From MailScanner at ecs.soton.ac.uk Wed Jan 2 09:56:01 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 2 09:56:20 2008 Subject: MailScanner ANNOUNCE: New 4.66.5 released Message-ID: <477B5FB1.40004@ecs.soton.ac.uk> Happy New Year to you all! I have just released a new stable version 4.66.5, which includes the following additions and changes: - Updated "Sophos.install" to handle Sophos version 6. - Updated to handle new MailTools 2.02 and MIME-tools 5.425. - Updated eTrust support to handle eTrust version 8.1. - New configuration setting "Syslog Socket Type" for the Solaris users out there. Download as usual from www.mailscanner.info. The full Change Log is here: 1 New optional configuration setting "Syslog Socket Type". By default this is left blank, as it will work it out according to the operating system you are using. Some Solaris users may want to set this to "native". 1 Addition of new message property for use by MailWatch 2. 1 Update of Sophos.install for Sophos version 6. 2 Updated to handle new MailTools 2.02. This includes the use of several new Perl modules, so you'll have to use the install.sh to install all the requirements of the new MailTools code (unless you are doing clever things with yum repositories). 3 Improvement to the phishing net for multiple "blocked::" prefixes on links. 3 Improvements to speed up StartTiming() and StopTiming() greatly. 3 Updated to MIME-tools 5.425. This should solve lots of problems people are having with using yum repositories. 4 Added startup code to check for consistent version numbers with MIME-tools. 4-2 Better install.sh for RHEL and CentOS 5. 4-3 Added some more modules to the compulsory list for RHEL and CentOS 5. These are all labelled "yes" in the right-most column of the module list near the bottom of install.sh. 5 Improved eTrust-wrapper and -autoupdate to handle latest version 8.1 of eTrust, and allow more flexibility in setting of eTrust location in virus.scanners.conf. Can now just put /opt/CA if you are running 8.1 or later. 5 Improved easy-to-install ClamAV & SpamAssassin package so that it will always install my patched Mail::ClamAV and Mail::SpamAssassin modules even if un- patched versions are already installed. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From joost at waversveld.nl Wed Jan 2 10:22:35 2008 From: joost at waversveld.nl (Joost Waversveld) Date: Wed Jan 2 10:22:45 2008 Subject: MailScanner ANNOUNCE: New 4.66.5 released In-Reply-To: <477B5FB1.40004@ecs.soton.ac.uk> References: <477B5FB1.40004@ecs.soton.ac.uk> Message-ID: <477B65EB.2070401@waversveld.nl> Julian Field wrote: > Happy New Year to you all! > > I have just released a new stable version 4.66.5, which includes the > following additions and changes: > - Updated "Sophos.install" to handle Sophos version 6. > - Updated to handle new MailTools 2.02 and MIME-tools 5.425. > - Updated eTrust support to handle eTrust version 8.1. > - New configuration setting "Syslog Socket Type" for the Solaris users > out there. > > Download as usual from www.mailscanner.info. > > The full Change Log is here: > 1 New optional configuration setting "Syslog Socket Type". By default > this is > left blank, as it will work it out according to the operating system you > are using. Some Solaris users may want to set this to "native". > 1 Addition of new message property for use by MailWatch 2. > 1 Update of Sophos.install for Sophos version 6. > 2 Updated to handle new MailTools 2.02. This includes the use of > several new > Perl modules, so you'll have to use the install.sh to install all the > requirements of the new MailTools code (unless you are doing clever > things > with yum repositories). > 3 Improvement to the phishing net for multiple "blocked::" prefixes on > links. > 3 Improvements to speed up StartTiming() and StopTiming() greatly. > 3 Updated to MIME-tools 5.425. This should solve lots of problems > people are > having with using yum repositories. > 4 Added startup code to check for consistent version numbers with > MIME-tools. > 4-2 Better install.sh for RHEL and CentOS 5. > 4-3 Added some more modules to the compulsory list for RHEL and CentOS 5. > These are all labelled "yes" in the right-most column of the module > list > near the bottom of install.sh. > 5 Improved eTrust-wrapper and -autoupdate to handle latest version 8.1 of > eTrust, and allow more flexibility in setting of eTrust location in > virus.scanners.conf. Can now just put /opt/CA if you are running 8.1 > or later. > 5 Improved easy-to-install ClamAV & SpamAssassin package so that it > will always > install my patched Mail::ClamAV and Mail::SpamAssassin modules even > if un- > patched versions are already installed. > > Jules > Julian, I receive an 404 error when I try to download the new version. Are you still uploading the new version?? Joost Waversveld From MailScanner at ecs.soton.ac.uk Wed Jan 2 10:37:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 2 10:38:10 2008 Subject: MailScanner ANNOUNCE: New 4.66.5 released In-Reply-To: <477B65EB.2070401@waversveld.nl> References: <477B5FB1.40004@ecs.soton.ac.uk> <477B65EB.2070401@waversveld.nl> Message-ID: <477B697F.6010407@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joost Waversveld wrote: > Julian Field wrote: >> Happy New Year to you all! >> >> I have just released a new stable version 4.66.5, which includes the >> following additions and changes: >> - Updated "Sophos.install" to handle Sophos version 6. >> - Updated to handle new MailTools 2.02 and MIME-tools 5.425. >> - Updated eTrust support to handle eTrust version 8.1. >> - New configuration setting "Syslog Socket Type" for the Solaris >> users out there. >> >> Download as usual from www.mailscanner.info. >> >> The full Change Log is here: >> 1 New optional configuration setting "Syslog Socket Type". By default >> this is >> left blank, as it will work it out according to the operating system >> you >> are using. Some Solaris users may want to set this to "native". >> 1 Addition of new message property for use by MailWatch 2. >> 1 Update of Sophos.install for Sophos version 6. >> 2 Updated to handle new MailTools 2.02. This includes the use of >> several new >> Perl modules, so you'll have to use the install.sh to install all the >> requirements of the new MailTools code (unless you are doing clever >> things >> with yum repositories). >> 3 Improvement to the phishing net for multiple "blocked::" prefixes >> on links. >> 3 Improvements to speed up StartTiming() and StopTiming() greatly. >> 3 Updated to MIME-tools 5.425. This should solve lots of problems >> people are >> having with using yum repositories. >> 4 Added startup code to check for consistent version numbers with >> MIME-tools. >> 4-2 Better install.sh for RHEL and CentOS 5. >> 4-3 Added some more modules to the compulsory list for RHEL and >> CentOS 5. >> These are all labelled "yes" in the right-most column of the >> module list >> near the bottom of install.sh. >> 5 Improved eTrust-wrapper and -autoupdate to handle latest version >> 8.1 of >> eTrust, and allow more flexibility in setting of eTrust location in >> virus.scanners.conf. Can now just put /opt/CA if you are running 8.1 >> or later. >> 5 Improved easy-to-install ClamAV & SpamAssassin package so that it >> will always >> install my patched Mail::ClamAV and Mail::SpamAssassin modules even >> if un- >> patched versions are already installed. >> >> Jules >> > Julian, > > I receive an 404 error when I try to download the new version. Are you > still uploading the new version?? Reload the downloads.html file and it should be okay. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHe2l/EfZZRxQVtlQRArB1AJ9s5H6kSRyhde4o/ctw9LMxJegH4wCg5Lvt uMItIsXX9IVAoDZhL6E2RTQ= =pgzh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Wed Jan 2 12:20:52 2008 From: uxbod at splatnix.net (UxBoD) Date: Wed Jan 2 12:21:19 2008 Subject: AW: Clamd and updates In-Reply-To: <477932E3.6000507@ecs.soton.ac.uk> Message-ID: <18297919.1551199276452122.JavaMail.root@office.splatnix.net> Hi Jules, Happy New Year! I am using source and have set the path to /usr/local in virus.scanners.conf hence it actually working when running in daemon mode, but the lint doesn't actually pick it up. If I remove esets and run a lint it works fine, so only if you have a combination it fails. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Julian Field" To: "MailScanner discussion" Sent: 31 December 2007 18:20:19 o'clock (GMT) Europe/London Subject: Re: AW: Clamd and updates -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ehle, Roland wrote: >> Just noticed in my logfile :- >> >> Dec 30 12:30:02 mailhub update.virus.scanners: Found generic installed >> Dec 30 12:30:02 mailhub update.virus.scanners: Running autoupdate for >> generic >> Dec 30 12:30:02 mailhub update.virus.scanners: Found esets installed >> Dec 30 12:30:02 mailhub update.virus.scanners: Running autoupdate for >> esets >> Dec 30 12:30:02 mailhub esets-autoupdate[11205]: esets updated >> >> which shows that Clam is not being updated. Now I guess that is >> because no wrapper exists for ClamD. I appreciate I can run freshclam >> but how is this controlled through MS ? >> >> Also, when I run a lint against my MS installation I get the following >> :- >> >> [root@mailhub bin]# ./MailScanner --lint >> Trying to setlogsock(unix) >> Checking version numbers... >> Version number in MailScanner.conf (4.66.2) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = /var/spool/MailScanner/spamassassin >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = esets clamd" >> Found these virus scanners installed: esets, clamd >> ======================================================================= >> ==== >> ======================================================================= >> ==== >> Virus Scanner test reports: >> esets said "Found virus Eicar test file in eicar.com" >> >> If any of your virus scanners (esets,clamd) >> are not listed there, you should check that they are installed >> correctly >> and that MailScanner is finding them correctly via its >> virus.scanners.conf. >> >> >> so eicar is being picked up via esets but not by clamd ???? >> >> Any thoughts or ideas ? TIA >> > > Could you please check your /etc/MailScanner/virus.scanners.conf. All clam* entries there should have /usr/lib/MailScanner/clamav-wrapper /usr. > Unless you have installed it using my easy-to-install package rather than RPMs. If you have installed it from source or using my easy-to-install package of ClamAV+SpamAssassin, then you will need /usr/local and not /usr. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHeTLlEfZZRxQVtlQRAlf0AKCSFpgc7yk9JqxdsXQx/uscPqJrawCfR06U 2NwhgeTXFcoMmXhZkQfmjpc= =x+Qx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Wed Jan 2 12:28:51 2008 From: uxbod at splatnix.net (UxBoD) Date: Wed Jan 2 12:29:40 2008 Subject: MailScanner ANNOUNCE: New 4.66.5 released In-Reply-To: <31648592.1581199276918704.JavaMail.root@office.splatnix.net> Message-ID: <22565116.1601199276931428.JavaMail.root@office.splatnix.net> Jules, Here are my files for ESET integration. They appear to work okay. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Julian Field" To: "MailScanner discussion" , "MailScanner-Announce mailing list list" Sent: 02 January 2008 09:56:01 o'clock (GMT) Europe/London Subject: MailScanner ANNOUNCE: New 4.66.5 released Happy New Year to you all! I have just released a new stable version 4.66.5, which includes the following additions and changes: - Updated "Sophos.install" to handle Sophos version 6. - Updated to handle new MailTools 2.02 and MIME-tools 5.425. - Updated eTrust support to handle eTrust version 8.1. - New configuration setting "Syslog Socket Type" for the Solaris users out there. Download as usual from www.mailscanner.info. The full Change Log is here: 1 New optional configuration setting "Syslog Socket Type". By default this is left blank, as it will work it out according to the operating system you are using. Some Solaris users may want to set this to "native". 1 Addition of new message property for use by MailWatch 2. 1 Update of Sophos.install for Sophos version 6. 2 Updated to handle new MailTools 2.02. This includes the use of several new Perl modules, so you'll have to use the install.sh to install all the requirements of the new MailTools code (unless you are doing clever things with yum repositories). 3 Improvement to the phishing net for multiple "blocked::" prefixes on links. 3 Improvements to speed up StartTiming() and StopTiming() greatly. 3 Updated to MIME-tools 5.425. This should solve lots of problems people are having with using yum repositories. 4 Added startup code to check for consistent version numbers with MIME-tools. 4-2 Better install.sh for RHEL and CentOS 5. 4-3 Added some more modules to the compulsory list for RHEL and CentOS 5. These are all labelled "yes" in the right-most column of the module list near the bottom of install.sh. 5 Improved eTrust-wrapper and -autoupdate to handle latest version 8.1 of eTrust, and allow more flexibility in setting of eTrust location in virus.scanners.conf. Can now just put /opt/CA if you are running 8.1 or later. 5 Improved easy-to-install ClamAV & SpamAssassin package so that it will always install my patched Mail::ClamAV and Mail::SpamAssassin modules even if un- patched versions are already installed. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: ms_esets.tar.gz Type: application/x-gzip Size: 32073 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080102/5cdb64e4/ms_esets.tar.gz From shuttlebox at gmail.com Wed Jan 2 12:40:23 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jan 2 12:40:33 2008 Subject: AW: Clamd and updates In-Reply-To: <18297919.1551199276452122.JavaMail.root@office.splatnix.net> References: <477932E3.6000507@ecs.soton.ac.uk> <18297919.1551199276452122.JavaMail.root@office.splatnix.net> Message-ID: <625385e30801020440taa096fbp36e162c2d96c44f7@mail.gmail.com> On Jan 2, 2008 1:20 PM, UxBoD wrote: > I am using source and have set the path to /usr/local in virus.scanners.conf hence it actually working when running in daemon mode, but the lint doesn't actually pick it up. If I remove esets and run a lint it works fine, so only if you have a combination it fails. First, the updates are totally separate from the scanning and linting which is controlled by the setting in MailScanner.conf (have you tried auto?). The updates are always run if the appropriate binaries can be found according to virus.scanners.conf. Have you checked if Clam is up to date with freshclam -V? If so, it might be a problem with your logging, not the updates themselves. Have you tried running the update scripts manually to see if they complain? File permissions? I also use Clam in daemon mode and get logs like these if it's any help: Syslog ====== Jan 2 03:20:49 x.y.se update.virus.scanners: [ID 702911 mail.info] Found clamav installed Jan 2 03:20:49 x.y.se update.virus.scanners: [ID 702911 mail.info] Running autoupdate for clamav Jan 2 03:20:49 x.y.se ClamAV-autoupdate[28431]: ClamAV updated Jan 2 03:50:51 x.y.se update.virus.scanners: [ID 702911 mail.info] Found clamav installed Jan 2 03:50:51 x.y.se update.virus.scanners: [ID 702911 mail.info] Running autoupdate for clamav Jan 2 03:50:51 x.y.se ClamAV-autoupdate[29111]: ClamAV did not need updating Lint ==== MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" -- /peter From uxbod at splatnix.net Wed Jan 2 12:54:28 2008 From: uxbod at splatnix.net (UxBoD) Date: Wed Jan 2 12:55:18 2008 Subject: AW: Clamd and updates In-Reply-To: <625385e30801020440taa096fbp36e162c2d96c44f7@mail.gmail.com> Message-ID: <11915420.1661199278468004.JavaMail.root@office.splatnix.net> Hi Peter, Setting to auto has used both scanners :) hmmm, wonder why it would not work when set to esets, clamd. Will do some more investigation now home. