a single user, for windows users there is too much risk if the system is exploited (you'd think someone capable of running a mail server can keep a win machine updated but you never know). I like the idea of having all entrances guarded, not having a secret entrance unguarded with only a secret to get in. My setup is port 25 is regular, only sends/relays from localhost.. port xx is widely open to any network for sending/relaying, but you must authenticate or your mail will not go through. They all end up in mailscanner after that :) From jpitoniak at cybervzhn.com Mon Apr 28 01:45:58 2008 From: jpitoniak at cybervzhn.com (Jeff Pitoniak) Date: Mon Apr 28 01:46:06 2008 Subject: mail passes through spamassassin and clamd but sticks in hold queue, never delivered to local mailbox Message-ID: <00f201c8a8c9$39759840$020aa8c0@desktop> I have dug, sifted, and searched through everything I could find in regard to this issue and nothing has resolved my mail stuck in hold queue issue. Every test I can find on the web and in lists seems to pass however mail just sits in hold queue undelivered for local recipients even though local recipient checks pass in Postfix and MailScanner seems to run it through clamd and spamassassin ending with a maillog notice of the message being whitelisted. Local mailbox delivery never occurs. I cannot seem to find anything other than an innocuous error related to pyzor. Mail is just never moved out of the hold queue. I have tested clamav and EICAR is detected and deleted, spamassassin checks appear to be working. /var/log/maillog excerpt of startup MailScanner[14410]: MailScanner E-Mail Virus Scanner version 4.68.8 starting... MailScanner[14410]: Read 819 hostnames from the phishing whitelist MailScanner[14410]: Read 3832 hostnames from the phishing blacklist MailScanner[14410]: Config: calling custom init function SQLBlacklist MailScanner[14410]: Starting up SQL Blacklist MailScanner[14410]: Read 0 blacklist entries MailScanner[14410]: Config: calling custom init function MailWatchLogging MailScanner[14410]: Started SQL Logging child MailScanner[14410]: Config: calling custom init function SQLWhitelist MailScanner[14410]: Starting up SQL Whitelist MailScanner[14410]: Read 1 whitelist entries MailScanner[14410]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp MailScanner[14410]: Using SpamAssassin results cache MailScanner[14410]: Connected to SpamAssassin cache database MailScanner[14410]: Enabling SpamAssassin auto-whitelist functionality... MailScanner[14410]: Using locktype = flock update.virus.scanners: Found clamav installed update.virus.scanners: Running autoupdate for clamav ClamAV-autoupdate[14470]: ClamAV did not need updating update.virus.scanners: Found generic installed update.virus.scanners: Running autoupdate for generic Message stuck in hold queue with an ! at the end of the QueueID... Best regards, Jeff Pitoniak -- RHEL 5.1 Postfix 2.3.3-2 MailScanner 4.68.8 Mailwatch 1.0.4 SpamAssassin 3.1.9-1 ClamAV 0.93-1 Dovecot 1.0-1.2.rc15 Squirrelmail 1.4.8-4.0.1 From arturs at netvision.net.il Mon Apr 28 08:32:49 2008 From: arturs at netvision.net.il (Arthur Sherman) Date: Mon Apr 28 08:33:36 2008 Subject: After latest upgrade the entire mail system is screwed up Message-ID: <0e0901c8a902$0faffe40$e5b418ac@dell> Weird. This is by far not the first time I upgrade MS - there ware some minor glitches before, but never at this scale. Actually, my mail server is not working now. So what happened: I upgraded from 4.59 to latest stable 4.68.8-1 on CentOS (BlueQuartz), following strictly the upgrade guide from wiki, alone with making backups. Already at install time I mentioned that MS forces almost every installation. After the install, every mail is rejected with "Oversized email rejected" stating that "The content filters found this: Message is too large: 1700 bytes". I checked and re-checked everything I could trying to change this to bigger number or even disabling it - nada. So, I realesed that I have to reinstall Mailscanner completelly. EVEN AFTER clean install, it rejects messages with this or similar arguments. I assume it is a bug in current stable, could it be? Or, did I miss something? I checked every config related. Please your help! Best, -- Arthur Sherman +972-52-4878851 Skype ID: arthursherman GoogleTalk ID: arthur.sherman Computer Professionals Team From telecaadmin at gmail.com Mon Apr 28 09:05:23 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Apr 28 09:06:24 2008 Subject: [OT] Andrew Chester is out of the office. In-Reply-To: References: <20080427071935.7f77e4ca@scorpio> Message-ID: <48158543.7080706@gmail.com> > The oof deserves a forced unsubscription from the list, but the > unenforceable legalese raises that to a permanent ban level imo. > Allowing such nondisclosure statements on the list is too legally risky > and should be totally blocked. Not all of us have a choice; the are mailservers out the automatically appending such nonsense; there are bosses out there REQUIRING you to have that nonsense. What should the poor guy do? Julian usually does the right thing with those "offenders", so let him do it :-) From telecaadmin at gmail.com Mon Apr 28 09:10:30 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Apr 28 09:11:01 2008 Subject: mail passes through spamassassin and clamd but sticks in hold queue, never delivered to local mailbox In-Reply-To: <00f201c8a8c9$39759840$020aa8c0@desktop> References: <00f201c8a8c9$39759840$020aa8c0@desktop> Message-ID: <48158676.7080702@gmail.com> > Every test I can find on the web and in lists seems to pass however mail > just sits in hold queue undelivered for local recipients even though local > recipient checks pass in Postfix and MailScanner seems to run it through > clamd and spamassassin ending with a maillog notice of the message being > whitelisted. Local mailbox delivery never occurs. [...] > MailScanner[14410]: MailScanner E-Mail Virus Scanner version 4.68.8 > starting... > MailScanner[14410]: Read 819 hostnames from the phishing whitelist > MailScanner[14410]: Read 3832 hostnames from the phishing blacklist > MailScanner[14410]: Config: calling custom init function SQLBlacklist > MailScanner[14410]: Starting up SQL Blacklist > MailScanner[14410]: Read 0 blacklist entries > MailScanner[14410]: Config: calling custom init function MailWatchLogging > MailScanner[14410]: Started SQL Logging child > MailScanner[14410]: Config: calling custom init function SQLWhitelist > MailScanner[14410]: Starting up SQL Whitelist > MailScanner[14410]: Read 1 whitelist entries > MailScanner[14410]: SpamAssassin temporary working directory is > /var/spool/MailScanner/incoming/SpamAssassin-Temp > MailScanner[14410]: Using SpamAssassin results cache > MailScanner[14410]: Connected to SpamAssassin cache database > MailScanner[14410]: Enabling SpamAssassin auto-whitelist functionality... > MailScanner[14410]: Using locktype = flock > update.virus.scanners: Found clamav installed > update.virus.scanners: Running autoupdate for clamav > ClamAV-autoupdate[14470]: ClamAV did not need updating > update.virus.scanners: Found generic installed > update.virus.scanners: Running autoupdate for generic I don't see any processing entry in the maillog for any mail. MailScanner will also print some stuff when it processes a mail. What you've posted above is just the MailScanner startup chatting. Do a #> MailScanner --lint Also, did you set the following in MailScanner.conf (beware, you might have to adjust some directory acls if you just change it now!) Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Cheers, Ronny From glenn.steen at gmail.com Mon Apr 28 09:55:55 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Apr 28 09:56:30 2008 Subject: ****SPAM**** Re: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <200804280025.50756.mrebsamen@unimatrix0.ch> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <200804261204.17912.mrebsamen@unimatrix0.ch> <223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com> <200804280025.50756.mrebsamen@unimatrix0.ch> Message-ID: <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> 2008/4/28 Marco Rebsamen : > Am Sonntag, 27. April 2008 21:59:09 schrieb Glenn Steen: > > 2008/4/26 Marco Rebsamen : > > > Am Freitag, 25. April 2008 21:59:45 schrieb Mikael Syska: > > > > Hi > > > > > > > > On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen > > > > > > > > > > wrote: > > > > > Hi, > > > > > > > > > > I got some troubles on releasing mails from the quarantine. > > > > > I got a postfix Server on a SuSE 10.3 and followed the instructions > > > > > at > > > > > > > > > > > > > > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration > > > > >:mta: postfix:how_to:release_quarantined_mail&s=quarantine > > > > > > > > > > But it simply doesn't work... the message stays in the directory. I > > > > > where in the IRC channel because of this, but nobody could help > > > > > me... > > > > > > > > I've been on the channel the last 12 hours ... havent seen anything > > > > like that on the channel ... > > > > > > Well I havn't said that I was there within the last 12 hours... > > > > > > > The above description aint much of a help ... since there are many > > > > ways on that site to release a mail ... > > > > > > I got these 2 settings in my MailScanner config... > > > > > > Quarantine Whole Message = yes > > > Quarantine Whole Messages As Queue Files = yes > > > > > > and I followed the instructions of "Releasing mail from the quarantine - > > > queue files". And I got no subdirectories in /var/spool/postfix/incoming. > > > > > > I hope this helps..... > > > > A bit:-). > > Postfix is very particular about the ownership and mode... The file in > > the incoming directory (that you copy there) should be owned by your > > postfix user/group (usually "postfix":-) and be mode -rwx------ (chmod > > 0700 ...), so start by making sure of that. > > Also ... you might have something informative in the logs perhaps? > > Look in all logs, if you do logfile splitting (info, warning and error > > ...). > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Ok, I checked these permissions... they where right... > It looks like the problem is the file name of the queue file. They look like > that: > > 12FC0236A4.1B60B > > then i get this message in the logile: > > Apr 27 23:56:48 race-winner postfix/postsuper[25736]: warning: bogus file > name: incoming/12FC0236A4.1B60B > > and When i rename the file and remove the ".06E41" stuff the message gets > delivered.... > > Why do i have such crappy names ?? Well.... You *could* blame me, I guess:-). It's like this: - Postfix reuses queue file names. The chance of reuse happening is rather high (inode number and the millisecond is used to generate the name). - If you use MailWatch or another form of database logging, this queue ID reuse is unacceptable. - To overcome this, Jules (on my behest:-) add a bit of entropy at the end, after an easily identifiable relimiter (".";-). It's been like this for ages. We who use MailWatch need "store" as RFC822 messages (and keep the envelope info in the database anyway), so ... for us this is a non-issue... But one would think that the ones that "store" as queue files would've seen this before... and would amend the wiki page. Since you found this out, you can update it yourself... That's the whole point with a wiki;-). If you can, please check if this is general or if it is something that has been introduced in later versions of Postfix. I'm pretty sure that last I looked (oh so many versions ago:-), the info in the wiki was enough, more or less. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From spamtrap71892316634 at anime.net Mon Apr 28 10:23:41 2008 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Mon Apr 28 10:24:17 2008 Subject: [OT] Andrew Chester is out of the office. In-Reply-To: <48158543.7080706@gmail.com> References: <20080427071935.7f77e4ca@scorpio> <48158543.7080706@gmail.com> Message-ID: On Mon, 28 Apr 2008, Ronny T. Lampert wrote: >> The oof deserves a forced unsubscription from the list, but the >> unenforceable legalese raises that to a permanent ban level imo. >> Allowing such nondisclosure statements on the list is too legally risky and >> should be totally blocked. > Not all of us have a choice; the are mailservers out the automatically > appending such nonsense; there are bosses out there REQUIRING you to have > that nonsense. > What should the poor guy do? he should not be using a company account for the maillist. if your company is so paranoid about such things then they should not be using their accounts for public mailing lists. simple as that. most other lists ban such nonsense. -Dan From gerard at seibercom.net Mon Apr 28 11:05:50 2008 From: gerard at seibercom.net (Gerard) Date: Mon Apr 28 11:06:44 2008 Subject: [OT] Andrew Chester is out of the office. In-Reply-To: References: <20080427071935.7f77e4ca@scorpio> <48158543.7080706@gmail.com> Message-ID: <20080428060550.11a28faa@scorpio> On Mon, 28 Apr 2008 02:23:41 -0700 (PDT) Dan Hollis wrote: > On Mon, 28 Apr 2008, Ronny T. Lampert wrote: > >> The oof deserves a forced unsubscription from the list, but the > >> unenforceable legalese raises that to a permanent ban level imo. > >> Allowing such nondisclosure statements on the list is too legally > >> risky and should be totally blocked. > > Not all of us have a choice; the are mailservers out the > > automatically appending such nonsense; there are bosses out there > > REQUIRING you to have that nonsense. > > What should the poor guy do? > > he should not be using a company account for the maillist. if your > company is so paranoid about such things then they should not be > using their accounts for public mailing lists. simple as that. > > most other lists ban such nonsense. I had not thought of that myself. I wonder is his employer knows about his extra curricular activities. -- Gerard gerard@seibercom.net This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient of this transmission, please delete it immediately. Obviously, I am the idiot who sent it to you by mistake. Furthermore, there is no way I can force you to delete it. Worse, by the time you have reached this disclaimer you have all ready read the document. Telling you to forget it would seem absurd. In any event, I have no legal right to force you to take any action upon this email anyway. This entire disclaimer is just a waste of everyone's time and bandwidth. Therefore, let us just forget the whole thing and enjoy a cold beer instead. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/38e13b11/signature.bin From blaat0001 at gmail.com Mon Apr 28 11:23:35 2008 From: blaat0001 at gmail.com (BlaaT 0001) Date: Mon Apr 28 11:24:11 2008 Subject: watermark error? Message-ID: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> Hello all, I'm running MailScanner op OpenBSD 4.2 and are also experiencing problems with watermarking. If watermarking is enabled all NDR's are marked by MailScanner. This is what the logfile tells me: Apr 25 16:58:06 mailscanner MailScanner[12527]: Message 7732B11D828.0BC1B had bad watermark, added 10 to spam score The message: --------------------------------------------------------------------------------- Hi. This is the qmail-send program at XXXXXXXXXXXXX. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : 72.14.221.114 does not like recipient. Remote host said: 550-5.1.1 This Gmail user does not exist. Please try double-checking 550-5.1.1 the recipient's email address for typos or unnecessary spaces. 550-5.1.1 Learn more at 550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 e11si1731358fga.5 Giving up on 72.14.221.114. --- Below this line is a copy of the message. Return-Path: Received: (qmail 5217 invoked by uid 1008); 25 Apr 2008 14:57:58 -0000 Received: from unknown (HELO mailscanner.XXXXXXXXXXX) (10.2.10.186) by mailfilter.XXXXXXXXXXXXx with SMTP; 25 Apr 2008 14:57:58 -0000 Received: from exchange4.XXXXXXXXX (EXCHANGE4.XXXXXXXXX[10.2.10.115]) by mailscanner.XXXXXXXXXXX (Postfix) with ESMTP id 85BDA11D828 for ; Fri, 25 Apr 2008 16:57:56 +0200 (CEST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C8A6E4.BF2C43B0" X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: test watermarking zoveel 1657 Date: Fri, 25 Apr 2008 16:57:57 +0200 Message-ID: <9CF49383AB307A4C93AFD38E11EA9C7C013E85EA@EXCHANGE4.XXXXXXX> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: test watermarking zoveel 1657 Thread-Index: Acim5L3tRZgxC6guT7SkxjzYng0sSw== From: "xxxxxxx> To: X-XXF-WM: 1209740278.46334@2hvxVrBBccvMTvOqDPApVw X-MailScanner-ID: 85BDA11D828.E7A79 X-XXF: Clean ---------------------------------------------------- The watermark is added properly: X-XXF-WM: 1209740278.46334@2hvxVrBBccvMTvOqDPApVw The message does in fact have a valid watermark. If I send an email using telnet to an outside mailserver with my email address as the "MAIL FROM" address to receive a NDR without a valid watermark (without any watermark, the outgoing message has not been processed by MailScanner) the NDR is tagged in the same way and the same logfile entry appears. So MailScanner seems to be unable to detect a watermark at all. Whether or not a watermark is present in the NDR, the NDR is always dealt with as configured with the "Treat Invalid Watermarks With No Sender as Spam" action. These watermarking related settings are in my MailScanner.conf: Use Watermarking = no Add Watermark = %rules-dir%/add.watermark.rules Check Watermarks With No Sender = %rules-dir%/check.watermarks.with.no.sender.rules Treat Invalid Watermarks With No Sender as Spam = 10 Check Watermarks To Skip Spam Checks = no Watermark Secret = %org-name%-XXXXXX Watermark Lifetime = 604800 Watermark Header = X-%org-name%-WM: The rulesets make sure only outgoing emails are watermarked and only incoming emails are checked for watermarks. If I simply set these options to "yes" it makes no difference, the rulesets are not the problem. (Any email for a non-existent recipient in our organisation is bounced by Postfix, recipient verification. Hence MS does not process outgoing NDRs.) -bash-3.2# /opt/MailScanner/bin/MailScanner -v Running on OpenBSD mailscanner.XXXXXXX.XX 4.2 GENERIC#375 i386 This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.67.6 Module versions are: 1.00 AnyDBM_File 1.18 Archive::Zip 1.04 Carp 2.004 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.07 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.30 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.814 DB_File 1.12 DBD::SQLite 1.56 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 <<-- Needed for Watermarking 2.11 Digest::SHA1 missing Encode::Detect missing Error missing ExtUtils::CBuilder missing ExtUtils::ParseXS 2.36 Getopt::Long missing Inline 1.08 IO::String 1.04 IO::Zlib missing IP::Country missing Mail::ClamAV 3.002002 Mail::SpamAssassin missing Mail::SPF 1.999001 Mail::SPF::Query missing Module::Build 0.18 Net::CIDR::Lite 0.60 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP missing NetAddr::IP missing Parse::RecDescent missing SAVI 2.64 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.35 URI missing version missing YAML >Mikael Syska wrote: > >I'm also lost here ... and want to be sure its not BSD related, but >could be. Running FreeBSD 7.0 btw if there are other bsd users out >there with the same problem ... http://thread.gmane.org/gmane.mail.virus.mailscanner/63214/focus=63315 It seems to be a BSD issue. I can't test on a Linux machine though. Cheers. From noisex at apollo.lv Mon Apr 28 11:27:11 2008 From: noisex at apollo.lv (Noisex) Date: Mon Apr 28 11:28:02 2008 Subject: footer info Message-ID: <20ae01c8a91a$6b62cca0$422865e0$@lv> Hello! Is it possible to modify the footer of e-mail sended/recieved by MailScanner? I'm talking about this one: "This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean" This one is attached to every e-mail. p.s I couldn't find the answer in Wiki L Noisex -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/65aeb185/attachment-0001.html From raymond at prolocation.net Mon Apr 28 11:54:44 2008 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Apr 28 11:55:39 2008 Subject: footer info In-Reply-To: <20ae01c8a91a$6b62cca0$422865e0$@lv> References: <20ae01c8a91a$6b62cca0$422865e0$@lv> Message-ID: Hi! > I'm talking about this one: "This message has been scanned for viruses and > dangerous content by MailScanner , and is > believed to be clean" > > This one is attached to every e-mail. > > p.s I couldn't find the answer in Wiki L Have a look inside your configurations =) Check reports/en (most likely) Bye, Raymond. From martinh at solidstatelogic.com Mon Apr 28 11:59:32 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Apr 28 12:00:32 2008 Subject: footer info In-Reply-To: <20ae01c8a91a$6b62cca0$422865e0$@lv> Message-ID: <8c0cf3ce603bd34591e00384e1504aff@solidstatelogic.com> Sure Edit the reports/en/signature.txt and .html Or tell MailScanner to use a different file from within MailScanner.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Noisex > Sent: 28 April 2008 11:27 > To: mailscanner@lists.mailscanner.info > Subject: footer info > > Hello! > > Is it possible to modify the footer of e-mail > sended/recieved by MailScanner? > > > > I'm talking about this one: "This message has been scanned for viruses and > dangerous content by MailScanner , and is > believed to be clean" > > > > This one is attached to every e-mail. > > > > p.s I couldn't find the answer in Wiki L > > > > Noisex ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Apr 28 12:04:55 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 28 12:05:53 2008 Subject: footer info In-Reply-To: <20ae01c8a91a$6b62cca0$422865e0$@lv> References: <20ae01c8a91a$6b62cca0$422865e0$@lv> Message-ID: <4815AF57.5030306@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Take a look in /etc/MailScanner/reports/en/*sig* files. Noisex wrote: > > Hello! > > Is it possible to modify the footer of e-mail sended/recieved by > MailScanner? > > I?m talking about this one: ?*This message has been scanned for > viruses and dangerous content by MailScanner > , and is believed to be clean*? > > This one is attached to every e-mail. > > p.s I couldn?t find the answer in Wiki L > > Noisex > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: windows-1252 wj8DBQFIFa9gEfZZRxQVtlQRAsc+AJ4uqzqxOYuwIWmRzTMvWk08YFw1kACg2hkm kV3iBNGJtR1vlPMuVRxgyYo= =9ykn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From satya at fsl.com Mon Apr 28 12:15:56 2008 From: satya at fsl.com (SatyaDev Sharma (FSL)) Date: Mon Apr 28 12:16:30 2008 Subject: footer info In-Reply-To: <20ae01c8a91a$6b62cca0$422865e0$@lv> References: <20ae01c8a91a$6b62cca0$422865e0$@lv> Message-ID: <8d5fd62c0804280415m9a11edbg43f8afe7186de55f@mail.gmail.com> Please Check reports section /etc/MailScanner/reports/en/ .... You can modify, inline.sig.txt and inline.sig.html Regards ~Satya On Mon, Apr 28, 2008 at 3:57 PM, Noisex wrote: > Hello! > > Is it possible to modify the footer of e-mail > sended/recieved by MailScanner? > > > > I'm talking about this one: ?*This message has been scanned for viruses > and dangerous content by MailScanner , and > is believed to be clean*" > > > > This one is attached to every e-mail. > > > > p.s I couldn't find the answer in Wiki L > > > > Noisex > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- SatyaDev Sharma. Fort System Ltd. Bangalore - INDIA -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/426e8059/attachment.html From kevin.murphy at midland-ics.ie Mon Apr 28 13:08:26 2008 From: kevin.murphy at midland-ics.ie (Kevin Murphy) Date: Mon Apr 28 13:21:03 2008 Subject: footer info In-Reply-To: References: <20ae01c8a91a$6b62cca0$422865e0$@lv> Message-ID: <00c301c8a928$90b4e7a0$b21eb6e0$@murphy@midland-ics.ie> Hi I think it's the inline HTML and Text Signature settings , found in the MS Config file. I Point these to a ruleset as I have different footers for differet domains. Regards -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Raymond Dijkxhoorn Sent: 28 April 2008 11:55 To: MailScanner discussion Subject: Re: footer info Hi! > I'm talking about this one: "This message has been scanned for viruses and > dangerous content by MailScanner , and is > believed to be clean" > > This one is attached to every e-mail. > > p.s I couldn't find the answer in Wiki L Have a look inside your configurations =) Check reports/en (most likely) Bye, Raymond. