watermark error?

BlaaT 0001 blaat0001 at gmail.com
Mon Apr 28 11:23:35 IST 2008 

Hello all,

I'm running MailScanner op OpenBSD 4.2 and are also experiencing
problems with watermarking. If watermarking is enabled all NDR's are
marked by MailScanner. This is what the logfile tells me:

Apr 25 16:58:06 mailscanner MailScanner[12527]: Message
7732B11D828.0BC1B had bad watermark, added 10 to spam score

The message:
---------------------------------------------------------------------------------
Hi. This is the qmail-send program at XXXXXXXXXXXXX.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<XXXXXXXX at gmail.com>:
72.14.221.114 does not like recipient.
Remote host said: 550-5.1.1 This Gmail user does not exist. Please try
double-checking
550-5.1.1 the recipient's email address for typos or unnecessary spaces.
550-5.1.1 Learn more at
550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596
e11si1731358fga.5
Giving up on 72.14.221.114.

--- Below this line is a copy of the message.

Return-Path: <XXXXXXXXXXXXXXX>
Received: (qmail 5217 invoked by uid 1008); 25 Apr 2008 14:57:58 -0000
Received: from unknown (HELO mailscanner.XXXXXXXXXXX) (10.2.10.186)
  by mailfilter.XXXXXXXXXXXXx with SMTP; 25 Apr 2008 14:57:58 -0000
Received: from exchange4.XXXXXXXXX (EXCHANGE4.XXXXXXXXX[10.2.10.115])
	by mailscanner.XXXXXXXXXXX (Postfix) with ESMTP id 85BDA11D828
	for <XXXXXXXXXXXX>; Fri, 25 Apr 2008 16:57:56 +0200 (CEST)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C8A6E4.BF2C43B0"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: test watermarking zoveel 1657
Date: Fri, 25 Apr 2008 16:57:57 +0200
Message-ID: <9CF49383AB307A4C93AFD38E11EA9C7C013E85EA at EXCHANGE4.XXXXXXX>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test watermarking zoveel 1657
Thread-Index: Acim5L3tRZgxC6guT7SkxjzYng0sSw==
From: "xxxxxxx>
To: <xxxxxx at gmail.com>
X-XXF-WM: 1209740278.46334 at 2hvxVrBBccvMTvOqDPApVw
X-MailScanner-ID: 85BDA11D828.E7A79
X-XXF: Clean
----------------------------------------------------
The watermark is added properly: X-XXF-WM:
1209740278.46334 at 2hvxVrBBccvMTvOqDPApVw

The message does in fact have a valid watermark. If I send an email
using telnet to an outside mailserver with my email address as the
"MAIL FROM" address to receive a NDR without a valid watermark
(without any watermark, the outgoing message has not been processed by
MailScanner) the NDR is tagged in the same way and the same logfile
entry appears.
So MailScanner seems to be unable to detect a watermark at all.
Whether or not a watermark is present in the NDR, the NDR is always
dealt with as configured with the "Treat Invalid Watermarks With No
Sender as Spam" action.

These watermarking related settings are in my MailScanner.conf:
Use Watermarking = no
Add Watermark = %rules-dir%/add.watermark.rules
Check Watermarks With No Sender =
%rules-dir%/check.watermarks.with.no.sender.rules
Treat Invalid Watermarks With No Sender as Spam = 10
Check Watermarks To Skip Spam Checks = no
Watermark Secret = %org-name%-XXXXXX
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-WM:

The rulesets make sure only outgoing emails are watermarked and only
incoming emails are checked for watermarks.  If I simply set these
options to "yes" it makes no difference, the rulesets are not the
problem. (Any email for a non-existent recipient in our organisation
is bounced by Postfix, recipient verification. Hence MS does not
process outgoing NDRs.)

-bash-3.2# /opt/MailScanner/bin/MailScanner -v
Running on
OpenBSD mailscanner.XXXXXXX.XX 4.2 GENERIC#375 i386
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.67.6
Module versions are:
1.00    AnyDBM_File
1.18    Archive::Zip
1.04    Carp
2.004   Compress::Zlib
1.119   Convert::BinHex
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
1.08    File::Path
0.19    File::Temp
0.90    Filesys::Df
1.35    HTML::Entities
3.56    HTML::Parser
2.37    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.02    Mail::Header
1.86    Math::BigInt
3.07    MIME::Base64
5.425   MIME::Decoder
5.425   MIME::Decoder::UU
5.425   MIME::Head
5.425   MIME::Parser
3.07    MIME::QuotedPrint
5.425   MIME::Tools
0.11    Net::CIDR
1.09    POSIX
1.19    Scalar::Util
1.78    Socket
1.4     Sys::Hostname::Long
0.18    Sys::Syslog
1.9707  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.30    Archive::Tar
0.21    bignum
missing Business::ISBN
missing Business::ISBN::Data
missing Data::Dump
1.814   DB_File
1.12    DBD::SQLite
1.56    DBI
1.14    Digest
1.01    Digest::HMAC
2.36    Digest::MD5 <<-- Needed for Watermarking
2.11    Digest::SHA1
missing Encode::Detect
missing Error
missing ExtUtils::CBuilder
missing ExtUtils::ParseXS
2.36    Getopt::Long
missing Inline
1.08    IO::String
1.04    IO::Zlib
missing IP::Country
missing Mail::ClamAV
3.002002        Mail::SpamAssassin
missing Mail::SPF
1.999001        Mail::SPF::Query
missing Module::Build
0.18    Net::CIDR::Lite
0.60    Net::DNS
missing Net::DNS::Resolver::Programmable
missing Net::LDAP
missing NetAddr::IP
missing Parse::RecDescent
missing SAVI
2.64    Test::Harness
missing Test::Manifest
1.95    Text::Balanced
1.35    URI
missing version
missing YAML


>Mikael Syska wrote:
>
>I'm also lost here ... and want to be sure its not BSD related, but
>could be. Running FreeBSD 7.0 btw if there are other bsd users out
>there with the same problem ...

http://thread.gmane.org/gmane.mail.virus.mailscanner/63214/focus=63315

It seems to be a BSD issue. I can't test on a Linux machine though.

Cheers.

More information about the MailScanner mailing list