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "shuttlebox" To: "MailScanner discussion" Sent: 02 January 2008 12:40:23 o'clock (GMT) Europe/London Subject: Re: AW: Clamd and updates On Jan 2, 2008 1:20 PM, UxBoD wrote: > I am using source and have set the path to /usr/local in virus.scanners.conf hence it actually working when running in daemon mode, but the lint doesn't actually pick it up. If I remove esets and run a lint it works fine, so only if you have a combination it fails. First, the updates are totally separate from the scanning and linting which is controlled by the setting in MailScanner.conf (have you tried auto?). The updates are always run if the appropriate binaries can be found according to virus.scanners.conf. Have you checked if Clam is up to date with freshclam -V? If so, it might be a problem with your logging, not the updates themselves. Have you tried running the update scripts manually to see if they complain? File permissions? I also use Clam in daemon mode and get logs like these if it's any help: Syslog ====== Jan 2 03:20:49 x.y.se update.virus.scanners: [ID 702911 mail.info] Found clamav installed Jan 2 03:20:49 x.y.se update.virus.scanners: [ID 702911 mail.info] Running autoupdate for clamav Jan 2 03:20:49 x.y.se ClamAV-autoupdate[28431]: ClamAV updated Jan 2 03:50:51 x.y.se update.virus.scanners: [ID 702911 mail.info] Found clamav installed Jan 2 03:50:51 x.y.se update.virus.scanners: [ID 702911 mail.info] Running autoupdate for clamav Jan 2 03:50:51 x.y.se ClamAV-autoupdate[29111]: ClamAV did not need updating Lint ==== MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Wed Jan 2 15:36:26 2008 From: uxbod at splatnix.net (UxBoD) Date: Wed Jan 2 15:37:07 2008 Subject: AW: Clamd and updates In-Reply-To: <31264162.1751199288046978.JavaMail.root@office.splatnix.net> Message-ID: <11459483.1771199288186668.JavaMail.root@office.splatnix.net> All fixed! Thanks ;) Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "shuttlebox" To: "MailScanner discussion" Sent: 02 January 2008 12:40:23 o'clock (GMT) Europe/London Subject: Re: AW: Clamd and updates On Jan 2, 2008 1:20 PM, UxBoD wrote: > I am using source and have set the path to /usr/local in virus.scanners.conf hence it actually working when running in daemon mode, but the lint doesn't actually pick it up. If I remove esets and run a lint it works fine, so only if you have a combination it fails. First, the updates are totally separate from the scanning and linting which is controlled by the setting in MailScanner.conf (have you tried auto?). The updates are always run if the appropriate binaries can be found according to virus.scanners.conf. Have you checked if Clam is up to date with freshclam -V? If so, it might be a problem with your logging, not the updates themselves. Have you tried running the update scripts manually to see if they complain? File permissions? I also use Clam in daemon mode and get logs like these if it's any help: Syslog ====== Jan 2 03:20:49 x.y.se update.virus.scanners: [ID 702911 mail.info] Found clamav installed Jan 2 03:20:49 x.y.se update.virus.scanners: [ID 702911 mail.info] Running autoupdate for clamav Jan 2 03:20:49 x.y.se ClamAV-autoupdate[28431]: ClamAV updated Jan 2 03:50:51 x.y.se update.virus.scanners: [ID 702911 mail.info] Found clamav installed Jan 2 03:50:51 x.y.se update.virus.scanners: [ID 702911 mail.info] Running autoupdate for clamav Jan 2 03:50:51 x.y.se ClamAV-autoupdate[29111]: ClamAV did not need updating Lint ==== MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jan 2 18:48:59 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 2 18:47:13 2008 Subject: MailScanner ANNOUNCE: New 4.66.5 released In-Reply-To: <477B5FB1.40004@ecs.soton.ac.uk> References: <477B5FB1.40004@ecs.soton.ac.uk> Message-ID: on 1/2/2008 1:56 AM Julian Field spake the following: > Happy New Year to you all! > > I have just released a new stable version 4.66.5, which includes the > following additions and changes: > - Updated "Sophos.install" to handle Sophos version 6. > - Updated to handle new MailTools 2.02 and MIME-tools 5.425. > - Updated eTrust support to handle eTrust version 8.1. > - New configuration setting "Syslog Socket Type" for the Solaris users > out there. > > Download as usual from www.mailscanner.info. > > The full Change Log is here: > 1 New optional configuration setting "Syslog Socket Type". By default > this is > left blank, as it will work it out according to the operating system you > are using. Some Solaris users may want to set this to "native". > 1 Addition of new message property for use by MailWatch 2. > 1 Update of Sophos.install for Sophos version 6. > 2 Updated to handle new MailTools 2.02. This includes the use of several > new > Perl modules, so you'll have to use the install.sh to install all the > requirements of the new MailTools code (unless you are doing clever things > with yum repositories). > 3 Improvement to the phishing net for multiple "blocked::" prefixes on > links. > 3 Improvements to speed up StartTiming() and StopTiming() greatly. > 3 Updated to MIME-tools 5.425. This should solve lots of problems people > are > having with using yum repositories. > 4 Added startup code to check for consistent version numbers with > MIME-tools. > 4-2 Better install.sh for RHEL and CentOS 5. > 4-3 Added some more modules to the compulsory list for RHEL and CentOS 5. > These are all labelled "yes" in the right-most column of the module list > near the bottom of install.sh. > 5 Improved eTrust-wrapper and -autoupdate to handle latest version 8.1 of > eTrust, and allow more flexibility in setting of eTrust location in > virus.scanners.conf. Can now just put /opt/CA if you are running 8.1 or > later. > 5 Improved easy-to-install ClamAV & SpamAssassin package so that it will > always > install my patched Mail::ClamAV and Mail::SpamAssassin modules even if un- > patched versions are already installed. > > Jules > Now when Hugo updates his repo, we can see if some of the problems have gone away. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From root at doctor.nl2k.ab.ca Wed Jan 2 21:14:41 2008 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Jan 2 21:21:47 2008 Subject: Powerpoint SNP files Message-ID: <20080102211441.GA5697@doctor.nl2k.ab.ca> Hello again. I just had a customer point out to me that there are certain .TXT.snp that are sent by Microsoft Powerpoint snapping a file by Excel. How can .TXT.snp be excluded from a test list? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 2 21:59:34 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 2 22:00:11 2008 Subject: Powerpoint SNP files In-Reply-To: <20080102211441.GA5697@doctor.nl2k.ab.ca> References: <20080102211441.GA5697@doctor.nl2k.ab.ca> Message-ID: <477C0946.1070902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Add it into the filename.rules.conf file. Add an "allow" line for it allow \.txt\.snp$ - - separated by tab characters Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Hello again. > > I just had a customer point out to me that there are certain .TXT.snp > that are sent by Microsoft Powerpoint snapping a file by Excel. > > How can .TXT.snp be excluded from a test list? > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHfAlXEfZZRxQVtlQRAte+AKChkgv8OMctWUAUiMglBllnsVpgxwCaAzZy Gc6ezIbmPRuQXXHEDKxyK1s= =H42Q -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From roland at inbox4u.de Wed Jan 2 21:45:01 2008 From: roland at inbox4u.de (Ehle, Roland) Date: Wed Jan 2 22:04:01 2008 Subject: AW: MailScanner ANNOUNCE: New 4.66.5 released In-Reply-To: <477B5FB1.40004@ecs.soton.ac.uk> References: <477B5FB1.40004@ecs.soton.ac.uk> Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F923591D41F4@ts-dc2.TS-Webarts.local> Happy New Year to you Jules! Just read your announcement and realized that you have made changes for use by MailWatch 2. As MailWatch 2 is far away from being published (will it be published for general use?) I am wondering, if these changes you made, do make problems, if one uses MailWatch Version 1.4? Thanks. Kind regards, Roland > -----Urspr?ngliche Nachricht----- > Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] Im Auftrag von Julian Field > Gesendet: Mittwoch, 2. Januar 2008 10:56 > An: MailScanner discussion; MailScanner-Announce mailing list list > Betreff: MailScanner ANNOUNCE: New 4.66.5 released > > Happy New Year to you all! > > I have just released a new stable version 4.66.5, which includes the > following additions and changes: > - Updated "Sophos.install" to handle Sophos version 6. > - Updated to handle new MailTools 2.02 and MIME-tools 5.425. > - Updated eTrust support to handle eTrust version 8.1. > - New configuration setting "Syslog Socket Type" for the Solaris users > out there. > > Download as usual from www.mailscanner.info. > > The full Change Log is here: > 1 New optional configuration setting "Syslog Socket Type". By default > this is > left blank, as it will work it out according to the operating system > you > are using. Some Solaris users may want to set this to "native". > 1 Addition of new message property for use by MailWatch 2. > 1 Update of