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __________ Information from ESET NOD32 Antivirus, version of virus signature database 3059 (20080428) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. From drtaber at northcarolina.edu Mon Apr 28 14:05:03 2008 From: drtaber at northcarolina.edu (Douglas R Taber) Date: Mon Apr 28 14:06:08 2008 Subject: [OT] Andrew Chester is out of the office. In-Reply-To: <20080428060550.11a28faa@scorpio> References: <20080427071935.7f77e4ca@scorpio> <48158543.7080706@gmail.com> <20080428060550.11a28faa@scorpio> Message-ID: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E199@mail-gahub.ad.northcarolina.edu> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gerard > Sent: Monday, April 28, 2008 6:06 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: [OT] Andrew Chester is out of the office. > > On Mon, 28 Apr 2008 02:23:41 -0700 (PDT) Dan Hollis > wrote: > > > On Mon, 28 Apr 2008, Ronny T. Lampert wrote: > > >> The oof deserves a forced unsubscription from the list, but the > > >> unenforceable legalese raises that to a permanent ban level imo. > > >> Allowing such nondisclosure statements on the list is too legally > > >> risky and should be totally blocked. > > > Not all of us have a choice; the are mailservers out the > > > automatically appending such nonsense; there are bosses out there > > > REQUIRING you to have that nonsense. > > > What should the poor guy do? > > > > he should not be using a company account for the maillist. if your > > company is so paranoid about such things then they should not be > using > > their accounts for public mailing lists. simple as that. > > > > most other lists ban such nonsense. > > I had not thought of that myself. I wonder is his employer knows about > his extra curricular activities. > > -- > Gerard > gerard@seibercom.net > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to which they > are addressed. If you are not the intended recipient of this > transmission, please delete it immediately. > > Obviously, I am the idiot who sent it to you by mistake. Furthermore, > there is no way I can force you to delete it. Worse, by the time you > have reached this disclaimer you have all ready read the document. > Telling you to forget it would seem absurd. In any event, I have no > legal right to force you to take any action upon this email anyway. > > This entire disclaimer is just a waste of everyone's time and > bandwidth. Therefore, let us just forget the whole thing and enjoy a > cold beer instead. We all know that mailing lists are just a gateway activity to harder things like forums and google. From peter at farrows.org Mon Apr 28 14:12:59 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Apr 28 14:13:59 2008 Subject: [OT] Andrew Chester is out of the office. In-Reply-To: <20080428060550.11a28faa@scorpio> References: <20080427071935.7f77e4ca@scorpio> <48158543.7080706@gmail.com> <20080428060550.11a28faa@scorpio> Message-ID: <4815CD5B.20208@farrows.org> Gerard wrote: > On Mon, 28 Apr 2008 02:23:41 -0700 (PDT) > Dan Hollis wrote: > > >> On Mon, 28 Apr 2008, Ronny T. Lampert wrote: >> >>>> The oof deserves a forced unsubscription from the list, but the >>>> unenforceable legalese raises that to a permanent ban level imo. >>>> Allowing such nondisclosure statements on the list is too legally >>>> risky and should be totally blocked. >>>> >>> Not all of us have a choice; the are mailservers out the >>> automatically appending such nonsense; there are bosses out there >>> REQUIRING you to have that nonsense. >>> What should the poor guy do? >>> >> he should not be using a company account for the maillist. if your >> company is so paranoid about such things then they should not be >> using their accounts for public mailing lists. simple as that. >> >> most other lists ban such nonsense. >> > > I had not thought of that myself. I wonder is his employer knows about > his extra curricular activities. > > Being so perfect must consume vast amounts of your time. So what, the guy sent an out of office reply to a mailing list, the moderator should remove him temporarily from the list and everyone else should move on. Its no big deal, there is nothing to see here, move on...its like being witness to a bunch of old dears and the launderette gossiping about a neighbour, I didn't realise we had so many curtain twitchers on the list. P. -- This message has been scanned for viruses and dangerous content by the Inexcom system Scanner, and is believed to be clean. Advanced heuristic mail scanning server [-]. http://www.inexcom.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/5e634b61/attachment.html From mkettler at evi-inc.com Mon Apr 28 15:14:08 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Apr 28 15:14:59 2008 Subject: Undelivered Messages Solution? In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9302F9BE@exchange.computerrents.com> References: <480E1285.1050902@tippingmar.com><48124A74.40603@tippingmar.com> <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> <48127C4A.2090303@tippingmar.com><6beca9db0804260413w31a2e1aep7f9931bbb5e0295d@mail.gmail.com> <481326CB.20004@vanderkooij.org> <3B1A431BDA34C54581BE43253BC1BD9302F9BE@exchange.computerrents.com> Message-ID: <4815DBB0.7040102@evi-inc.com> Mohammed Alli wrote: > For everyone that's having the 'Undelivered Mail Returned to Sender' messages. I think postgrey would be the solution. Let me know what you guys think. > Greylisting won't help with bounce messages coming in to your network. Greylisting is only effective against systems that don't retry delivery. Any system that's smart enough to generate a bounce, is almost certainly smart enough to properly queue and retry mail. From gugafer51 at gmail.com Mon Apr 28 15:39:00 2008 From: gugafer51 at gmail.com (Gustavo FC) Date: Mon Apr 28 15:39:33 2008 Subject: Notifications. Message-ID: <73e0f9580804280739k1b33ad52x5a7c9ffd99254836@mail.gmail.com> How can I stop user from receiving any kind of notification? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/2afc45cd/attachment.html From lists at gmnet.net Mon Apr 28 17:31:20 2008 From: lists at gmnet.net (Rick Bragg) Date: Mon Apr 28 17:34:36 2008 Subject: Ubuntu - sendmail problem Message-ID: <1209400280.7233.20.camel@isis> I am new to Ubuntu, but I just installed a server with the latest version and I am having a bit of trouble getting MailScanner to work with sendmail. I followed this page for direction: http://www.mailscanner.info/sendmail.html I set up a mqueue.in directory next to mqueue but I'm not sure if I need to edit the init script for sendmail. I could not find this in my sendmail init script: sendmail -bd I'm not sure how I should start things. In the past, I would just fire up only MailScanner. MailScanner would then take care of starting sendmail. But now, it seems that sendmail does not get started. I tried killing sendmail with /etc/init.d/sendmail stop, then firing up MailScanner with /etc/init.d/mailscanner start. and it seems fine. My mail.log says: MailScanner E-Mail Virus Scanner version 4.58.9 starting... MailScanner[18722]: Read 764 hostnames from the phishing whitelist MailScanner[18722]: Using SpamAssassin results cache MailScanner[18722]: Connected to SpamAssassin cache database MailScanner[18722]: Enabling SpamAssassin auto-whitelist functionality... MailScanner[18722]: I have found clamav scanners installed, and will use them all by default. MailScanner[18722]: ClamAV scanner using unrar command /usr/bin/unrar MailScanner[18722]: Using locktype = posix MailScanner[18722]: Creating hardcoded struct_flock subroutine for linux (Linux-type) However, sendmail is not fired up at all. When I send an email through the system, I get this in my mail.log sm-msp-queue[18676]: m3SF8nol017674: to=info@gmnet.net, ctladdr=rbragg (1000/1000), delay=00:51:12, xdelay=00:00:00, mailer=relay, pri=300058, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] Obviously, because sendmail is not running! My question is: How should I set up my startup scripts to start MailScanner? and should I be starting up sendmail separately? or should I only start MailScanner? Thanks Rick From jpitoniak at cybervzhn.com Mon Apr 28 17:47:42 2008 From: jpitoniak at cybervzhn.com (Jeff Pitoniak) Date: Mon Apr 28 17:48:26 2008 Subject: mail passes through spamassassin and clamd but sticks in hold queue, never delivered to local mailbox Message-ID: <011401c8a94f$94a08f00$020aa8c0@desktop> > I don't see any processing entry in the maillog for any mail. > MailScanner will also print some stuff when it processes a mail. What > you've posted above is just the MailScanner startup chatting. > > Do a > > #> MailScanner --lint > > > Also, did you set the following in MailScanner.conf (beware, you might > have to adjust some directory acls if you just change it now!) > > Run As User = postfix > Run As Group = postfix > Incoming Queue Dir = /var/spool/postfix/hold > Outgoing Queue Dir = /var/spool/postfix/incoming > MTA = postfix > > Cheers, > Ronny I removed the header_check and reconfigured postfix to deliver to the incoming queue temporarily to make sure the core postfix/dovecot/squirrelmail config is working, which it is in (Maildir config). I changed the config back to answer your question. MailScanner.conf is setup like you listed above. The only deviation from several of the howtos I read is that I am using a clamav-server which allows separate instances with their own config and socket. I also have MailWatch installed (thus the apache group on the hold queue). acls are as follows: drwx------ 2 postfix root 4096 Apr 28 11:10 active drwx------ 2 postfix root 4096 Apr 25 01:09 bounce drwx------ 2 postfix root 4096 Sep 1 2006 corrupt drwx------ 16 postfix root 4096 Apr 28 03:55 defer drwx------ 16 postfix root 4096 Apr 28 03:55 deferred drwxr-xr-x 2 root root 4096 Apr 26 04:56 etc drwx------ 2 postfix root 4096 Apr 28 00:30 flush drwxr-x--- 2 postfix apache 4096 Apr 28 00:32 hold drwx------ 2 postfix root 4096 Apr 28 11:10 incoming drwx-wx--- 2 postfix postdrop 4096 Apr 28 11:10 maildrop drwxr-xr-x 2 root root 4096 Apr 28 00:30 pid drwx------ 2 postfix root 4096 Apr 28 10:51 private drwx--x--- 2 postfix postdrop 4096 Apr 28 10:51 public drwx------ 2 postfix root 4096 Sep 1 2006 saved drwx------ 2 postfix root 4096 Sep 1 2006 trace # /usr/sbin/MailScanner --lint Trying to setlogsock(unix) Read 819 hostnames from the phishing whitelist Read 3772 hostnames from the phishing blacklist Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 0 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 1 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.68.8) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database pyzor: check failed: internal error SpamAssassin reported no errors. Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== Virus and Content Scanning: Starting ProcessClamAVModOutput Clamd ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com ProcessClamAVModOutput Clamd ClamAVModule::INFECTED:: Eicar-Test-Signature FOUND :: ./1/ Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses Filename Checks: (1 eicar.com) Other Checks: Found 1 problems =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. And finally, here's the debug level maillog of the mail not going anywhere. I replaced the server hostname with "the" or "the.server.com", the IP address with "10.10.10.10", the actual From address with from@server.com or "from", and the actual To address with "to" or "to@server.com" in the log entries to protect the innocent. Apr 28 12:09:47 the postfix/smtpd[31921]: connect from localhost.localdomain[127.0.0.1] Apr 28 12:09:47 the postfix/smtpd[31921]: match_hostname: localhost.localdomain ~? 127.0.0.0/8 Apr 28 12:09:47 the postfix/smtpd[31921]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8 Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 220 the.server.com ESMTP Postfix Apr 28 12:09:47 the postfix/smtpd[31921]: watchdog_pat: 0x55556a2fe500 Apr 28 12:09:47 the postfix/smtpd[31921]: < localhost.localdomain[127.0.0.1]: EHLO 10.10.10.10 Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-the.server.com Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-PIPELINING Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-SIZE 10240000 Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-VRFY Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-ETRN Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-STARTTLS Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-AUTH LOGIN PLAIN Apr 28 12:09:47 the postfix/smtpd[31921]: match_list_match: localhost.localdomain: no match Apr 28 12:09:47 the postfix/smtpd[31921]: match_list_match: 127.0.0.1: no match Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-AUTH=LOGIN PLAIN Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-ENHANCEDSTATUSCODES Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250-8BITMIME Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250 DSN Apr 28 12:09:47 the postfix/smtpd[31921]: watchdog_pat: 0x55556a2fe500 Apr 28 12:09:47 the postfix/smtpd[31921]: < localhost.localdomain[127.0.0.1]: MAIL FROM: Apr 28 12:09:47 the postfix/smtpd[31921]: extract_addr: input: Apr 28 12:09:47 the postfix/smtpd[31921]: smtpd_check_addr: addr=from@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: connect to subsystem private/rewrite Apr 28 12:09:47 the postfix/smtpd[31921]: send attr request = rewrite Apr 28 12:09:47 the postfix/smtpd[31921]: send attr rule = local Apr 28 12:09:47 the postfix/smtpd[31921]: send attr address = from@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 0 Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: address Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: address Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: from@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: rewrite_clnt: local: from@server.com -> from@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: send attr request = resolve Apr 28 12:09:47 the postfix/smtpd[31921]: send attr sender = Apr 28 12:09:47 the postfix/smtpd[31921]: send attr address = from@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 0 Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: transport Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: transport Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: local Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: nexthop Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: nexthop Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: the.server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: recipient Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: recipient Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: from@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 256 Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: resolve_clnt: `' -> `from@server.com' -> transp=`local' host=`the.server.com' rcpt=`from@server.com' flags= class=local Apr 28 12:09:47 the postfix/smtpd[31921]: ctable_locate: install entry key from@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: extract_addr: in: , result: from@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: fsspace: .: block size 4096, blocks free 7615541 Apr 28 12:09:47 the postfix/smtpd[31921]: smtpd_check_queue: blocks 4096 avail 7615541 min_free 0 msg_size_limit 10240000 Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250 2.1.0 Ok Apr 28 12:09:47 the postfix/smtpd[31921]: watchdog_pat: 0x55556a2fe500 Apr 28 12:09:47 the postfix/smtpd[31921]: < localhost.localdomain[127.0.0.1]: RCPT TO: Apr 28 12:09:47 the postfix/smtpd[31921]: extract_addr: input: Apr 28 12:09:47 the postfix/smtpd[31921]: smtpd_check_addr: addr=to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: send attr request = rewrite Apr 28 12:09:47 the postfix/smtpd[31921]: send attr rule = local Apr 28 12:09:47 the postfix/smtpd[31921]: send attr address = to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 0 Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: address Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: address Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: rewrite_clnt: local: to@server.com -> to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: send attr request = resolve Apr 28 12:09:47 the postfix/smtpd[31921]: send attr sender = Apr 28 12:09:47 the postfix/smtpd[31921]: send attr address = to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 0 Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: transport Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: transport Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: local Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: nexthop Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: nexthop Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: the.server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: recipient Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: recipient Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 256 Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: resolve_clnt: `' -> `to@server.com' -> transp=`local' host=`the.server.com' rcpt=`to@server.com' flags= class=local Apr 28 12:09:47 the postfix/smtpd[31921]: ctable_locate: install entry key to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: extract_addr: in: , result: to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: send attr request = rewrite Apr 28 12:09:47 the postfix/smtpd[31921]: send attr rule = local Apr 28 12:09:47 the postfix/smtpd[31921]: send attr address = postmaster Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: flags Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 0 Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: address Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: address Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: postmaster@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/rewrite socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: rewrite_clnt: local: postmaster -> postmaster@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: >>> START Recipient address RESTRICTIONS <<< Apr 28 12:09:47 the postfix/smtpd[31921]: generic_checks: name=permit_sasl_authenticated Apr 28 12:09:47 the postfix/smtpd[31921]: generic_checks: name=permit_sasl_authenticated status=0 Apr 28 12:09:47 the postfix/smtpd[31921]: generic_checks: name=permit_mynetworks Apr 28 12:09:47 the postfix/smtpd[31921]: permit_mynetworks: localhost.localdomain 127.0.0.1 Apr 28 12:09:47 the postfix/smtpd[31921]: match_hostname: localhost.localdomain ~? 127.0.0.0/8 Apr 28 12:09:47 the postfix/smtpd[31921]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8 Apr 28 12:09:47 the postfix/smtpd[31921]: generic_checks: name=permit_mynetworks status=1 Apr 28 12:09:47 the postfix/smtpd[31921]: >>> CHECKING RECIPIENT MAPS <<< Apr 28 12:09:47 the postfix/smtpd[31921]: ctable_locate: leave existing entry key to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: recipient_canonical_maps: to@server.com: not found Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: recipient_canonical_maps: support: not found Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: recipient_canonical_maps: @server.com: not found Apr 28 12:09:47 the postfix/smtpd[31921]: mail_addr_find: to@server.com -> (not found) Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: canonical_maps: to@server.com: not found Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: canonical_maps: to: not found Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: canonical_maps: @server.com: not found Apr 28 12:09:47 the postfix/smtpd[31921]: mail_addr_find: to@server.com -> (not found) Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: virtual_alias_maps: to@server.com: not found Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: virtual_alias_maps: to: not found Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: virtual_alias_maps: @server.com: not found Apr 28 12:09:47 the postfix/smtpd[31921]: mail_addr_find: to@server.com -> (not found) Apr 28 12:09:47 the postfix/smtpd[31921]: send attr request = lookup Apr 28 12:09:47 the postfix/smtpd[31921]: send attr table = unix:passwd.byname Apr 28 12:09:47 the postfix/smtpd[31921]: send attr flags = 16448 Apr 28 12:09:47 the postfix/smtpd[31921]: send attr key = to@server.com Apr 28 12:09:47 the postfix/smtpd[31921]: private/proxymap socket: wanted attribute: status Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: status Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 1 Apr 28 12:09:47 the postfix/smtpd[31921]: private/proxymap socket: wanted attribute: value Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: value Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: private/proxymap socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: dict_proxy_lookup: table=unix:passwd.byname flags=lock|fold_fix key=to@server.com -> status=1 result= Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: local_recipient_maps: to@server.com: not found Apr 28 12:09:47 the postfix/smtpd[31921]: send attr request = lookup Apr 28 12:09:47 the postfix/smtpd[31921]: send attr table = unix:passwd.byname Apr 28 12:09:47 the postfix/smtpd[31921]: send attr flags = 16448 Apr 28 12:09:47 the postfix/smtpd[31921]: send attr key = to Apr 28 12:09:47 the postfix/smtpd[31921]: private/proxymap socket: wanted attribute: status Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: status Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 0 Apr 28 12:09:47 the postfix/smtpd[31921]: private/proxymap socket: wanted attribute: value Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: value Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: to:x:501:501:Technical Support:/home/to:/bin/sh Apr 28 12:09:47 the postfix/smtpd[31921]: private/proxymap socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: dict_proxy_lookup: table=unix:passwd.byname flags=lock|fold_fix key=support -> status=0 result=to:x:501:501:Technical Support:/home/to:/bin/sh Apr 28 12:09:47 the postfix/smtpd[31921]: maps_find: local_recipient_maps: proxy:unix:passwd.byname(0,lock|fold_fix): to = to:x:501:501:Technical Support:/home/to:/bin/sh Apr 28 12:09:47 the postfix/smtpd[31921]: mail_addr_find: to@server.com -> to:x:501:501:Technical Support:/home/to:/bin/sh Apr 28 12:09:47 the postfix/smtpd[31921]: smtpd_check_rewrite: trying: permit_inet_interfaces Apr 28 12:09:47 the postfix/smtpd[31921]: permit_inet_interfaces: localhost.localdomain 127.0.0.1 Apr 28 12:09:47 the postfix/smtpd[31921]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping enable_milters Apr 28 12:09:47 the postfix/smtpd[31921]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping Apr 28 12:09:47 the postfix/smtpd[31921]: connect to subsystem public/cleanup Apr 28 12:09:47 the postfix/smtpd[31921]: public/cleanup socket: wanted attribute: queue_id Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: queue_id Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 87F07B807F Apr 28 12:09:47 the postfix/smtpd[31921]: public/cleanup socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: send attr flags = 50 Apr 28 12:09:47 the postfix/smtpd[31921]: 87F07B807F: client=localhost.localdomain[127.0.0.1] Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250 2.1.5 Ok Apr 28 12:09:47 the postfix/smtpd[31921]: watchdog_pat: 0x55556a2fe500 Apr 28 12:09:47 the postfix/smtpd[31921]: < localhost.localdomain[127.0.0.1]: DATA Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 354 End data with . Apr 28 12:09:47 the postfix/smtpd[31921]: public/cleanup socket: wanted attribute: status Apr 28 12:09:47 the postfix/cleanup[31925]: 87F07B807F: hold: header Received: from 10.10.10.10 (localhost.localdomain [127.0.0.1])??by the.server.com (Postfix) with ESMTP id 87F07B807F??for ; Mon, 28 Apr 2008 12:09:47 -0400 (EDT) from localhost.localdomain[127.0.0.1]; from= to= proto=ESMTP helo=<10.10.10.10> Apr 28 12:09:47 the postfix/cleanup[31925]: 87F07B807F: message-id=<4398.192.168.10.2.1209398987.squirrel@10.10.10.10> Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: status Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: 0 Apr 28 12:09:47 the postfix/smtpd[31921]: public/cleanup socket: wanted attribute: reason Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: reason Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute value: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: public/cleanup socket: wanted attribute: (list terminator) Apr 28 12:09:47 the postfix/smtpd[31921]: input attribute name: (end) Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 250 2.0.0 Ok: queued as 87F07B807F Apr 28 12:09:47 the postfix/smtpd[31921]: watchdog_pat: 0x55556a2fe500 Apr 28 12:09:47 the postfix/smtpd[31921]: < localhost.localdomain[127.0.0.1]: QUIT Apr 28 12:09:47 the postfix/smtpd[31921]: > localhost.localdomain[127.0.0.1]: 221 2.0.0 Bye Apr 28 12:09:47 the postfix/smtpd[31921]: match_hostname: localhost.localdomain ~? 