Sophos.install for Sophos version 6. > 2 Updated to handle new MailTools 2.02. This includes the use of > several new > Perl modules, so you'll have to use the install.sh to install all the > requirements of the new MailTools code (unless you are doing clever > things > with yum repositories). > 3 Improvement to the phishing net for multiple "blocked::" prefixes on > links. > 3 Improvements to speed up StartTiming() and StopTiming() greatly. > 3 Updated to MIME-tools 5.425. This should solve lots of problems > people are > having with using yum repositories. > 4 Added startup code to check for consistent version numbers with > MIME-tools. > 4-2 Better install.sh for RHEL and CentOS 5. > 4-3 Added some more modules to the compulsory list for RHEL and CentOS > 5. > These are all labelled "yes" in the right-most column of the module > list > near the bottom of install.sh. > 5 Improved eTrust-wrapper and -autoupdate to handle latest version 8.1 > of > eTrust, and allow more flexibility in setting of eTrust location in > virus.scanners.conf. Can now just put /opt/CA if you are running 8.1 > or later. > 5 Improved easy-to-install ClamAV & SpamAssassin package so that it > will > always > install my patched Mail::ClamAV and Mail::SpamAssassin modules even > if un- > patched versions are already installed. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Thu Jan 3 04:22:52 2008 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Jan 3 04:23:04 2008 Subject: Off Topic - Can someone help? Message-ID: - Off Topic - Can someone help? I am sending this for 2 reasons: (1) To let people know there might be something that they need to look out for... (2) I am hoping someone might tell me what I have got wrong with my system. I think I have a safe-ish system... (ie) not an open relay and so on... but TONIGHT all of a sudden something/someone is "suposably" able to relay. Hack example one is: Sending from: dwkscy@yahoo.com to a2234455@tomail.com.tw Hack example two is: Sending from: okorfhzoaiadke@yahoo.com to zillions of people !! I tried telneting from a remote IP... and doing: mail from: and rcpt to: . And my system says that Relaying is denied... As a temporary stop... I have had to put this in my /etc/mail/access file /etc/mail/access ================ To:tomail.com.tw REJECT ########### #### Does anyone have a clue how I might be getting hacked??? ########### [root@www log]# host -t mx tomail.com.tw ======================================== tomail.com.tw mail is handled by 10 localhost. [root@www log]# grep -i 005955 maillog ====================================== Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: from=, size=1658, class=0, nrcpts=1, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: to=, delay=00:00:02, mailer=esmtp, pri=31658, stat=queued Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: SYSERR(root): MX list for tomail.com.tw. points back to www.tbshs.herts.sch.uk Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: to=, delay=00:00:05, xdelay=00:00:00, mailer=esmtp, pri=121658, relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: m031SrMj005963: DSN: Local configuration error Jan 3 01:29:03 www MailScanner[26370]: Logging message m031SgPv005955 to SQL Jan 3 01:29:03 www MailScanner[5971]: m031SgPv005955: Logged to MailWatch SQL [root@www log]# grep -i 008581 maillog ====================================== Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: from=, size=6253, class=0, nrcpts=51, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued == ===================================================================== = = "I should have listened to myself earlier..." = ===================================================================== = Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid??? = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From email at ace.net.au Thu Jan 3 04:46:42 2008 From: email at ace.net.au (Peter Nitschke) Date: Thu Jan 3 04:51:08 2008 Subject: Off Topic - Can someone help? In-Reply-To: References: Message-ID: <200801031516420671.1BEC0CB2@dns3.ace.net.au> Very wild guess, but they may be exploiting a web server on that PC. relay=localhost.localdomain [127.0.0.1] *********** REPLY SEPARATOR *********** On 3/01/2008 at 4:22 AM ajos1@onion.demon.co.uk wrote: >- > >Off Topic - Can someone help? > >I am sending this for 2 reasons: > >(1) To let people know there might be something that they need to look out >for... > >(2) I am hoping someone might tell me what I have got wrong with my system. > > >I think I have a safe-ish system... (ie) not an open relay and so on... >but TONIGHT all of a sudden something/someone is "suposably" able to relay. > > >Hack example one is: Sending from: dwkscy@yahoo.com to >a2234455@tomail.com.tw > >Hack example two is: Sending from: okorfhzoaiadke@yahoo.com to zillions >of people !! > >I tried telneting from a remote IP... and doing: mail from: > and rcpt to: . And my system says that Relaying is >denied... > >As a temporary stop... I have had to put this in my /etc/mail/access file > >/etc/mail/access >================ >To:tomail.com.tw REJECT > > >########### >#### Does anyone have a clue how I might be getting hacked??? >########### > > > >[root@www log]# host -t mx tomail.com.tw >======================================== >tomail.com.tw mail is handled by 10 localhost. > > > >[root@www log]# grep -i 005955 maillog >====================================== >Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: >from=, size=1658, class=0, nrcpts=1, >msgid=, bodytype=8BITMIME, proto=SMTP, >daemon=MTA, relay=localhost.localdomain [127.0.0.1] >Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: >to=, delay=00:00:02, mailer=esmtp, pri=31658, >stat=queued >Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: SYSERR(root): MX list >for tomail.com.tw. points back to www.tbshs.herts.sch.uk >Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: >to=, delay=00:00:05, xdelay=00:00:00, >mailer=esmtp, pri=121658, relay=tomail.com.tw., dsn=5.3.5, stat=Local >configuration error >Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: m031SrMj005963: DSN: >Local configuration error >Jan 3 01:29:03 www MailScanner[26370]: Logging message m031SgPv005955 to >SQL >Jan 3 01:29:03 www MailScanner[5971]: m031SgPv005955: Logged to MailWatch >SQL > > > >[root@www log]# grep -i 008581 maillog >====================================== >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: >from=, size=6253, class=0, nrcpts=51, >msgid=, bodytype=8BITMIME, proto=SMTP, >daemon=MTA, relay=localhost.localdomain [127.0.0.1] >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: >to=, delay=00:01:16, mailer=esmtp, pri=1536253, >stat=queued >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: >to=, delay=00:01:16, mailer=esmtp, pri=1536253, >stat=queued >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: >to=, delay=00:01:16, mailer=esmtp, pri=1536253, >stat=queued >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, >delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, >delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: >to=, delay=00:01:16, mailer=esmtp, pri=1536253, >stat=queued >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, >delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, >delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued >Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, >delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > >== >===================================================================== >= >= "I should have listened to myself earlier..." >= >===================================================================== >= Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid??? >= Call... +44 8457 90 90 90 http://www.samaritans.org/ >===================================================================== >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Thu Jan 3 05:04:58 2008 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Jan 3 05:05:09 2008 Subject: Off Topic - Can someone help? Message-ID: - Further update... I have had to close down the SMTP Port 25 for a few hours to hope these people go away! I forgot to add these details: I am: = Sendmail 8.14.1/8.14.1 = MailScanner 4.66.5 Also... my Snort system has registered... over 7000 "(portscan) Open Port: 25" entries in the last 2 hours! From these IPs. 210.59.228.42 210.59.228.65 210.59.228.93 210.59.228.113 139.175.54.239 From ajos1 at onion.demon.co.uk Thu Jan 3 05:16:36 2008 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Jan 3 05:16:48 2008 Subject: Off Topic - Can someone help? Message-ID: >> >> Peter Nitschke wrote: >> >> Very wild guess, but they may be exploiting a web server on that PC. >> >> relay=localhost.localdomain [127.0.0.1] >> I thought that might be the case... and I have had a look at all of the httpd logs... and there is nothing there to suggest a web-hack. In fact website usage is very minimal and from UK sources. From hvdkooij at vanderkooij.org Thu Jan 3 06:29:25 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jan 3 06:30:10 2008 Subject: Off Topic - Can someone help? In-Reply-To: References: Message-ID: <477C80C5.7090503@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ajos1@onion.demon.co.uk wrote: > I think I have a safe-ish system... (ie) not an open relay and so on... but TONIGHT all of a sudden something/someone is "suposably" able to relay. You are broken in to in some manner. Unless you take the system offline you will be sending spam and are to be held accountable. > Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: from=, size=1658, class=0, nrcpts=1, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Your SMTP client lives localy. > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: from=, size=6253, class=0, nrcpts=51, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] And agaim. So you need to take the system offline and start forensics on the unit. As it is you should not trust ANYTHING on that machine. So anything you use to investigate needs to be started from a ReadOnly medium and not the system itself. I would start with the usual suspects like an SSH break in, .... Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHfIDCBvzDRVjxmYERAt5+AJ4o3lMKzJvK9NiklyXEQuGDmE7pxwCgiAAo zu88W1I9IC4qsfICJENFR6Q= =JPNK -----END PGP SIGNATURE----- From prandal at herefordshire.gov.uk Thu Jan 3 07:07:59 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jan 3 07:08:13 2008 Subject: MailScanner ANNOUNCE: New 4.66.5 released In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F923591D41F4@ts-dc2.TS-Webarts.local> References: <477B5FB1.40004@ecs.soton.ac.uk> <9A519AA4E4FCED4582DCCAEFE0E0C6F923591D41F4@ts-dc2.TS-Webarts.local> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02819093@HC-MBX02.herefordshire.gov.uk> mailscanner-bounces@lists.mailscanner.info wrote: > Happy New Year to you Jules! > > Just read your announcement and realized that you have made > changes for use by MailWatch 2. As MailWatch 2 is far away > from being published (will it be published for general use?) > I am wondering, if these changes you made, do make problems, > if one uses MailWatch Version 1.4? > > Thanks. > > Kind regards, > Roland It works fine with MailWatch 1.04. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK From mgarcia at nettix.com.pe Thu Jan 3 08:06:41 2008 From: mgarcia at nettix.com.pe (Martin Garcia) Date: Thu Jan 3 08:06:03 2008 Subject: ERROR: You must upgrade your perl IO module to at least Message-ID: <20080103030641.3766gepvswcckgck@gateway.nettix.com.pe> Guys, According to the late problems with perl-Mail-tools and perl-MIME-tools I upgraded my server to 4.66 but im finding the below. Could you give me some lights on it? what should be the minimum version? where I can find an apropiate rpm? I use the latest rpmforge and centos repos. Im using CentOS 4.6 x386 Thanks in advance Cualquier duda o consulta estoy a su disposicion. Atentamente / Sincerely MARTIN GARCIA Consultor Linux y redes Nettix Peru telf: +(511)9735-4848 mailto:mgarcia@nettix.com.pe [root@gateway es]# service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming postfix: [ OK ] outgoing postfix: [ OK ] Waiting for MailScanner to die gracefully dead. Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: **** ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! [ OK ] ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From mcwh65 at gmail.com Thu Jan 3 08:12:52 2008 From: mcwh65 at gmail.com (Michael Choo) Date: Thu Jan 3 08:13:11 2008 Subject: Off Topic - Can someone help? In-Reply-To: References: Message-ID: <94CEC66B-87F1-4DD9-A624-DFE5985C02C5@gmail.com> On 3 Jan 2008, at 12:22 PM, ajos1@onion.demon.co.uk wrote: > ########### > #### Does anyone have a clue how I might be getting hacked??? > ########### I've seen this on a customer's server before. did snort report any outgoing irc traffic? Close down Sendmail and kill all existing sendmail sessions. do a "netstat -an" and see what ports and sessions are currently active. chances are, port 6667 (Irc) is running, and probably got in via an insecure user password. chees -Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080103/7c2ce816/attachment.html From martinh at solidstatelogic.com Thu Jan 3 08:43:34 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jan 3 08:43:54 2008 Subject: Off Topic - Can someone help? In-Reply-To: <477C80C5.7090503@vanderkooij.org> Message-ID: <808501172b91e04e8a3132924197e54b@solidstatelogic.com> Yeah, could be compromised php script that installed a root kit. Could be lots of things... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij > Sent: 03 January 2008 06:29 > To: MailScanner discussion > Subject: Re: Off Topic - Can someone help? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ajos1@onion.demon.co.uk wrote: > > > I think I have a safe-ish system... (ie) not an open relay and so on... > but TONIGHT all of a sudden something/someone is "suposably" able to > relay. > > You are broken in to in some manner. Unless you take the system offline > you will be sending spam and are to be held accountable. > > > Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: > from=, size=1658, class=0, nrcpts=1, > msgid=, bodytype=8BITMIME, proto=SMTP, > daemon=MTA, relay=localhost.localdomain [127.0.0.1] > > Your SMTP client lives localy. > > > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: > from=, size=6253, class=0, nrcpts=51, > msgid=, bodytype=8BITMIME, proto=SMTP, > daemon=MTA, relay=localhost.localdomain [127.0.0.1] > > And agaim. > > So you need to take the system offline and start forensics on the unit. > As it is you should not trust ANYTHING on that machine. So anything you > use to investigate needs to be started from a ReadOnly medium and not > the system itself. > > I would start with the usual suspects like an SSH break in, .... > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHfIDCBvzDRVjxmYERAt5+AJ4o3lMKzJvK9NiklyXEQuGDmE7pxwCgiAAo > zu88W1I9IC4qsfICJENFR6Q= > =JPNK > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From miguelk at konsultex.com.br Thu Jan 3 10:53:12 2008 From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy) Date: Thu Jan 3 10:53:54 2008 Subject: Off Topic - Can someone help? In-Reply-To: References: Message-ID: <477CBE98.8000201@konsultex.com.br> I had a similar, mysterious problem like this a few years ago. What happened is that the same server was running Apache and it was configured improprely as a proxy by letting anyone use it as a proxy, so some spam systems were detecting that and using Apache to send those emails. I reconfigured Apache, following some guidelines from the Apache web site and the problem went away. There are some emails from me about this possibly in 2004 on this mailing list. I had the "ProxyPass" directive on and this let the spammers use apache as a route to sendmail. Check for something like this in your apache log: access_log:168.61.4.12 - - [08/Aug/2004:16:54:45 -0300] "POST http://168.61.5.196:25/ HTTP/1.0" 200 2027 Maybe this can help you before you reinstall the OS. Miguel ajos1@onion.demon.co.uk escreveu: > - > > Off Topic - Can someone help? > > I am sending this for 2 reasons: > > (1) To let people know there might be something that they need to look out for... > > (2) I am hoping someone might tell me what I have got wrong with my system. > > > I think I have a safe-ish system... (ie) not an open relay and so on... but TONIGHT all of a sudden something/someone is "suposably" able to relay. > > > Hack example one is: Sending from: dwkscy@yahoo.com to a2234455@tomail.com.tw > > Hack example two is: Sending from: okorfhzoaiadke@yahoo.com to