127.0.0.0/8 Apr 28 12:09:47 the postfix/smtpd[31921]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8 Apr 28 12:09:47 the postfix/smtpd[31921]: disconnect from localhost.localdomain[127.0.0.1] Apr 28 12:09:48 the MailScanner[31848]: New Batch: Scanning 1 messages, 1356 bytes Apr 28 12:09:48 the MailScanner[31848]: Spam Checks: Starting Apr 28 12:09:48 the MailScanner[31848]: Message 87F07B807F.1D84D from 127.0.0.1 (from@server.com) is whitelisted Apr 28 12:10:50 the update.virus.scanners: Delaying cron job up to 600 seconds From MailScanner at ecs.soton.ac.uk Mon Apr 28 18:18:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 28 18:19:09 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <1209400280.7233.20.camel@isis> References: <1209400280.7233.20.camel@isis> Message-ID: <481606CB.3050907@ecs.soton.ac.uk> Your best method for getting MailScanner working on Ubuntu is probably to use the Debian package, which should just drop in and run. Doing this will save you an awful lot of grief. I'm new to Ubuntu as well, so I don't know how to install the Debian package, hopefully someone else here can enlighten both of us on this subject? Someone? Rick Bragg wrote: > I am new to Ubuntu, but I just installed a server with the latest > version and I am having a bit of trouble getting MailScanner to work > with sendmail. > > I followed this page for direction: > http://www.mailscanner.info/sendmail.html > > I set up a mqueue.in directory next to mqueue but I'm not sure if I need > to edit the init script for sendmail. I could not find this in my > sendmail init script: > > sendmail -bd > > I'm not sure how I should start things. In the past, I would just fire > up only MailScanner. MailScanner would then take care of starting > sendmail. But now, it seems that sendmail does not get started. > > I tried killing sendmail with /etc/init.d/sendmail stop, then firing up > MailScanner with /etc/init.d/mailscanner start. and it seems fine. My > mail.log says: > > MailScanner E-Mail Virus Scanner version 4.58.9 starting... > MailScanner[18722]: Read 764 hostnames from the phishing whitelist > MailScanner[18722]: Using SpamAssassin results cache > MailScanner[18722]: Connected to SpamAssassin cache database > MailScanner[18722]: Enabling SpamAssassin auto-whitelist functionality... > MailScanner[18722]: I have found clamav scanners installed, and will use them all by default. > MailScanner[18722]: ClamAV scanner using unrar command /usr/bin/unrar > MailScanner[18722]: Using locktype = posix > MailScanner[18722]: Creating hardcoded struct_flock subroutine for linux (Linux-type) > > However, sendmail is not fired up at all. > When I send an email through the system, I get this in my mail.log > > sm-msp-queue[18676]: m3SF8nol017674: to=info@gmnet.net, ctladdr=rbragg (1000/1000), delay=00:51:12, xdelay=00:00:00, mailer=relay, pri=300058, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] > > Obviously, because sendmail is not running! > > My question is: How should I set up my startup scripts to start > MailScanner? and should I be starting up sendmail separately? or should > I only start MailScanner? > > Thanks > Rick > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Mon Apr 28 18:29:59 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Mon Apr 28 18:29:34 2008 Subject: [OT] Andrew Chester is out of the office. In-Reply-To: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E199@mail-gahub.ad.northcarolina.edu> References: <20080427071935.7f77e4ca@scorpio><48158543.7080706@gmail.com><20080428060550.11a28faa@scorpio> <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E199@mail-gahub.ad.northcarolina.edu> Message-ID: Douglas R Taber wrote: > We all know that mailing lists are just a gateway activity to harder > things like forums and google. Hey, I'm not hooked. I can quit anytime I want to. I just don't want to... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Denis.Beauchemin at USherbrooke.ca Mon Apr 28 18:42:15 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Apr 28 18:43:23 2008 Subject: ClamAV 0.93 released In-Reply-To: <1208464860.2962.75.camel@morticia.pert.com.ar> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk> <1208464860.2962.75.camel@morticia.pert.com.ar> Message-ID: <48160C77.5070602@USherbrooke.ca> Leonardo Helman a ?crit : > Hi I'm using clamavmodule > > > I've made a patch for the Mail::ClamAV to compile (later I'll send it > to the Mail::ClamAV mantainer) > Hello, Anything new on the official Mail::ClamAV module? I just looked and version 0.21 still supports maxratio which have been removed from Clam 0.93... Since there are known exploits for 0.92 I am beginning to feel the urge to upgrade to 0.93... Thanks! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From mrebsamen at unimatrix0.ch Mon Apr 28 18:58:23 2008 From: mrebsamen at unimatrix0.ch (Marco Rebsamen) Date: Mon Apr 28 18:59:01 2008 Subject: ****SPAM**** Re: ****SPAM**** Re: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <200804280025.50756.mrebsamen@unimatrix0.ch> <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> Message-ID: <200804281958.23685.mrebsamen@unimatrix0.ch> Am Montag, 28. April 2008 10:55:55 schrieb Glenn Steen: > 2008/4/28 Marco Rebsamen : > > Am Sonntag, 27. April 2008 21:59:09 schrieb Glenn Steen: > > > 2008/4/26 Marco Rebsamen : > > > > Am Freitag, 25. April 2008 21:59:45 schrieb Mikael Syska: > > > > > Hi > > > > > > > > > > On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen > > > > > > > > > > > > > wrote: > > > > > > Hi, > > > > > > > > > > > > I got some troubles on releasing mails from the quarantine. > > > > > > I got a postfix Server on a SuSE 10.3 and followed the > > > > > > instructions at > > > > > > > > > > > > > > > > > > http://wiki.mailscanner.info/doku.php?id=documentation:configur > > > > > >ation > > > > > > > > > > > >:mta: postfix:how_to:release_quarantined_mail&s=quarantine > > > > > > > > > > > > But it simply doesn't work... the message stays in the > > > > > > directory. I where in the IRC channel because of this, but > > > > > > nobody could help me... > > > > > > > > > > I've been on the channel the last 12 hours ... havent seen > > > > > anything like that on the channel ... > > > > > > > > Well I havn't said that I was there within the last 12 hours... > > > > > > > > > The above description aint much of a help ... since there are > > > > > many ways on that site to release a mail ... > > > > > > > > I got these 2 settings in my MailScanner config... > > > > > > > > Quarantine Whole Message = yes > > > > Quarantine Whole Messages As Queue Files = yes > > > > > > > > and I followed the instructions of "Releasing mail from the > > > > quarantine - queue files". And I got no subdirectories in > > > > /var/spool/postfix/incoming. > > > > > > > > I hope this helps..... > > > > > > A bit:-). > > > Postfix is very particular about the ownership and mode... The file in > > > the incoming directory (that you copy there) should be owned by your > > > postfix user/group (usually "postfix":-) and be mode -rwx------ (chmod > > > 0700 ...), so start by making sure of that. > > > Also ... you might have something informative in the logs perhaps? > > > Look in all logs, if you do logfile splitting (info, warning and error > > > ...). > > > > > > Cheers > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > Ok, I checked these permissions... they where right... > > It looks like the problem is the file name of the queue file. They look > > like that: > > > > 12FC0236A4.1B60B > > > > then i get this message in the logile: > > > > Apr 27 23:56:48 race-winner postfix/postsuper[25736]: warning: bogus > > file name: incoming/12FC0236A4.1B60B > > > > and When i rename the file and remove the ".06E41" stuff the message > > gets delivered.... > > > > Why do i have such crappy names ?? > > Well.... You *could* blame me, I guess:-). > It's like this: > - Postfix reuses queue file names. The chance of reuse happening is > rather high (inode number and the millisecond is used to generate the > name). > - If you use MailWatch or another form of database logging, this queue > ID reuse is unacceptable. > - To overcome this, Jules (on my behest:-) add a bit of entropy at the > end, after an easily identifiable relimiter (".";-). > > It's been like this for ages. > We who use MailWatch need "store" as RFC822 messages (and keep the > envelope info in the database anyway), so ... for us this is a > non-issue... But one would think that the ones that "store" as queue > files would've seen this before... and would amend the wiki page. > Since you found this out, you can update it yourself... That's the > whole point with a wiki;-). > If you can, please check if this is general or if it is something that > has been introduced in later versions of Postfix. I'm pretty sure that > last I looked (oh so many versions ago:-), the info in the wiki was > enough, more or less. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Ok... Did I got that right... The Nameing of the file is made by MailScanner and is the result of..... a difficult postfix behavior ? And my method of releasing the file is correct and the only one that works for my settings ? From krgehlba at lexairinc.com Mon Apr 28 19:00:04 2008 From: krgehlba at lexairinc.com (Renee Gehlbach) Date: Mon Apr 28 19:00:45 2008 Subject: MCP and FreeBSD Message-ID: <481610A4.3050101@lexairinc.com> Hello, I had emailed earlier about MCP problems. I have finally found the issue: SpamAssassin expected to find a .pre file in /usr/local/etc/MailScanner/mcp and there was not one. Thus SpamAssassin was bombing after reading in the files with the MCP rules but before actually running the MCP checks. I copied v320.pre into this directory, and MCP was happy again. So now I have two questions: 1) is MCP supposed to be looking for this file here? 2) if so, will future versions of the FreeBSD port be putting this file here? if not, will future versions of the port look for this file in the correct place? Simply put, do I need to maintain this file myself whenever I update, or will the port be handling this correctly in the future? Thanks, Renee -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mrebsamen at unimatrix0.ch Mon Apr 28 18:58:23 2008 From: mrebsamen at unimatrix0.ch (Marco Rebsamen) Date: Mon Apr 28 19:01:35 2008 Subject: ****SPAM**** Re: ****SPAM**** Re: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <200804280025.50756.mrebsamen@unimatrix0.ch> <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> Message-ID: <200804281958.23685.mrebsamen@unimatrix0.ch> Am Montag, 28. April 2008 10:55:55 schrieb Glenn Steen: > 2008/4/28 Marco Rebsamen : > > Am Sonntag, 27. April 2008 21:59:09 schrieb Glenn Steen: > > > 2008/4/26 Marco Rebsamen : > > > > Am Freitag, 25. April 2008 21:59:45 schrieb Mikael Syska: > > > > > Hi > > > > > > > > > > On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen > > > > > > > > > > > > > wrote: > > > > > > Hi, > > > > > > > > > > > > I got some troubles on releasing mails from the quarantine. > > > > > > I got a postfix Server on a SuSE 10.3 and followed the > > > > > > instructions at > > > > > > > > > > > > > > > > > > http://wiki.mailscanner.info/doku.php?id=documentation:configur > > > > > >ation > > > > > > > > > > > >:mta: postfix:how_to:release_quarantined_mail&s=quarantine > > > > > > > > > > > > But it simply doesn't work... the message stays in the > > > > > > directory. I where in the IRC channel because of this, but > > > > > > nobody could help me... > > > > > > > > > > I've been on the channel the last 12 hours ... havent seen > > > > > anything like that on the channel ... > > > > > > > > Well I havn't said that I was there within the last 12 hours... > > > > > > > > > The above description aint much of a help ... since there are > > > > > many ways on that site to release a mail ... > > > > > > > > I got these 2 settings in my MailScanner config... > > > > > > > > Quarantine Whole Message = yes > > > > Quarantine Whole Messages As Queue Files = yes > > > > > > > > and I followed the instructions of "Releasing mail from the > > > > quarantine - queue files". And I got no subdirectories in > > > > /var/spool/postfix/incoming. > > > > > > > > I hope this helps..... > > > > > > A bit:-). > > > Postfix is very particular about the ownership and mode... The file in > > > the incoming directory (that you copy there) should be owned by your > > > postfix user/group (usually "postfix":-) and be mode -rwx------ (chmod > > > 0700 ...), so start by making sure of that. > > > Also ... you might have something informative in the logs perhaps? > > > Look in all logs, if you do logfile splitting (info, warning and error > > > ...). > > > > > > Cheers > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > Ok, I checked these permissions... they where right... > > It looks like the problem is the file name of the queue file. They look > > like that: > > > > 12FC0236A4.1B60B > > > > then i get this message in the logile: > > > > Apr 27 23:56:48 race-winner postfix/postsuper[25736]: warning: bogus > > file name: incoming/12FC0236A4.1B60B > > > > and When i rename the file and remove the ".06E41" stuff the message > > gets delivered.... > > > > Why do i have such crappy names ?? > > Well.... You *could* blame me, I guess:-). > It's like this: > - Postfix reuses queue file names. The chance of reuse happening is > rather high (inode number and the millisecond is used to generate the > name). > - If you use MailWatch or another form of database logging, this queue > ID reuse is unacceptable. > - To overcome this, Jules (on my behest:-) add a bit of entropy at the > end, after an easily identifiable relimiter (".";-). > > It's been like this for ages. > We who use MailWatch need "store" as RFC822 messages (and keep the > envelope info in the database anyway), so ... for us this is a > non-issue... But one would think that the ones that "store" as queue > files would've seen this before... and would amend the wiki page. > Since you found this out, you can update it yourself... That's the > whole point with a wiki;-). > If you can, please check if this is general or if it is something that > has been introduced in later versions of Postfix. I'm pretty sure that > last I looked (oh so many versions ago:-), the info in the wiki was > enough, more or less. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Ok... Did I got that right... The Nameing of the file is made by MailScanner and is the result of..... a difficult postfix behavior ? And my method of releasing the file is correct and the only one that works for my settings ? From mrebsamen at unimatrix0.ch Mon Apr 28 19:18:30 2008 From: mrebsamen at unimatrix0.ch (Marco Rebsamen) Date: Mon Apr 28 19:18:05 2008 Subject: ****SPAM**** Re: ****SPAM**** Re: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <200804280025.50756.mrebsamen@unimatrix0.ch> <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> Message-ID: <200804282018.30257.mrebsamen@unimatrix0.ch> Am Montag, 28. April 2008 10:55:55 schrieb Glenn Steen: > 2008/4/28 Marco Rebsamen : > > Am Sonntag, 27. April 2008 21:59:09 schrieb Glenn Steen: > > > 2008/4/26 Marco Rebsamen : > > > > Am Freitag, 25. April 2008 21:59:45 schrieb Mikael Syska: > > > > > Hi > > > > > > > > > > On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen > > > > > > > > > > > > > wrote: > > > > > > Hi, > > > > > > > > > > > > I got some troubles on releasing mails from the quarantine. > > > > > > I got a postfix Server on a SuSE 10.3 and followed the > > > > > > instructions at > > > > > > > > > > > > > > > > > > http://wiki.mailscanner.info/doku.php?id=documentation:configur > > > > > >ation > > > > > > > > > > > >:mta: postfix:how_to:release_quarantined_mail&s=quarantine > > > > > > > > > > > > But it simply doesn't work... the message stays in the > > > > > > directory. I where in the IRC channel because of this, but > > > > > > nobody could help me... > > > > > > > > > > I've been on the channel the last 12 hours ... havent seen > > > > > anything like that on the channel ... > > > > > > > > Well I havn't said that I was there within the last 12 hours... > > > > > > > > > The above description aint much of a help ... since there are > > > > > many ways on that site to release a mail ... > > > > > > > > I got these 2 settings in my MailScanner config... > > > > > > > > Quarantine Whole Message = yes > > > > Quarantine Whole Messages As Queue Files = yes > > > > > > > > and I followed the instructions of "Releasing mail from the > > > > quarantine - queue files". And I got no subdirectories in > > > > /var/spool/postfix/incoming. > > > > > > > > I hope this helps..... > > > > > > A bit:-). > > > Postfix is very particular about the ownership and mode... The file in > > > the incoming directory (that you copy there) should be owned by your > > > postfix user/group (usually "postfix":-) and be mode -rwx------ (chmod > > > 0700 ...), so start by making sure of that. > > > Also ... you might have something informative in the logs perhaps? > > > Look in all logs, if you do logfile splitting (info, warning and error > > > ...). > > > > > > Cheers > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > Ok, I checked these permissions... they where right... > > It looks like the problem is the file name of the queue file. They look > > like that: > > > > 12FC0236A4.1B60B > > > > then i get this message in the logile: > > > > Apr 27 23:56:48 race-winner postfix/postsuper[25736]: warning: bogus > > file name: incoming/12FC0236A4.1B60B > > > > and When i rename the file and remove the ".06E41" stuff the message > > gets delivered.... > > > > Why do i have such crappy names ?? > > Well.... You *could* blame me, I guess:-). > It's like this: > - Postfix reuses queue file names. The chance of reuse happening is > rather high (inode number and the millisecond is used to generate the > name). > - If you use MailWatch or another form of database logging, this queue > ID reuse is unacceptable. > - To overcome this, Jules (on my behest:-) add a bit of entropy at the > end, after an easily identifiable relimiter (".";-). > > It's been like this for ages. > We who use MailWatch need "store" as RFC822 messages (and keep the > envelope info in the database anyway), so ... for us this is a > non-issue... But one would think that the ones that "store" as queue > files would've seen this before... and would amend the wiki page. > Since you found this out, you can update it yourself... That's the > whole point with a wiki;-). > If you can, please check if this is general or if it is something that > has been introduced in later versions of Postfix. I'm pretty sure that > last I looked (oh so many versions ago:-), the info in the wiki was > enough, more or less. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Ok... Did I got that right... The Nameing of the file is made by MailScanner and is the result of..... a difficult postfix behavior ? And my method of releasing the file is correct and the only one that works for my settings ? From mrebsamen at unimatrix0.ch Mon Apr 28 19:19:08 2008 From: mrebsamen at unimatrix0.ch (Marco Rebsamen) Date: Mon Apr 28 19:18:21 2008 Subject: ****SPAM**** Re: ****SPAM**** Re: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <200804280025.50756.mrebsamen@unimatrix0.ch> <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> Message-ID: <200804282019.09010.mrebsamen@unimatrix0.ch> > > Well.... You *could* blame me, I guess:-). > It's like this: > - Postfix reuses queue file names. The chance of reuse happening is > rather high (inode number and the millisecond is used to generate the > name). > - If you use MailWatch or another form of database logging, this queue > ID reuse is unacceptable. > - To overcome this, Jules (on my behest:-) add a bit of entropy at the > end, after an easily identifiable relimiter (".";-). > > It's been like this for ages. > We who use MailWatch need "store" as RFC822 messages (and keep the > envelope info in the database anyway), so ... for us this is a > non-issue... But one would think that the ones that "store" as queue > files would've seen this before... and would amend the wiki page. > Since you found this out, you can update it yourself... That's the > whole point with a wiki;-). > If you can, please check if this is general or if it is something that > has been introduced in later versions of Postfix. I'm pretty sure that > last I looked (oh so many versions ago:-), the info in the wiki was > enough, more or less. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Ok... Did I got that right... The Nameing of the file is made by MailScanner and is the result of..... a difficult postfix behavior ? And my method of releasing the file is correct and the only one that works for my settings ? From lists at gmnet.net Mon Apr 28 20:16:45 2008 From: lists at gmnet.net (Rick Bragg) Date: Mon Apr 28 20:18:18 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <481606CB.3050907@ecs.soton.ac.uk> References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> Message-ID: <1209410205.7233.36.camel@isis> Hi Julian, I forgot to mention, this is an apt-get install... Thanks Rick On Mon, 2008-04-28 at 18:18 +0100, Julian Field wrote: > Your best method for getting MailScanner working on Ubuntu is probably > to use the Debian package, which should just drop in and run. Doing this > will save you an awful lot of grief. > > I'm new to Ubuntu as well, so I don't know how to install the Debian > package, hopefully someone else here can enlighten both of us on this > subject? > > Someone? > > Rick Bragg wrote: > > I am new to Ubuntu, but I just installed a server with the latest > > version and I am having a bit of trouble getting MailScanner to work > > with sendmail. > > > > I followed this page for direction: > > http://www.mailscanner.info/sendmail.html > > > > I set up a mqueue.in directory next to mqueue but I'm not sure if I need > > to edit the init script for sendmail. I could not find this in my > > sendmail init script: > > > > sendmail -bd > > > > I'm not sure how I should start things. In the past, I would just fire > > up only MailScanner. MailScanner would then take care of starting > > sendmail. But now, it seems that sendmail does not get started. > > > > I tried killing sendmail with /etc/init.d/sendmail stop, then firing up > > MailScanner with /etc/init.d/mailscanner start. and it seems fine. My > > mail.log says: > > > > MailScanner E-Mail Virus Scanner version 4.58.9 starting... > > MailScanner[18722]: Read 764 hostnames from the phishing whitelist > > MailScanner[18722]: Using SpamAssassin results cache > > MailScanner[18722]: Connected to SpamAssassin cache database > > MailScanner[18722]: Enabling SpamAssassin auto-whitelist functionality... > > MailScanner[18722]: I have found clamav scanners installed, and will use them all by default. > > MailScanner[18722]: ClamAV scanner using unrar command /usr/bin/unrar > > MailScanner[18722]: Using locktype = posix > > MailScanner[18722]: Creating hardcoded struct_flock subroutine for linux (Linux-type) > > > > However, sendmail is not fired up at all. > > When I send an email through the system, I get this in my mail.log > > > > sm-msp-queue[18676]: m3SF8nol017674: to=info@gmnet.net, ctladdr=rbragg (1000/1000), delay=00:51:12, xdelay=00:00:00, mailer=relay, pri=300058, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] > > > > Obviously, because sendmail is not running! > > > > My question is: How should I set up my startup scripts to start > > MailScanner? and should I be starting up sendmail separately? or should > > I only start MailScanner? > > > > Thanks > > Rick > > > > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From lists at tippingmar.com Mon Apr 28 21:06:09 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Mon Apr 28 21:06:54 2008 Subject: watermark error? In-Reply-To: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> Message-ID: <48162E31.4070607@tippingmar.com> BlaaT 0001 wrote: > These watermarking related settings are in my MailScanner.conf: > Use Watermarking = n Surely you mean "yes" here. I assume you turned it off when you discovered it doesn't work, like I did. Mark From admin at lctn.org Mon Apr 28 21:19:37 2008 From: admin at lctn.org (Raymond Norton) Date: Mon Apr 28 21:21:05 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <1209410205.7233.36.camel@isis> Message-ID: <1353464.3511209413977902.JavaMail.root@mail.lctn.org> > > My question is: How should I set up my startup scripts to start > > MailScanner? and should I be starting up sendmail separately? or should > > I only start MailScanner? You should have a startup script by default in /etc/init.d/ I run several Ubuntu servers with MailScanner. I prefer to use postfix when possible. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/24ad8593/attachment.html From nwp at nz.lemon-computing.com Mon Apr 28 21:49:12 2008 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Mon Apr 28 21:50:06 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <481606CB.3050907@ecs.soton.ac.uk> References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> Message-ID: On 29/04/2008, at 5:18 AM, Julian Field wrote: > Your best method for getting MailScanner working on Ubuntu is > probably to use the Debian package, which should just drop in and > run. Doing this will save you an awful lot of grief. > > I'm new to Ubuntu as well, so I don't know how to install the Debian > package, hopefully someone else here can enlighten both of us on > this subject? > > Someone? If you have downloaded a .deb file to install other than from your standard repositories, the basic way to install it is "dpkg -i ". The downside is that you will have to install any dependencies (preferably using aptitude) yourself. dpkg will just refuse to install the other package properly until you have installed the dependencies. Note though, that the package you try to install won't be completely uninstalled either -- "dpkg --purge " to do that. You can also set up an archive on your filesystem and use file:// urls in your sources.list, but that is more complex. HTH. Cheers, Nick From MailScanner at ecs.soton.ac.uk Mon Apr 28 21:52:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Apr 28 21:53:37 2008 Subject: watermark error? In-Reply-To: <48162E31.4070607@tippingmar.com> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> <48162E31.4070607@tippingmar.com> Message-ID: <48163919.1040501@ecs.soton.ac.uk> Mark Nienberg wrote: > BlaaT 0001 wrote: >> These watermarking related settings are in my MailScanner.conf: >> Use Watermarking = n > Surely you mean "yes" here. I assume you turned it off when you > discovered it doesn't work, like I did. > Mark Is this just a problem with *BSD? I presume you have watermark adding switched on in your client's outgoing mail servers? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Apr 28 22:49:21 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 28 22:50:11 2008 Subject: [OT] Andrew Chester is out of the office. In-Reply-To: <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E199@mail-gahub.ad.northcarolina.edu> References: <20080427071935.7f77e4ca@scorpio> <48158543.7080706@gmail.com> <20080428060550.11a28faa@scorpio> <1AC01EB962C0E045ABAAD9B53BD6D7EC2470E199@mail-gahub.ad.northcarolina.edu> Message-ID: on 4-28-2008 6:05 AM Douglas R Taber spake the following: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Gerard >> Sent: Monday, April 28, 2008 6:06 AM >> To: mailscanner@lists.mailscanner.info >> Subject: Re: [OT] Andrew Chester is out of the office. >> >> On Mon, 28 Apr 2008 02:23:41 -0700 (PDT) Dan Hollis >> wrote: >> >>> On Mon, 28 Apr 2008, Ronny T. Lampert wrote: >>>>> The oof deserves a forced unsubscription from the list, but the >>>>> unenforceable legalese raises that to a permanent ban level imo. >>>>> Allowing such nondisclosure statements on the list is too legally >>>>> risky and should be totally blocked. >>>> Not all of us have a choice; the are mailservers out the >>>> automatically appending such nonsense; there are bosses out there >>>> REQUIRING you to have that nonsense. >>>> What should the poor guy do? >>> he should not be using a company account for the maillist. if your >>> company is so paranoid about such things then they should not be >> using >>> their accounts for public mailing lists. simple as that. >>> >>> most other lists ban such nonsense. >> I had not thought of that myself. I wonder is his employer knows about >> his extra curricular activities. >> >> -- >> Gerard >> gerard@seibercom.net >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to which they >> are addressed. If you are not the intended recipient of this >> transmission, please delete it immediately. >> >> Obviously, I am the idiot who sent it to you by mistake. Furthermore, >> there is no way I can force you to delete it. Worse, by the time you >> have reached this disclaimer you have all ready read the document. >> Telling you to forget it would seem absurd. In any event, I have no >> legal right to force you to take any action upon this email anyway. >> >> This entire disclaimer is just a waste of everyone's time and >> bandwidth. Therefore, let us just forget the whole thing and enjoy a >> cold beer instead. > > > We all know that mailing lists are just a gateway activity to harder things like forums and google. And the hardcore addicts get into IRC! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/661f2327/signature.bin From lists at gmnet.net Mon Apr 28 22:57:47 2008 From: lists at gmnet.net (Rick Bragg) Date: Mon Apr 28 22:58:33 2008 Subject: Ubuntu - sendmail problem In-Reply-To: References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> Message-ID: <1209419867.7233.54.camel@isis> Thanks, I basically didn't do anything special at all, I just downloaded and installed the latest ubuntu 8.04 64bit server version, then did apt-get install mailscanner, then went through the config file and that is it. I prefer to use sendmail, clamav, spamassassin, mailwatch as my combo of systems. I just don't know how to fire up MailScanner with sendmail. MailScanner is working great, its just not firing up sendmail, sendmail is working great, its just that nothing is being scanned. How can I use MailScanner with sendmail on ubuntu? rick On Tue, 2008-04-29 at 08:49 +1200, Nick Phillips wrote: > On 29/04/2008, at 5:18 AM, Julian Field wrote: > > Your best method for getting MailScanner working on Ubuntu is > > probably to use the Debian package, which should just drop in and > > run. Doing this will save you an awful lot of grief. > > > > I'm new to Ubuntu as well, so I don't know how to install the Debian > > package, hopefully someone else here can enlighten both of us on > > this subject? > > > > Someone? > > If you have downloaded a .deb file to install other than from your > standard repositories, the basic way to install it is "dpkg -i > ". The downside is that you will have to install any > dependencies (preferably using aptitude) yourself. dpkg will just > refuse to install the other package properly until you have installed > the dependencies. Note though, that the package you try to install > won't be completely uninstalled either -- "dpkg --purge " > to do that. > > You can also set up an archive on your filesystem and use file:// urls > in your sources.list, but that is more complex. > > > HTH. > > > Cheers, > > > Nick From shuttlebox at gmail.com Mon Apr 28 23:08:01 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Apr 28 23:08:35 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <1209419867.7233.54.camel@isis> References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> <1209419867.7233.54.camel@isis> Message-ID: <625385e30804281508i11e2c505h2a420c7d913f4381@mail.gmail.com> On Mon, Apr 28, 2008 at 11:57 PM, Rick Bragg wrote: > Thanks, > > I basically didn't do anything special at all, I just downloaded and > installed the latest ubuntu 8.04 64bit server version, then did apt-get > install mailscanner, then went through the config file and that is it. > I prefer to use sendmail, clamav, spamassassin, mailwatch as my combo of > systems. I just don't know how to fire up MailScanner with sendmail. > MailScanner is working great, its just not firing up sendmail, sendmail > is working great, its just that nothing is being scanned. > > How can I use MailScanner with sendmail on ubuntu? The version packaged for Ubuntu (4.58) is really old. I would rather go with the generic tar dist from the MailScanner site. There's good instructions to follow to get it running as well. It clearly states what you need to modify to run Sendmail. -- /peter From ssilva at sgvwater.com Mon Apr 28 23:08:47 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 28 23:09:20 2008 Subject: MCP and FreeBSD In-Reply-To: <481610A4.3050101@lexairinc.com> References: <481610A4.3050101@lexairinc.com> Message-ID: on 4-28-2008 11:00 AM Renee Gehlbach spake the following: > Hello, > > I had emailed earlier about MCP problems. I have finally found the > issue: SpamAssassin expected to find a .pre file in > /usr/local/etc/MailScanner/mcp and there was not one. Thus SpamAssassin > was bombing after reading in the files with the MCP rules but before > actually running the MCP checks. I copied v320.pre into this directory, > and MCP was happy again. > > So now I have two questions: > 1) is MCP supposed to be looking for this file here? > 2) if so, will future versions of the FreeBSD port be putting this file > here? if not, will future versions of the port look for this file in > the correct place? > > Simply put, do I need to maintain this file myself whenever I update, or > will the port be handling this correctly in the future? > > Thanks, > Renee > It only needs the following in it until a future version of spamassassin needs more; # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/50ff7a7b/signature.bin From ssilva at sgvwater.com Mon Apr 28 23:24:04 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Apr 28 23:24:15 2008 Subject: MCP and FreeBSD In-Reply-To: <481610A4.3050101@lexairinc.com> References: <481610A4.3050101@lexairinc.com> Message-ID: on 4-28-2008 11:00 AM Renee Gehlbach spake the following: > Hello, > > I had emailed earlier about MCP problems. I have finally found the > issue: SpamAssassin expected to find a .pre file in > /usr/local/etc/MailScanner/mcp and there was not one. Thus SpamAssassin > was bombing after reading in the files with the MCP rules but before > actually running the MCP checks. I copied v320.pre into this directory, > and MCP was happy again. > > So now I have two questions: > 1) is MCP supposed to be looking for this file here? > 2) if so, will future versions of the FreeBSD port be putting this file > here? if not, will future versions of the port look for this file in > the correct place? > > Simply put, do I need to maintain this file myself whenever I update, or > will the port be handling this correctly in the future? > > Thanks, > Renee > The port maintainer could add this, but MCP has been falling out of favor since Julian added the extra "SpamAssassin Rule Actions" settings. This has been added to the wiki for future reference. http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:mcp -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080428/50a2c687/signature.bin From nwp at nz.lemon-computing.com Tue Apr 29 00:02:11 2008 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Tue Apr 29 00:02:51 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <625385e30804281508i11e2c505h2a420c7d913f4381@mail.gmail.com> References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> <1209419867.7233.54.camel@isis> <625385e30804281508i11e2c505h2a420c7d913f4381@mail.gmail.com> Message-ID: <779AD27C-B25C-4951-873F-02D0459ADA43@nz.lemon-computing.com> On 29/04/2008, at 10:08 AM, shuttlebox wrote: > On Mon, Apr 28, 2008 at 11:57 PM, Rick Bragg wrote: >> Thanks, >> >> I basically didn't do anything special at all, I just downloaded and >> installed the latest ubuntu 8.04 64bit server version, then did apt- >> get >> install mailscanner, then went through the config file and that is >> it. >> I prefer to use sendmail, clamav, spamassassin, mailwatch as my >> combo of >> systems. I just don't know how to fire up MailScanner with sendmail. >> MailScanner is working great, its just not firing up sendmail, >> sendmail >> is working great, its just that nothing is being scanned. >> >> How can I use MailScanner with sendmail on ubuntu? > > The version packaged for Ubuntu (4.58) is really old. I would rather > go with the generic tar dist from the MailScanner site. There's good > instructions to follow to get it running as well. It clearly states > what you need to modify to run Sendmail. Try the Debian version before you go for the tar distribution; in general on systems with half-decent package management, the more you work around it the more trouble you ask for. Cheers, Nick From edward at tdcs.com.au Tue Apr 29 00:34:06 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Tue Apr 29 00:36:05 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <1209400280.7233.20.camel@isis> References: <1209400280.7233.20.camel@isis> Message-ID: > sm-msp-queue[18676]: m3SF8nol017674: to=info@gmnet.net, ctladdr=rbragg > (1000/1000), delay=00:51:12, xdelay=00:00:00, mailer=relay, pri=300058, > relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection > refused by [127.0.0.1] Ignore my ignorance - I don't use sendmail either, but isn't this a sendmail error telling you remote access is not allowed? Don't you need to comment out the: DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') In sendmail.mc? Again - this is something stuck in my mind from about 10 years ago - I haven't used sendmail since then, so ignore this quietly if I'm talking out of my butt please. Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at gmnet.net Tue Apr 29 00:43:00 2008 From: lists at gmnet.net (Rick Bragg) Date: Tue Apr 29 00:43:40 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <625385e30804281508i11e2c505h2a420c7d913f4381@mail.gmail.com> References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> <1209419867.7233.54.camel@isis> <625385e30804281508i11e2c505h2a420c7d913f4381@mail.gmail.com> Message-ID: <1209426180.7233.64.camel@isis> On Tue, 2008-04-29 at 00:08 +0200, shuttlebox wrote: > On Mon, Apr 28, 2008 at 11:57 PM, Rick Bragg wrote: > > Thanks, > > > > I basically didn't do anything special at all, I just downloaded and > > installed the latest ubuntu 8.04 64bit server version, then did apt-get > > install mailscanner, then went through the config file and that is it. > > I prefer to use sendmail, clamav, spamassassin, mailwatch as my combo of > > systems. I just don't know how to fire up MailScanner with sendmail. > > MailScanner is working great, its just not firing up sendmail, sendmail > > is working great, its just that nothing is being scanned. > > > > How can I use MailScanner with sendmail on ubuntu? > > The version packaged for Ubuntu (4.58) is really old. I would rather > go with the generic tar dist from the MailScanner site. There's good > instructions to follow to get it running as well. It clearly states > what you need to modify to run Sendmail. > > -- > /peter I would much rather stay with the ubuntu package manager (apt-get) if I can, I already have lots of stuff to manage and I don't have any hard core customizations. The standard install simply does not work for me, and I just did a brand new ubuntu install... I think that it should be fairly simple to set up, but would rather not re-invent anything and install from tar. I can't believe that I am the first to try to set this up with Ubuntu. All I need is some direction and advice, maybe I missed a config setting or something. Has anybody done this with Ubuntu, sendmail, just using the apt-get installs? rick From lists at gmnet.net Tue Apr 29 01:15:33 2008 From: lists at gmnet.net (Rick Bragg) Date: Tue Apr 29 01:16:16 2008 Subject: Ubuntu - sendmail problem In-Reply-To: References: <1209400280.7233.20.camel@isis> Message-ID: <1209428133.7233.72.camel@isis> Thanks Ed, Your right, It is a sendmail error. sendmail is not even running. There is a disconnect between MailScanner and sendmail. I think that MailScanner needs to wrap around sendmail and control it. How can I make this work?? p.s. I am just using the "out of the box" installs and configs for ubuntu... and I am trying not to stray from this at all. I don't want to re-invent anything!! Thank You all for your help! rick On Tue, 2008-04-29 at 07:34 +0800, Edward Dekkers wrote: > > sm-msp-queue[18676]: m3SF8nol017674: to=info@gmnet.net, ctladdr=rbragg > > (1000/1000), delay=00:51:12, xdelay=00:00:00, mailer=relay, pri=300058, > > relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection > > refused by [127.0.0.1] > > Ignore my ignorance - I don't use sendmail either, but isn't this a sendmail > error telling you remote access is not allowed? > > Don't you need to comment out the: > > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') > > In sendmail.mc? > > Again - this is something stuck in my mind from about 10 years ago - I > haven't used sendmail since then, so ignore this quietly if I'm talking out > of my butt please. > > Regards, > Ed. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > From edward at tdcs.com.au Tue Apr 29 02:20:26 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Tue Apr 29 02:22:05 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <1209428133.7233.72.camel@isis> References: <1209400280.7233.20.camel@isis> <1209428133.7233.72.camel@isis> Message-ID: > Thanks Ed, > > Your right, It is a sendmail error. sendmail is not even running. Sendmail is not running but creating log entries? That's certainly very interesting. There > is a disconnect between MailScanner and sendmail. I think that > MailScanner needs to wrap around sendmail and control it. >From memory (again mate, 10 years ago or so), mailscanner starts up two instances of sendmail, a sending and a receiving queue or something like that. > > How can I make this work?? Well, when you run sendmail without mailscanner, can you send e-mails? I mean, the point I made before still applies - out of the box sendmail only listens on the localhost, and will not receive connections remotely. This isn't straying or re-inventing, this is simply opening up sendmail for real world use. Have you allowed remote connections in sendmail.mc or not? MailScanner IS NOT an SMTP server, it uses sendmail or Postfix (or others) as an MTA - they still need to be configured properly. The log you showed originally seems to tell me at first glance this has not been done. Again though - I'm not an expert - I stress this because the guys on this list are miles ahead in knowledge over me - and glancing at your post it looked like sendmail was the culprit, but I could still be wrong. Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at tippingmar.com Tue Apr 29 05:22:28 2008 From: lists at tippingmar.com (Mark Nienberg) Date: Tue Apr 29 05:23:12 2008 Subject: watermark error? In-Reply-To: <48163919.1040501@ecs.soton.ac.uk> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> <48162E31.4070607@tippingmar.com> <48163919.1040501@ecs.soton.ac.uk> Message-ID: <4816A284.10103@tippingmar.com> Julian Field wrote: > Is this just a problem with *BSD? > I presume you have watermark adding switched on in your client's > outgoing mail servers? I'm using centOS 5.1. See the original post in this thread for a sample message that contains my watermark but was tagged by MailScanner as having a bad watermark. Mark From john at tradoc.fr Tue Apr 29 08:01:17 2008 From: john at tradoc.fr (John Wilcock) Date: Tue Apr 29 08:02:03 2008 Subject: watermark error? In-Reply-To: <48163919.1040501@ecs.soton.ac.uk> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> <48162E31.4070607@tippingmar.com> <48163919.1040501@ecs.soton.ac.uk> Message-ID: <4816C7BD.2050405@tradoc.fr> Julian Field a ?crit : > Is this just a problem with *BSD? > I presume you have watermark adding switched on in your client's > outgoing mail servers? > > Jules Coincidentally I tried watermarking for the first time yesterday, having recently given my production mailserver a belated upgrade to 4.67.6 (which at last made it into the official gentoo portage tree - I'd been using home-grown ebuilds until now) and am also seeing the same problems: genuine DSNs with valid watermarks are being treated as invalid. Use Watermarking = yes Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = 1 Check Watermarks To Skip Spam Checks = yes Watermark Secret = ImNotPuttingTheRealSecretHere Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Output of MailScanner --version attached in case perl module versions make any difference. On a probably unrelated note, MailScanner --lint tells me Cannot create temporary Work Dir /8103. Are the permissions and ownership of correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 Note that the $parentdir there seems to be blank... MS processes mail just fine, so I assume this is a bug in the lint routine rather than a real problem. Run As User = postfix Run As Group = apache Incoming Work Dir = /var/spool/MailScanner/incoming Incoming Work User = Incoming Work Group = /var/spool/MailScanner/incoming is owned by postfix.apache with 770 permissions. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr -------------- next part -------------- Running on Linux ns0.tradoc.fr 2.6.24.2-xxxx-std-ipv4-32 #1 SMP Mon Feb 11 15:26:43 CET 2008 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.67.6 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 1.04 Carp 2.004 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.18 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.77 Mail::Header 1.86 Math::BigInt 3.07 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.07 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.815 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.05 IO::Zlib 2.23 IP::Country 0.20 Mail::ClamAV 3.002004 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.61 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.34 Net::LDAP 4.007 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness missing Test::Manifest 2.0.0 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML From jan-peter at koopmann.eu Tue Apr 29 08:11:30 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Tue Apr 29 08:12:43 2008 Subject: MCP and FreeBSD In-Reply-To: References: <481610A4.3050101@lexairinc.com> Message-ID: > The port maintainer could add this, but MCP has been falling out of > favor since Julian added the extra "SpamAssassin Rule Actions" > settings. Exactly. I hardly know people using MCP. Moreover if I add it to the port I need to add it as .sample in order to ensure that upgrades do not overwrite the file. So you would have to intervene manually anyhow. And since especially with MCP you need to know what you are doing.... Regards, JP From jan-peter at koopmann.eu Tue Apr 29 08:12:27 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Tue Apr 29 08:12:53 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> Message-ID: > Since there are known exploits for 0.92 I am beginning to feel the urge > to upgrade to 0.93... Why not switch to clamd? From blaat0001 at gmail.com Tue Apr 29 08:38:02 2008 From: blaat0001 at gmail.com (BlaaT 0001) Date: Tue Apr 29 08:38:41 2008 Subject: watermark error? In-Reply-To: <48163919.1040501@ecs.soton.ac.uk> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> <48162E31.4070607@tippingmar.com> <48163919.1040501@ecs.soton.ac.uk> Message-ID: <254612fc0804290038ud1dc194o101823fc11c8280d@mail.gmail.com> Yes, I did. I've switched it off once I discovered it didn't work. Sorry for the confusion, I meant "Use Watermarking = yes". I don't know if it's a BSD issue, I haven't tested it on anything else but OpenBSD. This is the outgoing (and incoming) mailserver for our clients. During the tests (Use Watermarking = yes) the watermarks are being added properly. Incoming NDRs are wrongfully being marked as "bad watermark detected" in the maillog, and the "Treat Invalid Watermarks With No Sender as Spam" action is being applied. This happens whether or not the NDR contains a valid watermark or not (not means not having a watermark at all). Cheers. > Mark Nienberg wrote: >Surely you mean "yes" here. I assume you turned it off when you discovered it doesn't work, like I did. >Mark > > > BlaaT 0001 wrote: > > > > > These watermarking related settings are in my MailScanner.conf: > > > Use Watermarking = n > > > > > Surely you mean "yes" here. I assume you turned it off when you discovered > it doesn't work, like I did. > > Mark > > > Is this just a problem with *BSD? > I presume you have watermark adding switched on in your client's outgoing > mail servers? > > Jules From MailScanner at ecs.soton.ac.uk Tue Apr 29 09:34:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 29 09:35:39 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <1209428133.7233.72.camel@isis> References: <1209400280.7233.20.camel@isis> <1209428133.7233.72.camel@isis> Message-ID: <4816DD8F.7050605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Bragg wrote: > > p.s. > I am just using the "out of the box" installs and configs for ubuntu... > and I am trying not to stray from this at all. I don't want to > re-invent anything!! > I quite agree with your position. You shouldn't be fighting with init scripts or getting sendmail started right or anything like that. I think if you uninstall the (totally broken) Ubuntu distribution of MailScanner 4.58 (yes, brand new Ubuntu 8 ships with a version of MailScanner well over a year old!) and download and install the latest Debian version of MailScanner with the "dpkg -i" command, you will get a whole lot further a lot faster. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIFt2XEfZZRxQVtlQRAizgAKDW7n7ERmIbd9VQ8MNvmSFAhWvO+wCgkQd4 YimCCLhhi/AliNeRbPCjlv8= =n+Le -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From t.d.lee at durham.ac.uk Tue Apr 29 10:39:07 2008 From: t.d.lee at durham.ac.uk (David Lee) Date: Tue Apr 29 10:40:47 2008 Subject: 'X-MailScanner-ID' header? Message-ID: Having just done some MS upgrades I saw that emails had gained an extra header that I hadn't seen before, namely 'X-MailScanner-ID'. Looking at the source code, it seems to have appeared somewhere between versions 4.61.7 and 4.66.5 . But there seems to be no mention of it in "MailScanner.conf". Nor did I see it in the ChangeLog. (Or did I miss the description?) Any ideas what this is? And why it seems to be added unconditionally? Also, shouldn't it be tailorable? If a long-haul email passes through two or more MS sites (i.e. different "%org-name%") and each perhaps with two or more MS installations within it, might it not be best to let it be tailorable (as most other 'X-MailScanner' variables), defaulting to (say) 'X-%org-name%-MailScanner-ID'? Julian: Could you briefly fill in the background, please? Thanks. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From Denis.Beauchemin at USherbrooke.ca Tue Apr 29 13:17:07 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Apr 29 13:17:55 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> Message-ID: <481711C3.5020204@USherbrooke.ca> Koopmann, Jan-Peter a ?crit : >> Since there are known exploits for 0.92 I am beginning to feel the >> > urge > >> to upgrade to 0.93... >> > > Why not switch to clamd? > Clamd means a new daemon to start/monitor which translates to a new potential point of failure. Mail::ClamAV didn't have those shortcomings but the lack of timely updates will probably push me towards clamd... Thanks, Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From ismail at ismailozatay.net Tue Apr 29 15:41:23 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Tue Apr 29 15:42:02 2008 Subject: about quarantine directory Message-ID: <003101c8aa07$193d2630$65cba8c0@pc> Hi ; i have just installed a mailscanner gateway on centos 5.1.everything is working good.but i do not understand that why phishingupdate folder is makes itself in /var/spool/MailScanner/quarantine directory ? i delete or move it but it creates again.so i see this directory in mailwatch 's quarantine section.Any idea ? thanks ismail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080429/a948601f/attachment.html From lists at gmnet.net Tue Apr 29 15:41:11 2008 From: lists at gmnet.net (Rick Bragg) Date: Tue Apr 29 15:42:03 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <4816DD8F.7050605@ecs.soton.ac.uk> References: <1209400280.7233.20.camel@isis> <1209428133.7233.72.camel@isis> <4816DD8F.7050605@ecs.soton.ac.uk> Message-ID: <1209480071.7233.103.camel@isis> Thanks Julian I will do that, The only problem I am having now is un-installing mailscanner (4.58.9-2ubuntu1) I want to un-install it, but when I try I get this error: :~$ sudo apt-get remove mailscanner Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libdigest-sha1-perl libfilesys-df-perl libnet-ip-perl libio-zlib-perl libconvert-tnef-perl libio-stringy-perl libnet-dns-perl unzip libmime-tools-perl libarchive-zip-perl libdbd-sqlite3-perl libmime-perl libversion-perl libfile-temp-perl libnet-cidr-perl libsys-syslog-perl liberror-perl libsocket6-perl libnetaddr-ip-perl libmail-spf-perl libconvert-binhex-perl libsys-hostname-long-perl libdigest-hmac-perl libarchive-tar-perl spamassassin Use 'apt-get autoremove' to remove them. The following packages will be REMOVED: mailscanner 0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded. 1 not fully installed or removed. After this operation, 4227kB disk space will be freed. Do you want to continue [Y/n]? Y (Reading database ... 27646 files and directories currently installed.) Removing mailscanner ... invoke-rc.d: initscript mailscanner, action "stop" failed. dpkg: error processing mailscanner (--remove): subprocess pre-removal script returned error exit status 1 invoke-rc.d: initscript mailscanner, action "start" failed. dpkg: error while cleaning up: subprocess post-installation script returned error exit status 1 Errors were encountered while processing: mailscanner E: Sub-process /usr/bin/dpkg returned an error code (1) I found that this is a bug, but I don't know how to solve it. Anybody? Thanks! Rick From steve.freegard at fsl.com Tue Apr 29 15:54:43 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Apr 29 15:55:19 2008 Subject: ClamAV 0.93 released In-Reply-To: <481711C3.5020204@USherbrooke.ca> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> <481711C3.5020204@USherbrooke.ca> Message-ID: <481736B3.7030705@fsl.com> Denis Beauchemin wrote: > Koopmann, Jan-Peter a ?crit : >>> Since there are known exploits for 0.92 I am beginning to feel the >>> >> urge >> >>> to upgrade to 0.93... >>> >> >> Why not switch to clamd? >> > Clamd means a new daemon to start/monitor which translates to a new > potential point of failure. Mail::ClamAV didn't have those shortcomings > but the lack of timely updates will probably push me towards clamd... Having tested both - I came to the following conclusion: If you have plenty memory to spare and MailScanner child start-up time is not an issue, then use Mail::ClamAV otherwise in all other cases use clamd as it uses considerably less RAM without any performance penalty as it uses threads as it seems that the signature database is shared amongst the scanner threads. Cheers, Steve. From MailScanner at ecs.soton.ac.uk Tue Apr 29 16:23:35 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 29 16:24:43 2008 Subject: about quarantine directory In-Reply-To: <003101c8aa07$193d2630$65cba8c0@pc> References: <003101c8aa07$193d2630$65cba8c0@pc> Message-ID: <48173D77.4040300@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is created by the phishing.bad.sites.conf update mechanism. This process needs somewhere to store temporary files, and this seemed as good a location as any. Please don't try to move it. As you have found, it just re-creates itself, but wastes your network bandwidth by not having its temporary files available. Jules. Ismail OZATAY wrote: > Hi ; > > i have just installed a mailscanner gateway on centos 5.1.everything > is working good.but i do not understand that why phishingupdate folder > is makes itself in /var/spool/MailScanner/quarantine directory ? i > delete or move it but it creates again.so i see this directory in > mailwatch 's quarantine section.Any idea ? > > thanks > > ismail Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-9 wj8DBQFIFz2DEfZZRxQVtlQRAjTSAKDW4TWB3YjGxLkJ0tnQjqU83nZRxACgkJVO jTwp480Q+vBDbfW3qk71U/0= =HxUe -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ismail at ismailozatay.net Tue Apr 29 17:13:29 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Tue Apr 29 17:14:05 2008 Subject: about quarantine directory References: <003101c8aa07$193d2630$65cba8c0@pc> <48173D77.4040300@ecs.soton.ac.uk> Message-ID: <005401c8aa13$f6d083a0$65cba8c0@pc> Thanks Julian , well can i change that location ? ismail ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Tuesday, April 29, 2008 6:23 PM Subject: Re: about quarantine directory -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is created by the phishing.bad.sites.conf update mechanism. This process needs somewhere to store temporary files, and this seemed as good a location as any. Please don't try to move it. As you have found, it just re-creates itself, but wastes your network bandwidth by not having its temporary files available. Jules. Ismail OZATAY wrote: > Hi ; > > i have just installed a mailscanner gateway on centos 5.1.everything > is working good.but i do not understand that why phishingupdate folder > is makes itself in /var/spool/MailScanner/quarantine directory ? i > delete or move it but it creates again.so i see this directory in > mailwatch 's quarantine section.Any idea ? > > thanks > > ismail Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-9 wj8DBQFIFz2DEfZZRxQVtlQRAjTSAKDW4TWB3YjGxLkJ0tnQjqU83nZRxACgkJVO jTwp480Q+vBDbfW3qk71U/0= =HxUe -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Apr 29 17:53:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 29 17:54:56 2008 Subject: about quarantine directory In-Reply-To: <005401c8aa13$f6d083a0$65cba8c0@pc> References: <003101c8aa07$193d2630$65cba8c0@pc> <48173D77.4040300@ecs.soton.ac.uk> <005401c8aa13$f6d083a0$65cba8c0@pc> Message-ID: <4817529F.20202@ecs.soton.ac.uk> You will have to edit the update_bad_phishing_sites script by hand if you want to move it. And you better save a copy of your edited version, as it will be over-written by your next MailScanner upgrade. Sorry about that. Ismail OZATAY wrote: > Thanks Julian , well can i change that location ? > > ismail > > > ----- Original Message ----- From: "Julian Field" > > To: "MailScanner discussion" > Sent: Tuesday, April 29, 2008 6:23 PM > Subject: Re: about quarantine directory > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It is created by the phishing.bad.sites.conf update mechanism. This > process needs somewhere to store temporary files, and this seemed as > good a location as any. > Please don't try to move it. As you have found, it just re-creates > itself, but wastes your network bandwidth by not having its temporary > files available. > > Jules. > > Ismail OZATAY wrote: >> Hi ; >> >> i have just installed a mailscanner gateway on centos 5.1.everything >> is working good.but i do not understand that why phishingupdate >> folder is makes itself in /var/spool/MailScanner/quarantine directory >> ? i delete or move it but it creates again.so i see this directory in >> mailwatch 's quarantine section.Any idea ? >> >> thanks >> >> ismail > > Jules > > - -- Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-9 > > wj8DBQFIFz2DEfZZRxQVtlQRAjTSAKDW4TWB3YjGxLkJ0tnQjqU83nZRxACgkJVO > jTwp480Q+vBDbfW3qk71U/0= > =HxUe > -----END PGP SIGNATURE----- > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ismail at ismailozatay.net Tue Apr 29 19:14:51 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Tue Apr 29 19:15:31 2008 Subject: about quarantine directory References: <003101c8aa07$193d2630$65cba8c0@pc> <48173D77.4040300@ecs.soton.ac.uk><005401c8aa13$f6d083a0$65cba8c0@pc> <4817529F.20202@ecs.soton.ac.uk> Message-ID: <009c01c8aa24$eb5af350$65cba8c0@pc> It does not matter Julian... Thank you so much :) ismail ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: Tuesday, April 29, 2008 7:53 PM Subject: Re: about quarantine directory > You will have to edit the update_bad_phishing_sites script by hand if > you want to move it. And you better save a copy of your edited version, > as it will be over-written by your next MailScanner upgrade. Sorry about > that. > > Ismail OZATAY wrote: >> Thanks Julian , well can i change that location ? >> >> ismail >> >> >> ----- Original Message ----- From: "Julian Field" >> >> To: "MailScanner discussion" >> Sent: Tuesday, April 29, 2008 6:23 PM >> Subject: Re: about quarantine directory >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> It is created by the phishing.bad.sites.conf update mechanism. This >> process needs somewhere to store temporary files, and this seemed as >> good a location as any. >> Please don't try to move it. As you have found, it just re-creates >> itself, but wastes your network bandwidth by not having its temporary >> files available. >> >> Jules. >> >> Ismail OZATAY wrote: >>> Hi ; >>> >>> i have just installed a mailscanner gateway on centos 5.1.everything >>> is working good.but i do not understand that why phishingupdate >>> folder is makes itself in /var/spool/MailScanner/quarantine directory >>> ? i delete or move it but it creates again.so i see this directory in >>> mailwatch 's quarantine section.Any idea ? >>> >>> thanks >>> >>> ismail >> >> Jules >> >> - -- Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.2 (Build 3005) >> Comment: Use Enigmail to decrypt or check this message is legitimate >> Charset: ISO-8859-9 >> >> wj8DBQFIFz2DEfZZRxQVtlQRAjTSAKDW4TWB3YjGxLkJ0tnQjqU83nZRxACgkJVO >> jTwp480Q+vBDbfW3qk71U/0= >> =HxUe >> -----END PGP SIGNATURE----- >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From adc at dc-uoit.net Tue Apr 29 21:34:10 2008 From: adc at dc-uoit.net (Andrei Caraman) Date: Tue Apr 29 21:34:53 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <481606CB.3050907@ecs.soton.ac.uk> References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> Message-ID: <20080429203410.GA3355@logger.dc-uoit.net> On Mon, Apr 28, 2008 at 06:18:03PM +0100, Julian Field wrote: > Your best method for getting MailScanner working on Ubuntu is probably > to use the Debian package, which should just drop in and run. Doing this > will save you an awful lot of grief. that just might be easier said than done. yes, ubuntu uses the debian package management, but that doesn't necessarily mean the same packages. using a debian .deb on ubuntu or viceversa may work, but i don't think anyone can guarantee it. mailscanner might work - perl is perl is perl, to quote someone, but on the other hand, it may not, as it will pull in a lot of other debs on which it depends. one may end up with a messy mix of ubuntul and debian packages. that being said,... > I'm new to Ubuntu as well, so I don't know how to install the Debian > package, hopefully someone else here can enlighten both of us on this > subject? > > Someone? i run mailscanner and sendmail on debian. while i'm not a guru on the subject, i do know a few things about this combo. > Rick Bragg wrote: > [...] > >I followed this page for direction: > >http://www.mailscanner.info/sendmail.html for debian (and probably ubuntu too), you want to make your local customization in config files that won't get automatically overwritten on upgrades. hence you'll want to translate the instructions above in debian-speak: 1. the privacy options can go in sendmail.mc, like this (wrapped for readability): define(`confPRIVACY_FLAGS',`noetrn,needmailhelo,noexpn,novrfy, restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl 2. in sendmail.conf you'll need (again, wrapped): DAEMON_PARMS="-bd -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; if i remember correctly, the debian default is DAEMON_PARMS="-bd"; that should take care of your sendmail configuration, without touching the init.d start/stop script. your sendmail should start upon boot, accept messages and queue them under /var/spool/mqueue.in. it's the job of mailscanner to examine the messages from mqueue.in and move them to /var/spool/mqueue (if it decides to let them pass). one thing to keep in mind is sendmail and mailscanner are supposed to be started and/or stopped independently with this setup. the other thing about being unable to remove the mailscanner package prior to an upgrade has to do with the init.d script returning 1 (instead of 0) on stop (and on start too, actually). i suppose that's a bug that went away in debian/lenny, mailscanner 4.68.8. the workaround i've used for that was to first stop mailscanner, then to comment out the run_mailscanner line in /etc/default/mailscanner (then the init script woulr return 0). i will be happy to share my experience with this setup. if this so specific to make it off topic for the list, ask privately, and i shall answer privately. one last thing here: my impression is that debian keeps better pace with new software versions than ubuntu does. would a switch to debian be concevable for that particular box? adc From MailScanner at ecs.soton.ac.uk Tue Apr 29 22:08:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 29 22:09:16 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <20080429203410.GA3355@logger.dc-uoit.net> References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> <20080429203410.GA3355@logger.dc-uoit.net> Message-ID: <48178E3F.9040401@ecs.soton.ac.uk> If the Ubuntu mor^H^H^Hguys hadn't shipped an ancient version of MailScanner in a setup that doesn't even work at all, this wouldn't be a problem. :-( And they appear to be completely unwilling to fix it, either. I'm certainly *never* going to use Ubuntu for a server, that's for certain. My 2p worth. Jules. Andrei Caraman wrote: > On Mon, Apr 28, 2008 at 06:18:03PM +0100, Julian Field wrote: > >> Your best method for getting MailScanner working on Ubuntu is probably >> to use the Debian package, which should just drop in and run. Doing this >> will save you an awful lot of grief. >> > > that just might be easier said than done. yes, ubuntu uses the debian > package management, but that doesn't necessarily mean the same packages. > using a debian .deb on ubuntu or viceversa may work, but i don't think > anyone can guarantee it. mailscanner might work - perl is perl is perl, to > quote someone, but on the other hand, it may not, as it will pull in a lot > of other debs on which it depends. one may end up with a messy mix of > ubuntul and debian packages. > > that being said,... > > >> I'm new to Ubuntu as well, so I don't know how to install the Debian >> package, hopefully someone else here can enlighten both of us on this >> subject? >> >> Someone? >> > > i run mailscanner and sendmail on debian. while i'm not a guru on the > subject, i do know a few things about this combo. > > >> Rick Bragg wrote: >> [...] >> >>> I followed this page for direction: >>> http://www.mailscanner.info/sendmail.html >>> > > for debian (and probably ubuntu too), you want to make your local > customization in config files that won't get automatically overwritten on > upgrades. hence you'll want to translate the instructions above in > debian-speak: > > 1. the privacy options can go in sendmail.mc, like this (wrapped for > readability): > > define(`confPRIVACY_FLAGS',`noetrn,needmailhelo,noexpn,novrfy, > restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl > > 2. in sendmail.conf you'll need (again, wrapped): > > DAEMON_PARMS="-bd -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in"; > > if i remember correctly, the debian default is > > DAEMON_PARMS="-bd"; > > that should take care of your sendmail configuration, without touching the > init.d start/stop script. your sendmail should start upon boot, accept > messages and queue them under /var/spool/mqueue.in. it's the job of > mailscanner to examine the messages from mqueue.in and move them to > /var/spool/mqueue (if it decides to let them pass). > > one thing to keep in mind is sendmail and mailscanner are supposed to be > started and/or stopped independently with this setup. > > the other thing about being unable to remove the mailscanner package prior > to an upgrade has to do with the init.d script returning 1 (instead of 0) on > stop (and on start too, actually). i suppose that's a bug that went away in > debian/lenny, mailscanner 4.68.8. the workaround i've used for that was to > first stop mailscanner, then to comment out the run_mailscanner line in > /etc/default/mailscanner (then the init script woulr return 0). > > i will be happy to share my experience with this setup. if this so specific > to make it off topic for the list, ask privately, and i shall answer > privately. > > one last thing here: my impression is that debian keeps better pace with > new software versions than ubuntu does. would a switch to debian be > concevable for that particular box? > > > > > > adc > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Apr 29 22:12:37 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Apr 29 22:13:12 2008 Subject: ****SPAM**** Re: ****SPAM**** Re: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <200804281958.23685.mrebsamen@unimatrix0.ch> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <200804280025.50756.mrebsamen@unimatrix0.ch> <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> <200804281958.23685.mrebsamen@unimatrix0.ch> Message-ID: <223f97700804291412l266859e7se363ca36ff5478ce@mail.gmail.com> 2008/4/28 Marco Rebsamen : > Am Montag, 28. April 2008 10:55:55 schrieb Glenn Steen: > > 2008/4/28 Marco Rebsamen : > > > Am Sonntag, 27. April 2008 21:59:09 schrieb Glenn Steen: > > > > 2008/4/26 Marco Rebsamen : > > > > > Am Freitag, 25. April 2008 21:59:45 schrieb Mikael Syska: > > > > > > Hi > > > > > > > > > > > > On Fri, Apr 25, 2008 at 9:08 PM, Marco Rebsamen > > > > > > > > > > > > > > > > wrote: > > > > > > > Hi, > > > > > > > > > > > > > > I got some troubles on releasing mails from the quarantine. > > > > > > > I got a postfix Server on a SuSE 10.3 and followed the > > > > > > > instructions at > > > > > > > > > > > > > > > > > > > > > http://wiki.mailscanner.info/doku.php?id=documentation:configur > > > > > > >ation > > > > > > > > > > > > > >:mta: postfix:how_to:release_quarantined_mail&s=quarantine > > > > > > > > > > > > > > But it simply doesn't work... the message stays in the > > > > > > > directory. I where in the IRC channel because of this, but > > > > > > > nobody could help me... > > > > > > > > > > > > I've been on the channel the last 12 hours ... havent seen > > > > > > anything like that on the channel ... > > > > > > > > > > Well I havn't said that I was there within the last 12 hours... > > > > > > > > > > > The above description aint much of a help ... since there are > > > > > > many ways on that site to release a mail ... > > > > > > > > > > I got these 2 settings in my MailScanner config... > > > > > > > > > > Quarantine Whole Message = yes > > > > > Quarantine Whole Messages As Queue Files = yes > > > > > > > > > > and I followed the instructions of "Releasing mail from the > > > > > quarantine - queue files". And I got no subdirectories in > > > > > /var/spool/postfix/incoming. > > > > > > > > > > I hope this helps..... > > > > > > > > A bit:-). > > > > Postfix is very particular about the ownership and mode... The file in > > > > the incoming directory (that you copy there) should be owned by your > > > > postfix user/group (usually "postfix":-) and be mode -rwx------ (chmod > > > > 0700 ...), so start by making sure of that. > > > > Also ... you might have something informative in the logs perhaps? > > > > Look in all logs, if you do logfile splitting (info, warning and error > > > > ...). > > > > > > > > Cheers > > > > -- > > > > -- Glenn > > > > email: glenn < dot > steen < at > gmail < dot > com > > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > > > Ok, I checked these permissions... they where right... > > > It looks like the problem is the file name of the queue file. They look > > > like that: > > > > > > 12FC0236A4.1B60B > > > > > > then i get this message in the logile: > > > > > > Apr 27 23:56:48 race-winner postfix/postsuper[25736]: warning: bogus > > > file name: incoming/12FC0236A4.1B60B > > > > > > and When i rename the file and remove the ".06E41" stuff the message > > > gets delivered.... > > > > > > Why do i have such crappy names ?? > > > > Well.... You *could* blame me, I guess:-). > > It's like this: > > - Postfix reuses queue file names. The chance of reuse happening is > > rather high (inode number and the millisecond is used to generate the > > name). > > - If you use MailWatch or another form of database logging, this queue > > ID reuse is unacceptable. > > - To overcome this, Jules (on my behest:-) add a bit of entropy at the > > end, after an easily identifiable relimiter (".";-). > > > > It's been like this for ages. > > We who use MailWatch need "store" as RFC822 messages (and keep the > > envelope info in the database anyway), so ... for us this is a > > non-issue... But one would think that the ones that "store" as queue > > files would've seen this before... and would amend the wiki page. > > Since you found this out, you can update it yourself... That's the > > whole point with a wiki;-). > > If you can, please check if this is general or if it is something that > > has been introduced in later versions of Postfix. I'm pretty sure that > > last I looked (oh so many versions ago:-), the info in the wiki was > > enough, more or less. > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > Ok... Did I got that right... The Nameing of the file is made by MailScanner > and is the result of..... a difficult postfix behavior ? > And my method of releasing the file is correct and the only one that works for > my settings ? Pretty much, yes. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mark at msapiro.net Tue Apr 29 22:22:06 2008 From: mark at msapiro.net (Mark Sapiro) Date: Tue Apr 29 22:22:44 2008 Subject: MailScanner --lint - was: watermark error? In-Reply-To: <4816C7BD.2050405@tradoc.fr> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> <48162E31.4070607@tippingmar.com> <48163919.1040501@ecs.soton.ac.uk> <4816C7BD.2050405@tradoc.fr> Message-ID: <20080429212206.GA1812@msapiro> On Tue, Apr 29, 2008 at 09:01:17AM +0200, John Wilcock wrote: > > On a probably unrelated note, MailScanner --lint tells me > Cannot create temporary Work Dir /8103. Are the permissions and > ownership of correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm > line 152 I have seen this many times. I just checked again (version 4.68.8) and I see the above error preceded immediately by Your "Incoming Work Directory" should be specified as an absolute path, not including any links. But I will work okay anyway. at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 139 This occurs even though I have Incoming Work Dir = /var/spool/MailScanner/incoming in MailScanner.conf and there are no links in that path. The interesting thing is I always get errors like this if I run MailScanner --lint as root from my home directory, but if I cd to /etc/MailScanner before running the command, it produces the expected output without either of the above errors. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From malli at mcrirents.com Tue Apr 29 22:23:01 2008 From: malli at mcrirents.com (Mohammed Alli) Date: Tue Apr 29 22:23:31 2008 Subject: Ubuntu - sendmail problem Message-ID: <000f01c8aa47$b1b33b94$0d00a8c0@computerrents.com> To try to shed some light on this issue, ill throw in my 2cents. I have successfully setup ubuntu 8.04 with mailscanner (Debian .deb 4.68.8) and postfix. It was easy and didn't require me to do anything fancy. -----Original Message----- From: "Andrei Caraman" To: "MailScanner discussion" Sent: 4/29/08 5:49 PM Subject: Re: Ubuntu - sendmail problem On Mon, Apr 28, 2008 at 06:18:03PM +0100, Julian Field wrote: > Your best method for getting MailScanner working on Ubuntu is probably > to use the Debian package, which should just drop in and run. Doing this > will save you an awful lot of grief. that just might be easier said than done. yes, ubuntu uses the debian package management, but that doesn't necessarily mean the same packages. using a debian .deb on ubuntu or viceversa may work, but i don't think anyone can guarantee it. mailscanner might work - perl is perl is perl, to quote someone, but on the other hand, it may not, as it will pull in a lot of other debs on which it depends. one may end up with a messy mix of ubuntul and debian packages. that being said,... > I'm new to Ubuntu as well, so I don't know how to install the Debian > package, hopefully someone else here can enlighten both of us on this > subject? > > Someone? i run mailscanner and sendmail on debian. while i'm not a guru on the subject, i do know a few things about this combo. > Rick Bragg wrote: > [...] > >I followed this page for direction: > >http://www.mailscanner.info/sendmail.html for debian (and probably ubuntu too), you want to make your local customization in config files that won't get automatically overwritten on upgrades. hence you'll want to translate the instructions above in debian-speak: 1. the privacy options can go in sendmail.mc, like this (wrapped for readability): define(`confPRIVACY_FLAGS',`noetrn,needmailhelo,noexpn,novrfy, restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl 2. in sendmail.conf you'll need (again, wrapped): DAEMON_PARMS="-bd -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"; if i remember correctly, the debian default is DAEMON_PARMS="-bd"; that should take care of your sendmail configuration, without touching the init.d start/stop script. your sendmail should start upon boot, accept messages and queue them under /var/spool/mqueue.in. it's the job of mailscanner to examine the messages from mqueue.in and move them to /var/spool/mqueue (if it decides to let them pass). one thing to keep in mind is sendmail and mailscanner are supposed to be started and/or stopped independently with this setup. the other thing about being unable to remove the mailscanner package prior to an upgrade has to do with the init.d script returning 1 (instead of 0) on stop (and on start too, actually). i suppose that's a bug that went away in debian/lenny, mailscanner 4.68.8. the workaround i've used for that was to first stop mailscanner, then to comment out the run_mailscanner line in /etc/default/mailscanner (then the init script woulr return 0). i will be happy to share my experience with this setup. if this so specific to make it off topic for the list, ask privately, and i shall answer privately. one last thing here: my impression is that debian keeps better pace with new software versions than ubuntu does. would a switch to debian be concevable for that particular box? adc -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Apr 29 22:54:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 29 22:55:15 2008 Subject: MailScanner --lint - was: watermark error? In-Reply-To: <20080429212206.GA1812@msapiro> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> <48162E31.4070607@tippingmar.com> <48163919.1040501@ecs.soton.ac.uk> <4816C7BD.2050405@tradoc.fr> <20080429212206.GA1812@msapiro> Message-ID: <48179908.70703@ecs.soton.ac.uk> Mark Sapiro wrote: > On Tue, Apr 29, 2008 at 09:01:17AM +0200, John Wilcock wrote: > >> On a probably unrelated note, MailScanner --lint tells me >> Cannot create temporary Work Dir /8103. Are the permissions and >> ownership of correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm >> line 152 >> I can't re-create this at all. What you have set as "Run As User" and group, and incoming work dir owner and permissions? It must be failing to set the $parentdir in WorkArea.pm. But that's set like this: my $parentdir = MailScanner::Config::Value('incomingworkdir'); so it must be failing to read the config file by the time it runs this. So why does it work for me? > > > > I have seen this many times. I just checked again (version 4.68.8) and > I see the above error preceded immediately by > > Your "Incoming Work Directory" should be specified as an absolute path, not including any links. But I will work okay anyway. at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 139 > > This occurs even though I have > > Incoming Work Dir = /var/spool/MailScanner/incoming > > in MailScanner.conf and there are no links in that path. > > The interesting thing is I always get errors like this if I run > > MailScanner --lint > > as root from my home directory, but if I cd to /etc/MailScanner before > running the command, it produces the expected output without either of > the above errors. > Again, can you give me the same info I have asked for above? I cannot re-create this at all. It calls new MailScanner::WorkArea after it reads the conf file, so it will be able to read the Incoming Work Dir by then, but for some reason it can't. You haven't got any odd permissions on /etc or / or /etc/MailScanner have you? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Apr 29 22:55:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Apr 29 22:56:14 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <000f01c8aa47$b1b33b94$0d00a8c0@computerrents.com> References: <000f01c8aa47$b1b33b94$0d00a8c0@computerrents.com> Message-ID: <48179963.2010903@ecs.soton.ac.uk> Mohammed Alli wrote: > To try to shed some light on this issue, ill throw in my 2cents. I have successfully setup ubuntu 8.04 with mailscanner (Debian .deb 4.68.8) and postfix. It was easy and didn't require me to do anything fancy. > In which case, please can you give us detailed instructions on how to do it? And can you then write it up in the wiki for us as well please? Thanks! Jules. > > -----Original Message----- > From: "Andrei Caraman" > To: "MailScanner discussion" > Sent: 4/29/08 5:49 PM > Subject: Re: Ubuntu - sendmail problem > > On Mon, Apr 28, 2008 at 06:18:03PM +0100, Julian Field wrote: > >> Your best method for getting MailScanner working on Ubuntu is probably >> to use the Debian package, which should just drop in and run. Doing this >> will save you an awful lot of grief. >> > > that just might be easier said than done. yes, ubuntu uses the debian > package management, but that doesn't necessarily mean the same packages. > using a debian .deb on ubuntu or viceversa may work, but i don't think > anyone can guarantee it. mailscanner might work - perl is perl is perl, to > quote someone, but on the other hand, it may not, as it will pull in a lot > of other debs on which it depends. one may end up with a messy mix of > ubuntul and debian packages. > > that being said,... > > >> I'm new to Ubuntu as well, so I don't know how to install the Debian >> package, hopefully someone else here can enlighten both of us on this >> subject? >> >> Someone? >> > > i run mailscanner and sendmail on debian. while i'm not a guru on the > subject, i do know a few things about this combo. > > >> Rick Bragg wrote: >> [...] >> >>> I followed this page for direction: >>> http://www.mailscanner.info/sendmail.html >>> > > for debian (and probably ubuntu too), you want to make your local > customization in config files that won't get automatically overwritten on > upgrades. hence you'll want to translate the instructions above in > debian-speak: > > 1. the privacy options can go in sendmail.mc, like this (wrapped for > readability): > > define(`confPRIVACY_FLAGS',`noetrn,needmailhelo,noexpn,novrfy, > restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl > > 2. in sendmail.conf you'll need (again, wrapped): > > DAEMON_PARMS="-bd -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in"; > > if i remember correctly, the debian default is > > DAEMON_PARMS="-bd"; > > that should take care of your sendmail configuration, without touching the > init.d start/stop script. your sendmail should start upon boot, accept > messages and queue them under /var/spool/mqueue.in. it's the job of > mailscanner to examine the messages from mqueue.in and move them to > /var/spool/mqueue (if it decides to let them pass). > > one thing to keep in mind is sendmail and mailscanner are supposed to be > started and/or stopped independently with this setup. > > the other thing about being unable to remove the mailscanner package prior > to an upgrade has to do with the init.d script returning 1 (instead of 0) on > stop (and on start too, actually). i suppose that's a bug that went away in > debian/lenny, mailscanner 4.68.8. the workaround i've used for that was to > first stop mailscanner, then to comment out the run_mailscanner line in > /etc/default/mailscanner (then the init script woulr return 0). > > i will be happy to share my experience with this setup. if this so specific > to make it off topic for the list, ask privately, and i shall answer > privately. > > one last thing here: my impression is that debian keeps better pace with > new software versions than ubuntu does. would a switch to debian be > concevable for that particular box? > > > > > > adc > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From malli at mcrirents.com Wed Apr 30 03:16:12 2008 From: malli at mcrirents.com (Mohammed Alli) Date: Wed Apr 30 02:15:51 2008 Subject: Instructions for Installing MailScanner 4.68-8 on Ubuntu 8.04 References: <000f01c8aa47$b1b33b94$0d00a8c0@computerrents.com> <48179963.2010903@ecs.soton.ac.uk> Message-ID: <3B1A431BDA34C54581BE43253BC1BD9302F9C0@exchange.computerrents.com> Instructions to install MailScanner 4.68-8 on Ubuntu 8.04 Notes: These instructions serves as a guide for setting up MailScanner 4.68-8 on Ubuntu 8.04 with a working Postfix configuration. I cannot provide any guarantee that this will work for you. Install MailScanner Install MailScanner Dependencies by doing the following: apt-get install libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl libmailtools-perl libmime-tools-perl libmime-perl libnet-cidr-perl libsys-syslog-perl libio-stringy-perl libfile-temp-perl Install MailScanner from the Debian .deb Source: wget http://debian.intergenia.de/debian/pool/main/m/mailscanner/mailscanner_4.68.8-1_all.deb dpkg -i mailscanner_4.68.8-1_all.deb Configuring MailScanner and ClamAV Stop Postfix: postfix stop Install the packages: apt-get install clamav clamav-daemon Update ClamAV virus definitions: freshclam Once that is done, we need to make a directory for SpamAssassin in the spool and give postfix permissions to it: mkdir /var/spool/MailScanner/spamassassin Backup your MailScanner.conf file: cp /etc/MailScanner/MailScanner.conf /etc/MailScanner/MailScanner.conf.back Edit MailScanner.conf: vi /etc/MailScanner/MailScanner.conf Change the following parameters in MailScanner.conf: %org-name% = ORGNAME %org-long-name% = ORGFULLNAME %web-site% = ORGWEBSITE Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Virus Scanners = clamav Spam Subject Text = ***SPAM*** Send Notices = no Spam List = spamcop.net SBL+XBL Required SpamAssassin Score = 6 High SpamAssassin Score = 10 Spam Actions = deliver High Scoring Spam Actions = delete Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin header_checks & body_checks Let's go ahead and put this in main.cf. header_checks is required because it allows us to hold all incoming email in order for MailScanner to do it's thing: postconf -e "header_checks = regexp:/etc/postfix/header_checks" Edit header_checks: vi /etc/postfix/header_checks Add this line to the header_checks file, without it MailScanner will not work: /^Received:/ HOLD Fix to Disable Permission Checks on MailScanner Directories: * Comment out the lines that check directory permissions on /var/* in /etc/rc2.d/S20mailscanner In the file /etc/default/mailscanner, make sure this parameter is at 1: run_mailscanner=1 You can now start the system: /etc/init.d/mailscanner start /etc/init.d/postfix start Fix for Ubuntu 8.04 (kept removing directories upon reboot) - May or may not be needed Edit /etc/rc.local and add the following before the exit line: mkdir /var/run/MailScanner mkdir /var/lock/subsys mkdir /var/lock/subsys/MailScanner chown -R postfix:postfix /var/run/MailScanner chown -R postfix:postfix /var/lock/subsys/MailScanner /etc/init.d/postfix restart /etc/init.d/mailscanner restart. That's it! Regards, Mohammed Alli ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field Sent: Tue 4/29/2008 5:55 PM To: MailScanner discussion Subject: Re: Ubuntu - sendmail problem Mohammed Alli wrote: > To try to shed some light on this issue, ill throw in my 2cents. I have successfully setup ubuntu 8.04 with mailscanner (Debian .deb 4.68.8) and postfix. It was easy and didn't require me to do anything fancy. > In which case, please can you give us detailed instructions on how to do it? And can you then write it up in the wiki for us as well please? Thanks! Jules. > > -----Original Message----- > From: "Andrei Caraman" > To: "MailScanner discussion" > Sent: 4/29/08 5:49 PM > Subject: Re: Ubuntu - sendmail problem > > On Mon, Apr 28, 2008 at 06:18:03PM +0100, Julian Field wrote: > >> Your best method for getting MailScanner working on Ubuntu is probably >> to use the Debian package, which should just drop in and run. Doing this >> will save you an awful lot of grief. >> > > that just might be easier said than done. yes, ubuntu uses the debian > package management, but that doesn't necessarily mean the same packages. > using a debian .deb on ubuntu or viceversa may work, but i don't think > anyone can guarantee it. mailscanner might work - perl is perl is perl, to > quote someone, but on the other hand, it may not, as it will pull in a lot > of other debs on which it depends. one may end up with a messy mix of > ubuntul and debian packages. > > that being said,... > > >> I'm new to Ubuntu as well, so I don't know how to install the Debian >> package, hopefully someone else here can enlighten both of us on this >> subject? >> >> Someone? >> > > i run mailscanner and sendmail on debian. while i'm not a guru on the > subject, i do know a few things about this combo. > > >> Rick Bragg wrote: >> [...] >> >>> I followed this page for direction: >>> http://www.mailscanner.info/sendmail.html >>> > > for debian (and probably ubuntu too), you want to make your local > customization in config files that won't get automatically overwritten on > upgrades. hence you'll want to translate the instructions above in > debian-speak: > > 1. the privacy options can go in sendmail.mc, like this (wrapped for > readability): > > define(`confPRIVACY_FLAGS',`noetrn,needmailhelo,noexpn,novrfy, > restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl > > 2. in sendmail.conf you'll need (again, wrapped): > > DAEMON_PARMS="-bd -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in"; > > if i remember correctly, the debian default is > > DAEMON_PARMS="-bd"; > > that should take care of your sendmail configuration, without touching the > init.d start/stop script. your sendmail should start upon boot, accept > messages and queue them under /var/spool/mqueue.in. it's the job of > mailscanner to examine the messages from mqueue.in and move them to > /var/spool/mqueue (if it decides to let them pass). > > one thing to keep in mind is sendmail and mailscanner are supposed to be > started and/or stopped independently with this setup. > > the other thing about being unable to remove the mailscanner package prior > to an upgrade has to do with the init.d script returning 1 (instead of 0) on > stop (and on start too, actually). i suppose that's a bug that went away in > debian/lenny, mailscanner 4.68.8. the workaround i've used for that was to > first stop mailscanner, then to comment out the run_mailscanner line in > /etc/default/mailscanner (then the init script woulr return 0). > > i will be happy to share my experience with this setup. if this so specific > to make it off topic for the list, ask privately, and i shall answer > privately. > > one last thing here: my impression is that debian keeps better pace with > new software versions than ubuntu does. would a switch to debian be > concevable for that particular box? > > > > > > adc > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 20111 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080429/8dd6ae7c/attachment-0001.bin From rcooper at dwford.com Wed Apr 30 02:19:55 2008 From: rcooper at dwford.com (Rick Cooper) Date: Wed Apr 30 02:20:34 2008 Subject: ClamAV 0.93 released In-Reply-To: <481736B3.7030705@fsl.com> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> <481711C3.5020204@USherbrooke.ca> <481736B3.7030705@fsl.com> Message-ID: <022e01c8aa60$4c862060$0301a8c0@SAHOMELT> If you really want to see mailscanner lose weight without losing speed you should see it when it's using spamd instead of the perl mod.IIRC it drops to 15mg or so per child, make that 21mg (just checked ) and is just as fast, and spamd shares the sigs with it's children, again IIRC. Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Steve Freegard > Sent: Tuesday, April 29, 2008 10:55 AM > To: MailScanner discussion > Subject: Re: ClamAV 0.93 released > > Denis Beauchemin wrote: > > Koopmann, Jan-Peter a ?crit : > >>> Since there are known exploits for 0.92 I am beginning > to feel the > >>> > >> urge > >> > >>> to upgrade to 0.93... > >>> > >> > >> Why not switch to clamd? > >> > > Clamd means a new daemon to start/monitor which translates > to a new > > potential point of failure. Mail::ClamAV didn't have > those shortcomings > > but the lack of timely updates will probably push me > towards clamd... > > Having tested both - I came to the following conclusion: > > If you have plenty memory to spare and MailScanner child > start-up time > is not an issue, then use Mail::ClamAV otherwise in all > other cases use > clamd as it uses considerably less RAM without any > performance penalty > as it uses threads as it seems that the signature database is shared > amongst the scanner threads. > > Cheers, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Wed Apr 30 03:24:47 2008 From: mark at msapiro.net (Mark Sapiro) Date: Wed Apr 30 03:25:20 2008 Subject: MailScanner --lint - was: watermark error? In-Reply-To: <48179908.70703@ecs.soton.ac.uk> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> <48162E31.4070607@tippingmar.com> <48163919.1040501@ecs.soton.ac.uk> <4816C7BD.2050405@tradoc.fr> <20080429212206.GA1812@msapiro> <48179908.70703@ecs.soton.ac.uk> Message-ID: <20080430022447.GA2060@msapiro> On Tue, Apr 29, 2008 at 10:54:16PM +0100, Julian Field wrote: > > > Mark Sapiro wrote: > >On Tue, Apr 29, 2008 at 09:01:17AM +0200, John Wilcock wrote: > > > >>On a probably unrelated note, MailScanner --lint tells me > >>Cannot create temporary Work Dir /8103. Are the permissions and > >>ownership of correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm > >>line 152 > >> > I can't re-create this at all. What you have set as "Run As User" and > group, and incoming work dir owner and permissions? It must be failing > to set the $parentdir in WorkArea.pm. But that's set like this: > my $parentdir = MailScanner::Config::Value('incomingworkdir'); > so it must be failing to read the config file by the time it runs this. > So why does it work for me? > > > > > > > > >I have seen this many times. I just checked again (version 4.68.8) and > >I see the above error preceded immediately by > > > >Your "Incoming Work Directory" should be specified as an absolute path, > >not including any links. But I will work okay anyway. at > >/usr/lib/MailScanner/MailScanner/WorkArea.pm line 139 > > > >This occurs even though I have > > > >Incoming Work Dir = /var/spool/MailScanner/incoming > > > >in MailScanner.conf and there are no links in that path. > > > >The interesting thing is I always get errors like this if I run > > > > MailScanner --lint > > > >as root from my home directory, but if I cd to /etc/MailScanner before > >running the command, it produces the expected output without either of > >the above errors. > > > Again, can you give me the same info I have asked for above? > I cannot re-create this at all. It calls new MailScanner::WorkArea after > it reads the conf file, so it will be able to read the Incoming Work Dir > by then, but for some reason it can't. You haven't got any odd > permissions on /etc or / or /etc/MailScanner have you? > I have attached a console log including all the information you ask for plus the output from MailScanner --lint that fails and one that succeeds after 'cd /etc/MailScanner'. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- [root@sbh16 ~]# ls -ld /etc drwxr-xr-x 84 root root 12288 Apr 24 04:04 /etc [root@sbh16 ~]# ls -ld /etc/MailScanner/ drwxr-xr-x 5 root root 4096 Apr 29 19:09 /etc/MailScanner/ [root@sbh16 ~]# ls -ld /etc/MailScanner/MailScanner.conf -rw-r--r-- 1 root root 120848 Apr 4 11:41 /etc/MailScanner/MailScanner.conf [root@sbh16 ~]# grep ^Run\ As /etc/MailScanner/MailScanner.conf Run As User = postfix Run As Group = postfix [root@sbh16 ~]# grep ^Incoming\ Work /etc/MailScanner/MailScanner.conf Incoming Work Dir = /var/spool/MailScanner/incoming Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 [root@sbh16 ~]# ls -ld /var drwxr-xr-x 27 root root 4096 Nov 19 14:26 /var [root@sbh16 ~]# ls -ld /var/spool/ drwxr-xr-x 15 root root 4096 Dec 22 14:54 /var/spool/ [root@sbh16 ~]# ls -ld /var/spool/MailScanner/ drwxr-xr-x 5 root root 4096 Nov 19 13:30 /var/spool/MailScanner/ [root@sbh16 ~]# ls -ld /var/spool/MailScanner/incoming/ drwxr-xr-x 5 postfix postfix 4096 Apr 29 19:04 /var/spool/MailScanner/incoming/ [root@sbh16 ~]# MailScanner --lint Trying to setlogsock(unix) Read 821 hostnames from the phishing whitelist Read 3765 hostnames from the phishing blacklist Checking version numbers... Version number in MailScanner.conf (4.68.8) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Your "Incoming Work Directory" should be specified as an absolute path, not including any links. But I will work okay anyway. at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 139 Cannot create temporary Work Dir /30293. Are the permissions and ownership of correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 ^ note null name [root@sbh16 ~]# cd /etc/MailScanner/ [root@sbh16 MailScanner]# MailScanner --lint Trying to setlogsock(unix) Read 821 hostnames from the phishing whitelist Read 3765 hostnames from the phishing blacklist Checking version numbers... Version number in MailScanner.conf (4.68.8) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89) Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== Virus and Content Scanning: Starting ProcessClamAVModOutput Clamd ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com ProcessClamAVModOutput Clamd ClamAVModule::INFECTED:: Eicar-Test-Signature FOUND :: ./1/ Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses Filename Checks: (1 eicar.com) Other Checks: Found 1 problems =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@sbh16 MailScanner]# From mark at msapiro.net Wed Apr 30 03:43:08 2008 From: mark at msapiro.net (Mark Sapiro) Date: Wed Apr 30 03:43:45 2008 Subject: MailScanner --lint - was: watermark error? In-Reply-To: <20080430022447.GA2060@msapiro> Message-ID: Mark Sapiro wrote: > >[root@sbh16 ~]# MailScanner --lint >Trying to setlogsock(unix) >Read 821 hostnames from the phishing whitelist >Read 3765 hostnames from the phishing blacklist >Checking version numbers... >Version number in MailScanner.conf (4.68.8) is correct. > >Your envelope_sender_header in spam.assassin.prefs.conf is correct. >MailScanner setting GID to (89) >MailScanner setting UID to (89) > >Checking for SpamAssassin errors (if you use it)... >SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp >SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp >Using SpamAssassin results cache >Connected to SpamAssassin cache database >SpamAssassin reported no errors. >Your "Incoming Work Directory" should be specified as an absolute path, not including any links. But I will work okay anyway. at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 139 >Cannot create temporary Work Dir /30293. Are the permissions and ownership of correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 BTW, in spite of the above error report, it does successfully create the /var/spool/MailScanner/incoming/30293 directory. [root@sbh16 ~]# ls -ld /var/spool/MailScanner/incoming/30293 drwx------ 2 postfix postfix 4096 Apr 29 19:12 /var/spool/MailScanner/incoming/30293 [root@sbh16 ~]# -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From john at tradoc.fr Wed Apr 30 07:48:42 2008 From: john at tradoc.fr (John Wilcock) Date: Wed Apr 30 07:49:27 2008 Subject: MailScanner --lint - was: watermark error? In-Reply-To: <48179908.70703@ecs.soton.ac.uk> References: <254612fc0804280323x5f1224c0u326ef363e0d4c6fe@mail.gmail.com> <48162E31.4070607@tippingmar.com> <48163919.1040501@ecs.soton.ac.uk> <4816C7BD.2050405@tradoc.fr> <20080429212206.GA1812@msapiro> <48179908.70703@ecs.soton.ac.uk> Message-ID: <4818164A.4060408@tradoc.fr> Julian Field a ?crit : > > > Mark Sapiro wrote: >> On Tue, Apr 29, 2008 at 09:01:17AM +0200, John Wilcock wrote: >> >>> On a probably unrelated note, MailScanner --lint tells me >>> Cannot create temporary Work Dir /8103. Are the permissions and >>> ownership of correct? at >>> /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 >>> > I can't re-create this at all. What you have set as "Run As User" and > group, and incoming work dir owner and permissions? It must be failing > to set the $parentdir in WorkArea.pm. But that's set like this: > my $parentdir = MailScanner::Config::Value('incomingworkdir'); > so it must be failing to read the config file by the time it runs this. > So why does it work for me? Run As User = postfix Run As Group = apache Incoming Work Dir = /var/spool/MailScanner/incoming Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 >> The interesting thing is I always get errors like this if I run >> >> MailScanner --lint >> >> as root from my home directory, but if I cd to /etc/MailScanner before >> running the command, it produces the expected output without either of >> the above errors. >> > Again, can you give me the same info I have asked for above? > I cannot re-create this at all. It calls new MailScanner::WorkArea after > it reads the conf file, so it will be able to read the Incoming Work Dir > by then, but for some reason it can't. You haven't got any odd > permissions on /etc or / or /etc/MailScanner have you? I confirm Mark's observation that it works if I cd /etc/MailScanner first. / /etc and /etc/MailScanner are all 755 and owned by root.root Jules - if you want access to my box to test for yourself, just let me know off list. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From jan-peter at koopmann.eu Wed Apr 30 07:53:35 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Wed Apr 30 07:54:31 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> <481711C3.5020204@USherbrooke.ca><481736B3.7030705@fsl.com> Message-ID: Hi Rick, how do you make MailScanner use spamd? This is either not possible or I sadly missed this opportunity. Kind regards, JP -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick Cooper Sent: Wednesday, April 30, 2008 3:20 AM To: 'MailScanner discussion' Subject: RE: ClamAV 0.93 released If you really want to see mailscanner lose weight without losing speed you should see it when it's using spamd instead of the perl mod.IIRC it drops to 15mg or so per child, make that 21mg (just checked ) and is just as fast, and spamd shares the sigs with it's children, again IIRC. Rick From edward at tdcs.com.au Wed Apr 30 08:35:15 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Wed Apr 30 08:37:23 2008 Subject: Instructions for Installing MailScanner 4.68-8 on Ubuntu 8.04 In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9302F9C0@exchange.computerrents.com> References: <000f01c8aa47$b1b33b94$0d00a8c0@computerrents.com> <48179963.2010903@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9302F9C0@exchange.computerrents.com> Message-ID: > Instructions to install MailScanner 4.68-8 on Ubuntu 8.04 Just a quick thanks for that Mohammed - clear, concise and thorough. I'm assuming this will make it on to the mailscanner web site somewhere? Regards and thanks again. Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 30 09:52:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 30 09:53:24 2008 Subject: Instructions for Installing MailScanner 4.68-8 on Ubuntu 8.04 In-Reply-To: References: <000f01c8aa47$b1b33b94$0d00a8c0@computerrents.com> <48179963.2010903@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9302F9C0@exchange.computerrents.com> Message-ID: <48183347.9040709@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Edward Dekkers wrote: >> Instructions to install MailScanner 4.68-8 on Ubuntu 8.04 >> > > Just a quick thanks for that Mohammed - clear, concise and thorough. > > I'm assuming this will make it on to the mailscanner web site somewhere? > It's there now. http://www.mailscanner.info/ubuntu.html Glad that's out of the way :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIGDNQEfZZRxQVtlQRAhxmAJ4n7R7KVwcjdD21XAjRgqWvw0d38ACgsucX oYmnJFgqtkl6qHV/GhvV0/8= =N4bD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandro at e-den.it Wed Apr 30 09:59:44 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Wed Apr 30 10:00:22 2008 Subject: MailScanner -debug --lint... solved Message-ID: <20080430085944.GA16252@ubuntu> Hi, While writing this message I found the misconfiguration that caused it. I post the message anyhow since there is another message written 1 month ago with the same problem that was left unanswered. ---- I'm trying to debug a problem so I used --debug --lint discovering a different behaviour according to the dir I run it from. I already saw a message noticing the same thing: http://lists.mailscanner.info/pipermail/mailscanner/2008-March/083395.html If I run if from /root (PATH is correct, no ".") I get: Cannot create temporary Work Dir /10768. Are the permissions and ownership of correct? at /usr/share/MailScanner//MailScanner/WorkArea.pm line 152 runnning it from /etc/MailScanner met another problem in a different position. I found out I had wront permissios on /tmp!!! (chmod 1777 /tmp...) sandro *:-) From eersana at yahoo.com Wed Apr 30 10:06:11 2008 From: eersana at yahoo.com (anas asree) Date: Wed Apr 30 10:06:46 2008 Subject: MailScanner: Process did not exit cleanly, returned 9 with signal 0 Message-ID: <845174.92884.qm@web39506.mail.mud.yahoo.com> Hi.. I'm using Mailscanner-4.69, Postfix-2.45 with OpenSuse 10.3.. Recently we keep seeing this message in /var/log/messages.. Apr 30 16:29:54 MailScanner: Process did not exit cleanly, returned 9 with signal 0 Apr 30 16:30:50 syslog-ng[2760]: last message repeated 9 times and coincidently the servers which is getting this message is delaying many messages in queue. sometimes up to 700+ messages in one time. Some of the users complained that they have to wait for 3 hours to get new emails that was sent to them. This is the output of MailScanner --lint and MailScanner --debug MailScanner --lint Trying to setlogsock(unix) Read 819 hostnames from the phishing whitelist Read 4078 hostnames from the phishing blacklist Checking version numbers... Version number in MailScanner.conf (4.69.7) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (51) MailScanner setting UID to (51) Checking for SpamAssassin errors (if you use it)... SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. ClamAV scanner using unrar command /usr/bin/unrar Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== Virus and Content Scanning: Starting LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days. *** LibClamAV Warning: *** Please update it IMMEDIATELY! *** LibClamAV Warning: ************************************************** /var/spool/MailScanner/incoming/16219/./1/eicar.com: Eicar-Test-Signature FOUND Virus Scanning: ClamAV found 1 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 1 viruses Filename Checks: (1 eicar.com) Other Checks: Found 1 problems =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Building a message batch to scan... Have a batch of 10 messages. max message size is '40k' max message size is '40k' max message size is '40k' max message size is '40k' max message size is '40k' max message size is '40k' max message size is '40k' max message size is '40k' Error PPS:0 --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080430/d328571a/attachment.html From MailScanner at ecs.soton.ac.uk Wed Apr 30 10:28:48 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 30 10:29:53 2008 Subject: MailScanner -debug --lint... solved In-Reply-To: <20080430085944.GA16252@ubuntu> References: <20080430085944.GA16252@ubuntu> Message-ID: <48183BD0.9070000@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alessandro Dentella wrote: > Hi, > > While writing this message I found the misconfiguration that caused it. I > post the message anyhow since there is another message written 1 month ago > with the same problem that was left unanswered. > > ---- > > I'm trying to debug a problem so I used --debug --lint discovering a > different behaviour according to the dir I run it from. I already saw a > message noticing the same thing: > > http://lists.mailscanner.info/pipermail/mailscanner/2008-March/083395.html > > If I run if from /root (PATH is correct, no ".") I get: > > Cannot create temporary Work Dir /10768. Are the permissions and ownership > of correct? at /usr/share/MailScanner//MailScanner/WorkArea.pm line 152 > > runnning it from /etc/MailScanner met another problem in a different > position. > > I found out I had wront permissios on /tmp!!! (chmod 1777 /tmp...) > What permissions and ownership did it have before? (when it was broken) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIGDvYEfZZRxQVtlQRArbpAJ9ceNXz+0zRqT2QjdW51E9Pi2oUSACgtWdU zp4FxWcIrCdcJOFPIlC7F6Y= =8NpC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Wed Apr 30 10:44:15 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Apr 30 10:44:59 2008 Subject: Notifications. In-Reply-To: <73e0f9580804280739k1b33ad52x5a7c9ffd99254836@mail.gmail.com> References: <73e0f9580804280739k1b33ad52x5a7c9ffd99254836@mail.gmail.com> Message-ID: <48183F6F.1070209@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gustavo FC wrote: | How can I stop user from receiving any kind of notification? What sort of notification? You included no information at all. So it stands to reason this might not even be MailScanner releated. Please read a bit about the mailinglist and post a question with relevant details included. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIGD9uBvzDRVjxmYERAu34AKCch//gx/QXlT+8SJDL4vuBrh6fOACdE6cY 4XRvXBmiUmBPGtCajD+uwJQ= =ng+Q -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Wed Apr 30 10:53:10 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Apr 30 10:53:19 2008 Subject: about quarantine directory In-Reply-To: <4817529F.20202@ecs.soton.ac.uk> References: <003101c8aa07$193d2630$65cba8c0@pc> <48173D77.4040300@ecs.soton.ac.uk> <005401c8aa13$f6d083a0$65cba8c0@pc> <4817529F.20202@ecs.soton.ac.uk> Message-ID: <48184186.3050005@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | You will have to edit the update_bad_phishing_sites script by hand if | you want to move it. And you better save a copy of your edited version, | as it will be over-written by your next MailScanner upgrade. Sorry about | that. It's a bit confusing as the files are not related to quarantined files. The next time you happen to make a change to that section of the code would it be possible to configure where these temporary files are stored? Think of it as low priority feature request. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIGEGEBvzDRVjxmYERArBnAJwLpYJZBUDg2GTlGBb28VbddDr6YACdHKnG w7QUAYwse28DYF2grgiz8Og= =yKl3 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Wed Apr 30 10:57:00 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Apr 30 10:57:10 2008 Subject: ****SPAM**** Re: ****SPAM**** Re: ****SPAM**** Re: releasing mail from quarantine doesn't work with postfix ? In-Reply-To: <200804282019.09010.mrebsamen@unimatrix0.ch> References: <200804252108.53288.mrebsamen@unimatrix0.ch> <200804280025.50756.mrebsamen@unimatrix0.ch> <223f97700804280155q41dd52d9hcfee92bbf9717548@mail.gmail.com> <200804282019.09010.mrebsamen@unimatrix0.ch> Message-ID: <4818426C.1040102@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marco Rebsamen wrote: | Ok... Did I got that right... The Nameing of the file is made by MailScanner | and is the result of..... a difficult postfix behavior ? | And my method of releasing the file is correct and the only one that works for | my settings ? It seems you have a bit of a duplication problem. While you work on that could exclude the mailinglist from getting the subject lines changed? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIGEJqBvzDRVjxmYERArrrAJ4p7AiZJZrS5z1SXsjVjbHWYfteEQCfbK9+ 94vyR28RVN8hO9k74GV2ANk= =PN9b -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Wed Apr 30 11:59:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 30 12:00:23 2008 Subject: MailScanner -debug --lint... solved In-Reply-To: <48183BD0.9070000@ecs.soton.ac.uk> References: <20080430085944.GA16252@ubuntu> <48183BD0.9070000@ecs.soton.ac.uk> Message-ID: <48185107.1060502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have found and fixed the problem. The fix will be in the next release. Julian Field wrote: > * PGP Signed: 04/30/08 at 10:28:56 > > > > Alessandro Dentella wrote: >> Hi, >> >> While writing this message I found the misconfiguration that caused >> it. I >> post the message anyhow since there is another message written 1 >> month ago >> with the same problem that was left unanswered. >> >> ---- >> >> I'm trying to debug a problem so I used --debug --lint discovering a >> different behaviour according to the dir I run it from. I already >> saw a >> message noticing the same thing: >> >> >> http://lists.mailscanner.info/pipermail/mailscanner/2008-March/083395.html >> >> >> If I run if from /root (PATH is correct, no ".") I get: >> >> Cannot create temporary Work Dir /10768. Are the permissions and >> ownership >> of correct? at /usr/share/MailScanner//MailScanner/WorkArea.pm line 152 >> >> runnning it from /etc/MailScanner met another problem in a different >> position. >> I found out I had wront permissios on /tmp!!! (chmod 1777 /tmp...) >> > What permissions and ownership did it have before? (when it was broken) > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIGFENEfZZRxQVtlQRApL6AJ4/slbcTytW1+LZxjHJ32+hnmIzjACcDF9c Et19TJsbZzYxowPt6SwR5Xo= =Urrq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandro at e-den.it Wed Apr 30 12:09:08 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Wed Apr 30 12:09:51 2008 Subject: MailScanner -debug --lint... solved In-Reply-To: <48183BD0.9070000@ecs.soton.ac.uk> References: <20080430085944.GA16252@ubuntu> <48183BD0.9070000@ecs.soton.ac.uk> Message-ID: <20080430110908.GB16833@ubuntu> > What permissions and ownership did it have before? (when it was broken) 1700... I guess it was a mistake done when installing something else. I really have to investigate with the guy that did the installation, surely nothing related to MailScanner nor legitimate.. but I still see a mistake. Before correcting /tmp permissions I got the mistake also in /tmp (and another mistake on operation not allowed on symbols if I started from /etc/MailScanner.) Now I still have mistakes if I start from /root (I didn't realize that when I wrote the 1st mail): setup ===== fw-omma:/etc/MailScanner# ll -d /root /tmp drwx------ 8 root root 4096 2008-04-30 10:16 /root drwxrwxrwt 5 root root 4096 2008-04-30 10:53 /tmp from /root ========== fw-omma:~# MailScanner --lint --debug Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. Cannot create temporary Work Dir /15915. Are the permissions and ownership of correct? at /usr/share/MailScanner//MailScanner/WorkArea.pm line 152 from /tmp ========= fw-omma:~# cd /tmp fw-omma:/tmp# MailScanner --lint --debug Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. commit ineffective with AutoCommit enabled at /etc/MailScanner/CustomFunctions/MailWatch.pm line 100, line 1. Commmit ineffective while AutoCommit is on at /etc/MailScanner/CustomFunctions/MailWatch.pm line 100, line 1. (on my side I still have to investigate the last 2 lines... but I guess is just a waring, is it? last line has 3 m... typo?) sandro *:-) From J.Ede at birchenallhowden.co.uk Wed Apr 30 13:06:44 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Apr 30 13:11:21 2008 Subject: MailScanner -debug --lint... solved In-Reply-To: <20080430110908.GB16833@ubuntu> References: <20080430085944.GA16252@ubuntu> <48183BD0.9070000@ecs.soton.ac.uk>,<20080430110908.GB16833@ubuntu> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4078325B70@server02.bhl.local> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alessandro Dentella [sandro@e-den.it] Sent: 30 April 2008 12:09 To: MailScanner discussion Subject: Re: MailScanner -debug --lint... solved > What permissions and ownership did it have before? (when it was broken) 1700... I guess it was a mistake done when installing something else. I really have to investigate with the guy that did the installation, surely nothing related to MailScanner nor legitimate.. but I still see a mistake. Before correcting /tmp permissions I got the mistake also in /tmp (and another mistake on operation not allowed on symbols if I started from /etc/MailScanner.) Now I still have mistakes if I start from /root (I didn't realize that when I wrote the 1st mail): setup ===== fw-omma:/etc/MailScanner# ll -d /root /tmp drwx------ 8 root root 4096 2008-04-30 10:16 /root drwxrwxrwt 5 root root 4096 2008-04-30 10:53 /tmp from /root ========== fw-omma:~# MailScanner --lint --debug Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. Cannot create temporary Work Dir /15915. Are the permissions and ownership of correct? at /usr/share/MailScanner//MailScanner/WorkArea.pm line 152 from /tmp ========= fw-omma:~# cd /tmp fw-omma:/tmp# MailScanner --lint --debug Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. commit ineffective with AutoCommit enabled at /etc/MailScanner/CustomFunctions/MailWatch.pm line 100, line 1. Commmit ineffective while AutoCommit is on at /etc/MailScanner/CustomFunctions/MailWatch.pm line 100, line 1. (on my side I still have to investigate the last 2 lines... but I guess is just a waring, is it? last line has 3 m... typo?) sandro *:-) I still have the same problem if I run MailScanner --lint from root's home (/root). Its on both CentOS 5.1 and FC7 machines. Will see if what Jules has changed has any impact on it. Jason From steve.freegard at fsl.com Wed Apr 30 13:46:05 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Apr 30 13:46:49 2008 Subject: ClamAV 0.93 released In-Reply-To: <022e01c8aa60$4c862060$0301a8c0@SAHOMELT> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> <481711C3.5020204@USherbrooke.ca> <481736B3.7030705@fsl.com> <022e01c8aa60$4c862060$0301a8c0@SAHOMELT> Message-ID: <48186A0D.4020303@fsl.com> Hi Rick, Rick Cooper wrote: > If you really want to see mailscanner lose weight without losing speed you > should see it when it's using spamd instead of the perl mod.IIRC it drops to > 15mg or so per child, make that 21mg (just checked ) and is just as fast, > and spamd shares the sigs with it's children, again IIRC. Yes - I've done this using GenericSpamScanner.pm package MailScanner::CustomConfig; use Mail::SpamAssassin::Client; sub GenericSpamScanner { my($ip, $from, $to, $message) = @_; # Create spamd connection my $spamd = new Mail::SpamAssassin::Client({port => 783, host => '127.0.0.1', user => 'mailscanner'}); if(!$spamd) { MailScanner::Log::WarnLog("Unable to connect to spamd!"); return(0,"Unable to connect to spamd"); } my($mess) = join('',@$message); # Process message MailScanner::Log::InfoLog("Calling spamd...."); my($result) = $spamd->process($mess); MailScanner::Log::InfoLog("Got score %s from spamd",$result->{score}); return($result->{score}, $result->{score}); } 1; I couldn't find any difference in speed to using the native Perl calls, however this way allows you to be creative with what user is sent to spamd to allow per-user/per-domain rules scores and bayes databases. The only thing I haven't been able to do is to actually return a decent Spam Report back to MailScanner. Cheers, Steve. From gugafer51 at gmail.com Wed Apr 30 14:05:29 2008 From: gugafer51 at gmail.com (Gustavo FC) Date: Wed Apr 30 14:06:02 2008 Subject: Notifications. In-Reply-To: <48183F6F.1070209@vanderkooij.org> References: <73e0f9580804280739k1b33ad52x5a7c9ffd99254836@mail.gmail.com> <48183F6F.1070209@vanderkooij.org> Message-ID: <73e0f9580804300605h5adf2f65hb28d57f470c01d0e@mail.gmail.com> Sorry. In MailScanner, when a message is blocked by filename or filetype, the recipients receive a notification informing that the content is blocked and, if they wish to receive a copy of that message, they have to send a email to help desk. What I realized is that the content of the notification is the same in store.filename.message.txt. In my MailScanner.conf: - The Spam Actions is set only "store", as well as High Scoring Spam Actions; - All Notify Senders is set to NO - The Silent Viruses parameter is set like "Silent Viruses = HTML-IFrame HTML-Codebase HTML-Script HTML-Form All-Viruses" and the Still Deliver Silent Viruses is NO - I already tried to comment all Stored Reports and it didn`t work. I don`t want the recipients receive any messages! Sorry about my bad english. 2008/4/30 Hugo van der Kooij : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gustavo FC wrote: > | How can I stop user from receiving any kind of notification? > > What sort of notification? > > You included no information at all. So it stands to reason this might > not even be MailScanner releated. Please read a bit about the > mailinglist and post a question with relevant details included. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIGD9uBvzDRVjxmYERAu34AKCch//gx/QXlT+8SJDL4vuBrh6fOACdE6cY > 4XRvXBmiUmBPGtCajD+uwJQ= > =ng+Q > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080430/c6d27213/attachment.html From telecaadmin at gmail.com Wed Apr 30 14:10:03 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Wed Apr 30 14:11:03 2008 Subject: mail passes through spamassassin and clamd but sticks in hold queue, never delivered to local mailbox In-Reply-To: <011401c8a94f$94a08f00$020aa8c0@desktop> References: <011401c8a94f$94a08f00$020aa8c0@desktop> Message-ID: <48186FAB.6010907@gmail.com> > I removed the header_check and reconfigured postfix to deliver to the > incoming queue temporarily to make sure the core > postfix/dovecot/squirrelmail config is working, which it is in (Maildir > config). I changed the config back to answer your question. Good. So that proves that your postfix setup is working. > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temporary working directory is > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > Using SpamAssassin results cache > Connected to SpamAssassin cache database > pyzor: check failed: internal error Here's an error, please fix it and disable pyzor. Also try do disable all checks except clam and spamassassin. > SpamAssassin reported no errors. > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamd > =========================================================================== > Virus and Content Scanning: Starting > ProcessClamAVModOutput Clamd > ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com > ProcessClamAVModOutput Clamd > ClamAVModule::INFECTED:: Eicar-Test-Signature FOUND :: ./1/ > Virus Scanning: Clamd found 2 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses > Filename Checks: (1 eicar.com) > Other Checks: Found 1 problems > =========================================================================== > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature" I'm not entire sure why your installation is reporting *2* infections for the *1* testing signature. > If any of your virus scanners (clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > Config: calling custom end function SQLBlacklist > Closing down by-domain spam blacklist > Config: calling custom end function MailWatchLogging > Config: calling custom end function SQLWhitelist > Closing down by-domain spam whitelist > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 1. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 1. This is OK from the posting I've read here IIRC. > Apr 28 12:09:48 the MailScanner[31848]: New Batch: Scanning 1 messages, 1356 > bytes > Apr 28 12:09:48 the MailScanner[31848]: Spam Checks: Starting > Apr 28 12:09:48 the MailScanner[31848]: Message 87F07B807F.1D84D from > 127.0.0.1 (from@server.com) is whitelisted What happens after that point? You _should_ see something like Apr 30 15:03:39 server MailScanner[20204]: Requeue: CA65D39F.BF332 to DA8BF3A8 which is the point when MailScanner is done with the message and is re-injecting it into the postfix outgoing queue to deliver to the final mailserver. Cheers, Ronny From MailScanner at ecs.soton.ac.uk Wed Apr 30 14:21:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 30 14:23:06 2008 Subject: Notifications. In-Reply-To: <73e0f9580804300605h5adf2f65hb28d57f470c01d0e@mail.gmail.com> References: <73e0f9580804280739k1b33ad52x5a7c9ffd99254836@mail.gmail.com> <48183F6F.1070209@vanderkooij.org> <73e0f9580804300605h5adf2f65hb28d57f470c01d0e@mail.gmail.com> Message-ID: <48187275.3040505@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Don't comment out the settings, set them to blank. If you comment them out, it uses the hard-wired defaults, which isn't what you want here. Gustavo FC wrote: > Sorry. > > In MailScanner, when a message is blocked by filename or filetype, the > recipients receive a notification informing that the content is > blocked and, if they wish to receive a copy of that message, they have > to send a email to help desk. What I realized is that the content of > the notification is the same in store.filename.message.txt. > > In my MailScanner.conf: > > * The Spam Actions is set only "store", as well as High Scoring > Spam Actions; > * All Notify Senders is set to NO > * The Silent Viruses parameter is set like "Silent Viruses = > HTML-IFrame HTML-Codebase HTML-Script HTML-Form All-Viruses" and > the Still Deliver Silent Viruses is NO > * I already tried to comment all Stored Reports and it didn`t work. > > I don`t want the recipients receive any messages! > > Sorry about my bad english. > > 2008/4/30 Hugo van der Kooij >: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Gustavo FC wrote: > | How can I stop user from receiving any kind of notification? > > What sort of notification? > > You included no information at all. So it stands to reason this might > not even be MailScanner releated. Please read a bit about the > mailinglist and post a question with relevant details included. > > Hugo. > > - -- > hvdkooij@vanderkooij.org > http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFIGD9uBvzDRVjxmYERAu34AKCch//gx/QXlT+8SJDL4vuBrh6fOACdE6cY > 4XRvXBmiUmBPGtCajD+uwJQ= > =ng+Q > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIGHKBEfZZRxQVtlQRAqcvAKC2n7aHyRDseySXbebgOO6uNON+DACdEURV ATIuRfb3wVTXf/CpmKpw7tE= =gZ15 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gugafer51 at gmail.com Wed Apr 30 15:00:27 2008 From: gugafer51 at gmail.com (Gustavo FC) Date: Wed Apr 30 15:01:01 2008 Subject: Notifications. In-Reply-To: <48187275.3040505@ecs.soton.ac.uk> References: <73e0f9580804280739k1b33ad52x5a7c9ffd99254836@mail.gmail.com> <48183F6F.1070209@vanderkooij.org> <73e0f9580804300605h5adf2f65hb28d57f470c01d0e@mail.gmail.com> <48187275.3040505@ecs.soton.ac.uk> Message-ID: <73e0f9580804300700q2ae3ade3l1dc5f4e989a095@mail.gmail.com> Hi Julian, I made a test putted all Stored Reports parameter blank but it didn`t work. I think the MailScanner uses the defaults anyway because my reports language is pt_br and after I putted them blank the email came in english, what I supposed to be the default. 2008/4/30 Julian Field : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Don't comment out the settings, set them to blank. If you comment them > out, it uses the hard-wired defaults, which isn't what you want here. > > Gustavo FC wrote: > > Sorry. > > > > In MailScanner, when a message is blocked by filename or filetype, the > > recipients receive a notification informing that the content is > > blocked and, if they wish to receive a copy of that message, they have > > to send a email to help desk. What I realized is that the content of > > the notification is the same in store.filename.message.txt. > > > > In my MailScanner.conf: > > > > * The Spam Actions is set only "store", as well as High Scoring > > Spam Actions; > > * All Notify Senders is set to NO > > * The Silent Viruses parameter is set like "Silent Viruses = > > HTML-IFrame HTML-Codebase HTML-Script HTML-Form All-Viruses" and > > the Still Deliver Silent Viruses is NO > > * I already tried to comment all Stored Reports and it didn`t work. > > > > I don`t want the recipients receive any messages! > > > > Sorry about my bad english. > > > > 2008/4/30 Hugo van der Kooij > >: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > Gustavo FC wrote: > > | How can I stop user from receiving any kind of notification? > > > > What sort of notification? > > > > You included no information at all. So it stands to reason this > might > > not even be MailScanner releated. Please read a bit about the > > mailinglist and post a question with relevant details included. > > > > Hugo. > > > > - -- > > hvdkooij@vanderkooij.org > > http://hugo.vanderkooij.org/ > > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > > > A: Yes. > > >Q: Are you sure? > > >>A: Because it reverses the logical flow of conversation. > > >>>Q: Why is top posting frowned upon? > > > > Bored? Click on http://spamornot.org/ and rate those images. > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.7 (GNU/Linux) > > > > iD8DBQFIGD9uBvzDRVjxmYERAu34AKCch//gx/QXlT+8SJDL4vuBrh6fOACdE6cY > > 4XRvXBmiUmBPGtCajD+uwJQ= > > =ng+Q > > -----END PGP SIGNATURE----- > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: Use Enigmail to decrypt or check this message is legitimate > Charset: ISO-8859-1 > > wj8DBQFIGHKBEfZZRxQVtlQRAqcvAKC2n7aHyRDseySXbebgOO6uNON+DACdEURV > ATIuRfb3wVTXf/CpmKpw7tE= > =gZ15 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080430/bfab6efc/attachment.html From mark at msapiro.net Wed Apr 30 15:22:20 2008 From: mark at msapiro.net (Mark Sapiro) Date: Wed Apr 30 15:22:52 2008 Subject: MailScanner -debug --lint... solved In-Reply-To: <48183BD0.9070000@ecs.soton.ac.uk> References: <20080430085944.GA16252@ubuntu> <48183BD0.9070000@ecs.soton.ac.uk> Message-ID: <20080430142220.GA1316@msapiro> On Wed, Apr 30, 2008 at 10:28:48AM +0100, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Alessandro Dentella wrote: > > Hi, > > > > While writing this message I found the misconfiguration that caused it. I > > post the message anyhow since there is another message written 1 month ago > > with the same problem that was left unanswered. > > > > ---- > > > > I'm trying to debug a problem so I used --debug --lint discovering a > > different behaviour according to the dir I run it from. I already saw a > > message noticing the same thing: > > > > http://lists.mailscanner.info/pipermail/mailscanner/2008-March/083395.html > > > > If I run if from /root (PATH is correct, no ".") I get: > > > > Cannot create temporary Work Dir /10768. Are the permissions and ownership > > of correct? at /usr/share/MailScanner//MailScanner/WorkArea.pm line 152 > > > > runnning it from /etc/MailScanner met another problem in a different > > position. > > > > I found out I had wront permissios on /tmp!!! (chmod 1777 /tmp...) > > > What permissions and ownership did it have before? (when it was broken) > Note that the permissions on /tmp are not the issue in my case. Mine are and always have been 1777. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From adc at dc-uoit.net Wed Apr 30 15:34:34 2008 From: adc at dc-uoit.net (Andrei Caraman) Date: Wed Apr 30 15:35:18 2008 Subject: Ubuntu - sendmail problem In-Reply-To: <48178E3F.9040401@ecs.soton.ac.uk> References: <1209400280.7233.20.camel@isis> <481606CB.3050907@ecs.soton.ac.uk> <20080429203410.GA3355@logger.dc-uoit.net> <48178E3F.9040401@ecs.soton.ac.uk> Message-ID: <20080430143434.GA22917@logger.dc-uoit.net> On Tue, Apr 29, 2008 at 10:08:15PM +0100, Julian Field wrote: > If the Ubuntu mor^H^H^Hguys hadn't shipped an ancient version of > MailScanner in a setup that doesn't even work at all, this wouldn't be a > problem. > :-( > And they appear to be completely unwilling to fix it, either. > > I'm certainly *never* going to use Ubuntu for a server, that's for certain. i agree. all linux severs should actually run debian :)))))) but maybe in this case it was a workstation, doing a bit of mailscanning. From rcooper at dwford.com Wed Apr 30 16:15:33 2008 From: rcooper at dwford.com (Rick Cooper) Date: Wed Apr 30 16:16:14 2008 Subject: ClamAV 0.93 released In-Reply-To: <48186A0D.4020303@fsl.com> References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> <481711C3.5020204@USherbrooke.ca> <481736B3.7030705@fsl.com><022e01c8aa60$4c862060$0301a8c0@SAHOMELT> <48186A0D.4020303@fsl.com> Message-ID: <03b401c8aad5$093b0d00$0301a8c0@SAHOMELT> My generic spam scanner outputs the same as mailscanner does, but I don't use Mail::SpamAssassin::Client . I can send you my generic spam scanner .pm off list if you would like to look at it, it still has a lot of debugging stuff in it as the last 5-6 weeks I really have a hard time typing with the surgery on my left shoulder and then having broken both bones I my right arm just above the wrist (full arm cast) 2 weeks ago. It will be some weeks before I get back to this project. Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Steve Freegard > Sent: Wednesday, April 30, 2008 8:46 AM > To: MailScanner discussion > Subject: Re: ClamAV 0.93 released > > Hi Rick, > > Rick Cooper wrote: > > If you really want to see mailscanner lose weight without > losing speed you > > should see it when it's using spamd instead of the perl > mod.IIRC it drops to > > 15mg or so per child, make that 21mg (just checked ) and > is just as fast, > > and spamd shares the sigs with it's children, again IIRC. > > Yes - I've done this using GenericSpamScanner.pm > > package MailScanner::CustomConfig; > use Mail::SpamAssassin::Client; > > sub GenericSpamScanner { > my($ip, $from, $to, $message) = @_; > > # Create spamd connection > my $spamd = new Mail::SpamAssassin::Client({port => 783, host => > '127.0.0.1', user => 'mailscanner'}); > if(!$spamd) { > MailScanner::Log::WarnLog("Unable to connect to spamd!"); > return(0,"Unable to connect to spamd"); > } > > my($mess) = join('',@$message); > > # Process message > MailScanner::Log::InfoLog("Calling spamd...."); > my($result) = $spamd->process($mess); > MailScanner::Log::InfoLog("Got score %s from > spamd",$result->{score}); > return($result->{score}, $result->{score}); > } > > 1; > > > I couldn't find any difference in speed to using the native > Perl calls, > however this way allows you to be creative with what user is sent to > spamd to allow per-user/per-domain rules scores and bayes databases. > > The only thing I haven't been able to do is to actually > return a decent > Spam Report back to MailScanner. > > Cheers, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Wed Apr 30 16:21:33 2008 From: rcooper at dwford.com (Rick Cooper) Date: Wed Apr 30 16:21:45 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> <481711C3.5020204@USherbrooke.ca><481736B3.7030705@fsl.com> Message-ID: <03c001c8aad5$e0118660$0301a8c0@SAHOMELT> You have to write your own processing via the genericspamscanner.pm module. It's not inherent within mailscanner. Since I already use spamd with exim to elimentate very high (18+) scoring spam at smtp time it makes sense not to use mailscanner's spamassassin processing because it's a pretty huge chunk of memory per child, much faster loading and no loss of speed. Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Koopmann, Jan-Peter > Sent: Wednesday, April 30, 2008 2:54 AM > To: MailScanner discussion > Subject: RE: ClamAV 0.93 released > > Hi Rick, > > how do you make MailScanner use spamd? This is either not > possible or I > sadly missed this opportunity. > > > Kind regards, > JP > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick > Cooper > Sent: Wednesday, April 30, 2008 3:20 AM > To: 'MailScanner discussion' > Subject: RE: ClamAV 0.93 released > > If you really want to see mailscanner lose weight without > losing speed > you > should see it when it's using spamd instead of the perl mod.IIRC it > drops to > 15mg or so per child, make that 21mg (just checked ) and is just as > fast, > and spamd shares the sigs with it's children, again IIRC. > > Rick > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Apr 30 16:54:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Apr 30 16:55:23 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> <481711C3.5020204@USherbrooke.ca><481736B3.7030705@fsl.com> Message-ID: <48189621.7060207@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Koopmann, Jan-Peter wrote: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rick > Cooper > Sent: Wednesday, April 30, 2008 3:20 AM > To: 'MailScanner discussion' > Subject: RE: ClamAV 0.93 released > > If you really want to see mailscanner lose weight without losing speed > you > should see it when it's using spamd instead of the perl mod. If you really want to see it fly, put BarricadeMX in front of it! I have an ancient server (about 4 years old) processing 200,000 messages per day with a load average of 0.2. It's much better at catching spam too. Cool :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Enigmail to decrypt or check this message is legitimate Charset: ISO-8859-1 wj8DBQFIGJY1EfZZRxQVtlQRAuR8AKCMoE9qb+2WsxRUBoi9h1doG4LLwQCdGN9X EmYMuWprdWt/InTltRLVrgI= =e1lZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Wed Apr 30 17:22:18 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Apr 30 17:23:08 2008 Subject: Fixing small Mail::ClamAV issue Message-ID: <200804301222.19530.dyioulos@firstbhph.com> Hello, all. Since upgrading clamav to version 0.93 (from source), I'm seeing the following when I lint MailScanner: /usr/local/bin/clamscan: unrecognized option `--max-ratio=500' ERROR: Unknown option passed. ERROR: Can't parse the command line I realize that clamav no longer supports max-ratio. I also think that the above error isn't killer, either (and "think" is the operative word). But, I'd like to be rid of the error. I did find a post here: article.gmane.org/gmane.mail.virus.mailscanner/63112 that provides a patch to the perl Mail::ClamAV module, apparently clearing up the max-ratio issue. Has anyone used this patch (and if so [asked sheepishly] would you tell me how to apply it?)? Is there another way to deal with this error? As always, many thanks. Dimitri PS - BTW, I still get this error when linting MailScanner: Use of uninitialized value in addition (+) at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 371. plugin: eval failed: Can't locate object method "log_lookups_timing" via package "Mail::SpamAssassin::AsyncLoop" at /usr/lib/perl5/vendor_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 381. I asked about it on the SA list, as suggested on the MS list, but never got a response. Oh, well. But, if I can get max-ratio fixed, I'll be batting .500, and I'll take that. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Apr 30 17:39:55 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Apr 30 17:40:30 2008 Subject: Fixing small Mail::ClamAV issue In-Reply-To: <200804301222.19530.dyioulos@firstbhph.com> References: <200804301222.19530.dyioulos@firstbhph.com> Message-ID: <625385e30804300939h32598857nb68d8fb73bca0ce0@mail.gmail.com> On Wed, Apr 30, 2008 at 6:22 PM, Dimitri Yioulos wrote: > Hello, all. > > Since upgrading clamav to version 0.93 (from source), I'm seeing the following > when I lint MailScanner: > > /usr/local/bin/clamscan: unrecognized option `--max-ratio=500' > ERROR: Unknown option passed. > ERROR: Can't parse the command line Edit the clamav-wrapper. -- /peter From jan-peter at koopmann.eu Wed Apr 30 17:50:27 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Wed Apr 30 17:51:32 2008 Subject: ClamAV 0.93 released In-Reply-To: References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk> <48039AA2.9050905@ecs.soton.ac.uk> <5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com> <48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar> <481711C3.5020204@USherbrooke.ca><481736B3.7030705@fsl.com> Message-ID: > If you really want to see it fly, put BarricadeMX in front of it! :-) Whom do you tell. I fully agree. However: If you want/need a quarantine it still makes sense to use SpamAssassin with MailScanner behind BarricadeMX. And if you do using sounds like a great idea as well. Regards, JP From dyioulos at firstbhph.com Wed Apr 30 17:58:57 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Apr 30 17:59:44 2008 Subject: Fixing small Mail::ClamAV issue In-Reply-To: <625385e30804300939h32598857nb68d8fb73bca0ce0@mail.gmail.com> References: <200804301222.19530.dyioulos@firstbhph.com> <625385e30804300939h32598857nb68d8fb73bca0ce0@mail.gmail.com> Message-ID: <200804301258.57998.dyioulos@firstbhph.com> On Wednesday 30 April 2008 12:39 pm, shuttlebox wrote: > On Wed, Apr 30, 2008 at 6:22 PM, Dimitri Yioulos wrote: > > Hello, all. > > > > Since upgrading clamav to version 0.93 (from source), I'm seeing the > > following when I lint MailScanner: > > > > /usr/local/bin/clamscan: unrecognized option `--max-ratio=500' > > ERROR: Unknown option passed. > > ERROR: Can't parse the command line > > Edit the clamav-wrapper. > > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Thanks, Worked a treat! And, if I missed this in a previous post, apologies for my poor searching. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.