zillions of people !! > > I tried telneting from a remote IP... and doing: mail from: and rcpt to: . And my system says that Relaying is denied... > > As a temporary stop... I have had to put this in my /etc/mail/access file > > /etc/mail/access > ================ > To:tomail.com.tw REJECT > > > ########### > #### Does anyone have a clue how I might be getting hacked??? > ########### > > > > [root@www log]# host -t mx tomail.com.tw > ======================================== > tomail.com.tw mail is handled by 10 localhost. > > > > [root@www log]# grep -i 005955 maillog > ====================================== > Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: from=, size=1658, class=0, nrcpts=1, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] > Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: to=, delay=00:00:02, mailer=esmtp, pri=31658, stat=queued > Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: SYSERR(root): MX list for tomail.com.tw. points back to www.tbshs.herts.sch.uk > Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: to=, delay=00:00:05, xdelay=00:00:00, mailer=esmtp, pri=121658, relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error > Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: m031SrMj005963: DSN: Local configuration error > Jan 3 01:29:03 www MailScanner[26370]: Logging message m031SgPv005955 to SQL > Jan 3 01:29:03 www MailScanner[5971]: m031SgPv005955: Logged to MailWatch SQL > > > > [root@www log]# grep -i 008581 maillog > ====================================== > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: from=, size=6253, class=0, nrcpts=51, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > > == > ===================================================================== > = > = "I should have listened to myself earlier..." > = > ===================================================================== > = Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid??? > = Call... +44 8457 90 90 90 http://www.samaritans.org/ > ===================================================================== > -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. From miguelk at konsultex.com.br Thu Jan 3 11:13:38 2008 From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy) Date: Thu Jan 3 11:14:17 2008 Subject: [off topic] - usernames with special chracters Message-ID: <477CC362.7010706@konsultex.com.br> Today I also have an off topic question and I'm sure someone on this list knows about this. On Fedora Core 7 I now have several domains and I need to have users with user names like "name@domain.com". I found that this does not work without some tweaking because when the /var/spool/mail mailbox is created, Fedora leaves out the "@domain.com" and so there is a conflict when 2 users like "name@domain1.com" and "name@domain2.com" are created. In other words, the mailbox file is just "name" and not "name@domain1.com". Since I could not create the users I was not able to test but I assume that the virtusertable will let me map "name@domain.com" to something like "name@domain.com@localhost". I'm sure that there are other ways to set up a system for accepcting usernames like this but for several reasons on this server it would be the easiest solution for me. Does anyone know if it is in fact possible to have Fedora use usernames in this format and if so what needs to be configured? Thanks. -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. From ajcartmell at fonant.com Thu Jan 3 11:56:15 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Thu Jan 3 11:56:20 2008 Subject: [off topic] - usernames with special chracters In-Reply-To: <477CC362.7010706@konsultex.com.br> References: <477CC362.7010706@konsultex.com.br> Message-ID: > Today I also have an off topic question and I'm sure someone on this > list knows about this. On Fedora Core 7 I now have several domains and I > need to have users with user names like "name@domain.com". Hmmmm... sounds like sendmail? > Since I could not create the users I > was not able to test but I assume that the virtusertable will let me map > "name@domain.com" to something like "name@domain.com@localhost". If you're using standard sendmail, then no, it won't. Any string containing an "@" on the RHS of virtusertable is deemed to be an e-mail address, not a username. > I'm sure that there are other ways to set up a system for accepcting > usernames like this but for several reasons on this server it would be > the easiest solution for me. Does anyone know if it is in fact possible > to have Fedora use usernames in this format and if so what needs to be > configured? What mailer are you using? If it's sendmail then you can't have "@" in the username, even though you can for the unix user. You'll need to substitute something like "_" for the "@" for your sendmail account names. You might need to investigate other mailers that handle virtual users differently, if you want to keep "@" as a valid mail account character. Hope this helps, Anthony -- www.fonant.com - Quality web sites From alex at skynet-srl.com Thu Jan 3 12:24:48 2008 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Thu Jan 3 12:25:05 2008 Subject: ERROR: You must upgrade your perl IO module to at least In-Reply-To: <200801031201.m03C1RPP009900@safir.blacknight.ie> References: <200801031201.m03C1RPP009900@safir.blacknight.ie> Message-ID: <477CD410.40204@skynet-srl.com> > Guys, > > According to the late problems with perl-Mail-tools and perl-MIME-tools > I upgraded my server to 4.66 but im finding the below. > > Could you give me some lights on it? what should be the minimum version? > where I can find an apropiate rpm? I use the latest rpmforge and > centos repos. > > Im using CentOS 4.6 x386 > > Thanks in advance > Same probem here on fedora 7 on two different servers. The installer was unable to install per IO 1.213 the MailScanner didn't even start up. The unstaller was complainig about perl file conflict So I grabbed the latest perl IO source from CPAN and compiled and installed it with no problem. Now it works good Hope it helps Alessandro Bianchi From miguelk at konsultex.com.br Thu Jan 3 13:19:54 2008 From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy) Date: Thu Jan 3 13:20:29 2008 Subject: [off topic] - usernames with special chracters In-Reply-To: References: <477CC362.7010706@konsultex.com.br> Message-ID: <477CE0FA.9030002@konsultex.com.br> Thanks. Yes, I am using sendmail (FC7 basic installation), so I ĺl substitute @ for another character. Miguel Anthony Cartmell escreveu: >> Today I also have an off topic question and I'm sure someone on this >> list knows about this. On Fedora Core 7 I now have several domains and I >> need to have users with user names like "name@domain.com". > > Hmmmm... sounds like sendmail? > >> Since I could not create the users I >> was not able to test but I assume that the virtusertable will let me map >> "name@domain.com" to something like "name@domain.com@localhost". > > If you're using standard sendmail, then no, it won't. Any string > containing an "@" on the RHS of virtusertable is deemed to be an > e-mail address, not a username. > >> I'm sure that there are other ways to set up a system for accepcting >> usernames like this but for several reasons on this server it would be >> the easiest solution for me. Does anyone know if it is in fact possible >> to have Fedora use usernames in this format and if so what needs to be >> configured? > > What mailer are you using? If it's sendmail then you can't have "@" in > the username, even though you can for the unix user. You'll need to > substitute something like "_" for the "@" for your sendmail account > names. > > You might need to investigate other mailers that handle virtual users > differently, if you want to keep "@" as a valid mail account character. > > Hope this helps, > > Anthony > --www.fonant.com - Quality web sites > --MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > --Esta mensagem foi verificada pelo sistema de antiv�rus e > acredita-se estar livre de perigo. > -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. From beatinger at edenhosting.net Thu Jan 3 14:12:28 2008 From: beatinger at edenhosting.net (Bjorgen T. Eatinger) Date: Thu Jan 3 14:14:38 2008 Subject: You must upgrade your perl IO module to at least...ERROR In-Reply-To: <200801031201.m03C1elQ009909@safir.blacknight.ie> References: <200801031201.m03C1elQ009909@safir.blacknight.ie> Message-ID: <1B74CA8F7AB18445B7355100411C4E192F5879E6D4@edenusa.ehads.edenhosting.net> Martin, I also received this error and used CPAN to upgrade the IO package using "install IO" This fixed the Perl IO package issue which prevented MailScanner from loading. Pretty scary for about 30-minutes...upgraded to latest version and killed our mail server! Jay Eatinger Eden USA, Inc. t. 866-501-3336 f. 866-502-3336 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of mailscanner-request@lists.mailscanner.info Sent: Thursday, January 03, 2008 4:02 AM To: mailscanner@lists.mailscanner.info Subject: MailScanner Digest, Vol 25, Issue 4 Send MailScanner mailing list submissions to mailscanner@lists.mailscanner.info To subscribe or unsubscribe via the World Wide Web, visit http://lists.mailscanner.info/mailman/listinfo/mailscanner or, via email, send a message with subject or body 'help' to mailscanner-request@lists.mailscanner.info You can reach the person managing the list at mailscanner-owner@lists.mailscanner.info When replying, please edit your Subject line so it is more specific than "Re: Contents of MailScanner digest..." Today's Topics: 1. Re: Off Topic - Can someone help? (ajos1@onion.demon.co.uk) 2. Re: Off Topic - Can someone help? (ajos1@onion.demon.co.uk) 3. Re: Off Topic - Can someone help? (Hugo van der Kooij) 4. RE: MailScanner ANNOUNCE: New 4.66.5 released (Randal, Phil) 5. ERROR: You must upgrade your perl IO module to at least (Martin Garcia) 6. Re: Off Topic - Can someone help? (Michael Choo) 7. RE: Off Topic - Can someone help? (Martin.Hepworth) 8. Re: Off Topic - Can someone help? (Miguel Koren O'Brien de Lacy) 9. [off topic] - usernames with special chracters (Miguel Koren O'Brien de Lacy) 10. Re: [off topic] - usernames with special chracters (Anthony Cartmell) ---------------------------------------------------------------------- Message: 1 Date: Thu, 03 Jan 2008 05:04:58 +0000 From: "ajos1@onion.demon.co.uk" Subject: Re: Off Topic - Can someone help? To: mailscanner@lists.mailscanner.info Cc: ajos1@onion.demon.co.uk Message-ID: Content-Type: text/plain - Further update... I have had to close down the SMTP Port 25 for a few hours to hope these people go away! I forgot to add these details: I am: = Sendmail 8.14.1/8.14.1 = MailScanner 4.66.5 Also... my Snort system has registered... over 7000 "(portscan) Open Port: 25" entries in the last 2 hours! From these IPs. 210.59.228.42 210.59.228.65 210.59.228.93 210.59.228.113 139.175.54.239 ------------------------------ Message: 2 Date: Thu, 03 Jan 2008 05:16:36 +0000 From: "ajos1@onion.demon.co.uk" Subject: Re: Off Topic - Can someone help? To: mailscanner@lists.mailscanner.info Cc: ajos1@onion.demon.co.uk Message-ID: Content-Type: text/plain >> >> Peter Nitschke wrote: >> >> Very wild guess, but they may be exploiting a web server on that PC. >> >> relay=localhost.localdomain [127.0.0.1] >> I thought that might be the case... and I have had a look at all of the httpd logs... and there is nothing there to suggest a web-hack. In fact website usage is very minimal and from UK sources. ------------------------------ Message: 3 Date: Thu, 03 Jan 2008 07:29:25 +0100 From: Hugo van der Kooij Subject: Re: Off Topic - Can someone help? To: MailScanner discussion Message-ID: <477C80C5.7090503@vanderkooij.org> Content-Type: text/plain; charset=ISO-8859-1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ajos1@onion.demon.co.uk wrote: > I think I have a safe-ish system... (ie) not an open relay and so on... but TONIGHT all of a sudden something/someone is "suposably" able to relay. You are broken in to in some manner. Unless you take the system offline you will be sending spam and are to be held accountable. > Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: from=, size=1658, class=0, nrcpts=1, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Your SMTP client lives localy. > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: from=, size=6253, class=0, nrcpts=51, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] And agaim. So you need to take the system offline and start forensics on the unit. As it is you should not trust ANYTHING on that machine. So anything you use to investigate needs to be started from a ReadOnly medium and not the system itself. I would start with the usual suspects like an SSH break in, .... Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHfIDCBvzDRVjxmYERAt5+AJ4o3lMKzJvK9NiklyXEQuGDmE7pxwCgiAAo zu88W1I9IC4qsfICJENFR6Q= =JPNK -----END PGP SIGNATURE----- ------------------------------ Message: 4 Date: Thu, 3 Jan 2008 07:07:59 -0000 From: "Randal, Phil" Subject: RE: MailScanner ANNOUNCE: New 4.66.5 released To: "MailScanner discussion" Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02819093@HC-MBX02.herefordshire.gov.uk> Content-Type: text/plain; charset="us-ascii" mailscanner-bounces@lists.mailscanner.info wrote: > Happy New Year to you Jules! > > Just read your announcement and realized that you have made > changes for use by MailWatch 2. As MailWatch 2 is far away > from being published (will it be published for general use?) > I am wondering, if these changes you made, do make problems, > if one uses MailWatch Version 1.4? > > Thanks. > > Kind regards, > Roland It works fine with MailWatch 1.04. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK ------------------------------ Message: 5 Date: Thu, 3 Jan 2008 03:06:41 -0500 From: Martin Garcia Subject: ERROR: You must upgrade your perl IO module to at least To: mailscanner@lists.mailscanner.info Message-ID: <20080103030641.3766gepvswcckgck@gateway.nettix.com.pe> Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Guys, According to the late problems with perl-Mail-tools and perl-MIME-tools I upgraded my server to 4.66 but im finding the below. Could you give me some lights on it? what should be the minimum version? where I can find an apropiate rpm? I use the latest rpmforge and centos repos. Im using CentOS 4.6 x386 Thanks in advance Cualquier duda o consulta estoy a su disposicion. Atentamente / Sincerely MARTIN GARCIA Consultor Linux y redes Nettix Peru telf: +(511)9735-4848 mailto:mgarcia@nettix.com.pe [root@gateway es]# service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming postfix: [ OK ] outgoing postfix: [ OK ] Waiting for MailScanner to die gracefully dead. Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: **** ERROR: You must upgrade your perl IO module to at least **** ERROR: version 1.2301 or MailScanner will not work! [ OK ] ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------ Message: 6 Date: Thu, 3 Jan 2008 16:12:52 +0800 From: Michael Choo Subject: Re: Off Topic - Can someone help? To: MailScanner discussion Message-ID: <94CEC66B-87F1-4DD9-A624-DFE5985C02C5@gmail.com> Content-Type: text/plain; charset="us-ascii" On 3 Jan 2008, at 12:22 PM, ajos1@onion.demon.co.uk wrote: > ########### > #### Does anyone have a clue how I might be getting hacked??? > ########### I've seen this on a customer's server before. did snort report any outgoing irc traffic? Close down Sendmail and kill all existing sendmail sessions. do a "netstat -an" and see what ports and sessions are currently active. chances are, port 6667 (Irc) is running, and probably got in via an insecure user password. chees -Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080103/7c2ce816/attachment-0001.html ------------------------------ Message: 7 Date: Thu, 03 Jan 2008 08:43:34 +0000 From: "Martin.Hepworth" Subject: RE: Off Topic - Can someone help? To: "MailScanner discussion" Message-ID: <808501172b91e04e8a3132924197e54b@solidstatelogic.com> Content-Type: text/plain; charset="us-ascii" Yeah, could be compromised php script that installed a root kit. Could be lots of things... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij > Sent: 03 January 2008 06:29 > To: MailScanner discussion > Subject: Re: Off Topic - Can someone help? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ajos1@onion.demon.co.uk wrote: > > > I think I have a safe-ish system... (ie) not an open relay and so on... > but TONIGHT all of a sudden something/someone is "suposably" able to > relay. > > You are broken in to in some manner. Unless you take the system offline > you will be sending spam and are to be held accountable. > > > Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: > from=, size=1658, class=0, nrcpts=1, > msgid=, bodytype=8BITMIME, proto=SMTP, > daemon=MTA, relay=localhost.localdomain [127.0.0.1] > > Your SMTP client lives localy. > > > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: > from=, size=6253, class=0, nrcpts=51, > msgid=, bodytype=8BITMIME, proto=SMTP, > daemon=MTA, relay=localhost.localdomain [127.0.0.1] > > And agaim. > > So you need to take the system offline and start forensics on the unit. > As it is you should not trust ANYTHING on that machine. So anything you > use to investigate needs to be started from a ReadOnly medium and not > the system itself. > > I would start with the usual suspects like an SSH break in, .... > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHfIDCBvzDRVjxmYERAt5+AJ4o3lMKzJvK9NiklyXEQuGDmE7pxwCgiAAo > zu88W1I9IC4qsfICJENFR6Q= > =JPNK > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** ------------------------------ Message: 8 Date: Thu, 03 Jan 2008 08:53:12 -0200 From: "Miguel Koren O'Brien de Lacy" Subject: Re: Off Topic - Can someone help? To: MailScanner discussion Message-ID: <477CBE98.8000201@konsultex.com.br> Content-Type: text/plain; charset=UTF-8 I had a similar, mysterious problem like this a few years ago. What happened is that the same server was running Apache and it was configured improprely as a proxy by letting anyone use it as a proxy, so some spam systems were detecting that and using Apache to send those emails. I reconfigured Apache, following some guidelines from the Apache web site and the problem went away. There are some emails from me about this possibly in 2004 on this mailing list. I had the "ProxyPass" directive on and this let the spammers use apache as a route to sendmail. Check for something like this in your apache log: access_log:168.61.4.12 - - [08/Aug/2004:16:54:45 -0300] "POST http://168.61.5.196:25/ HTTP/1.0" 200 2027 Maybe this can help you before you reinstall the OS. Miguel ajos1@onion.demon.co.uk escreveu: > - > > Off Topic - Can someone help? > > I am sending this for 2 reasons: > > (1) To let people know there might be something that they need to look out for... > > (2) I am hoping someone might tell me what I have got wrong with my system. > > > I think I have a safe-ish system... (ie) not an open relay and so on... but TONIGHT all of a sudden something/someone is "suposably" able to relay. > > > Hack example one is: Sending from: dwkscy@yahoo.com to a2234455@tomail.com.tw > > Hack example two is: Sending from: okorfhzoaiadke@yahoo.com to zillions of people !! > > I tried telneting from a remote IP... and doing: mail from: and rcpt to: . And my system says that Relaying is denied... > > As a temporary stop... I have had to put this in my /etc/mail/access file > > /etc/mail/access > ================ > To:tomail.com.tw REJECT > > > ########### > #### Does anyone have a clue how I might be getting hacked??? > ########### > > > > [root@www log]# host -t mx tomail.com.tw > ======================================== > tomail.com.tw mail is handled by 10 localhost. > > > > [root@www log]# grep -i 005955 maillog > ====================================== > Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: from=, size=1658, class=0, nrcpts=1, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] > Jan 3 01:28:50 www sendmail[5955]: m031SgPv005955: to=, delay=00:00:02, mailer=esmtp, pri=31658, stat=queued > Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: SYSERR(root): MX list for tomail.com.tw. points back to www.tbshs.herts.sch.uk > Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: to=, delay=00:00:05, xdelay=00:00:00, mailer=esmtp, pri=121658, relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error > Jan 3 01:28:53 www sendmail[5963]: m031SgPv005955: m031SrMj005963: DSN: Local configuration error > Jan 3 01:29:03 www MailScanner[26370]: Logging message m031SgPv005955 to SQL > Jan 3 01:29:03 www MailScanner[5971]: m031SgPv005955: Logged to MailWatch SQL > > > > [root@www log]# grep -i 008581 maillog > ====================================== > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: from=, size=6253, class=0, nrcpts=51, msgid=, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > Jan 3 01:49:36 www sendmail[8581]: m031mFpI008581: to=, delay=00:01:16, mailer=esmtp, pri=1536253, stat=queued > > == > ===================================================================== > = > = "I should have listened to myself earlier..." > = > ===================================================================== > = Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid??? > = Call... +44 8457 90 90 90 http://www.samaritans.org/ > ===================================================================== > -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. ------------------------------ Message: 9 Date: Thu, 03 Jan 2008 09:13:38 -0200 From: "Miguel Koren O'Brien de Lacy" Subject: [off topic] - usernames with special chracters To: mailscanner@lists.mailscanner.info Message-ID: <477CC362.7010706@konsultex.com.br> Content-Type: text/plain; charset=UTF-8 Today I also have an off topic question and I'm sure someone on this list knows about this. On Fedora Core 7 I now have several domains and I need to have users with user names like "name@domain.com". I found that this does not work without some tweaking because when the /var/spool/mail mailbox is created, Fedora leaves out the "@domain.com" and so there is a conflict when 2 users like "name@domain1.com" and "name@domain2.com" are created. In other words, the mailbox file is just "name" and not "name@domain1.com". Since I could not create the users I was not able to test but I assume that the virtusertable will let me map "name@domain.com" to something like "name@domain.com@localhost". I'm sure that there are other ways to set up a system for accepcting usernames like this but for several reasons on this server it would be the easiest solution for me. Does anyone know if it is in fact possible to have Fedora use usernames in this format and if so what needs to be configured? Thanks. -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. ------------------------------ Message: 10 Date: Thu, 03 Jan 2008 11:56:15 -0000 From: "Anthony Cartmell" Subject: Re: [off topic] - usernames with special chracters To: "MailScanner discussion" Message-ID: Content-Type: text/plain; format=flowed; delsp=yes; charset=utf-8 > Today I also have an off topic question and I'm sure someone on this > list knows about this. On Fedora Core 7 I now have several domains and I > need to have users with user names like "name@domain.com". Hmmmm... sounds like sendmail? > Since I could not create the users I > was not able to test but I assume that the virtusertable will let me map > "name@domain.com" to something like "name@domain.com@localhost". If you're using standard sendmail, then no, it won't. Any string containing an "@" on the RHS of virtusertable is deemed to be an e-mail address, not a username. > I'm sure that there are other ways to set up a system for accepcting > usernames like this but for several reasons on this server it would be > the easiest solution for me. Does anyone know if it is in fact possible > to have Fedora use usernames in this format and if so what needs to be > configured? What mailer are you using? If it's sendmail then you can't have "@" in the username, even though you can for the unix user. You'll need to substitute something like "_" for the "@" for your sendmail account names. You might need to investigate other mailers that handle virtual users differently, if you want to keep "@" as a valid mail account character. Hope this helps, Anthony -- www.fonant.com - Quality web sites ------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read the Wiki (http://wiki.mailscanner.info/). Support MailScanner development - buy the book off the website! End of MailScanner Digest, Vol 25, Issue 4 ****************************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From telecaadmin at gmail.com Thu Jan 3 16:36:41 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Thu Jan 3 16:36:50 2008 Subject: How to ignore all outgoing mail in MailScanner Message-ID: <477D0F19.4080007@gmail.com> Hi all, after endless searching with Google I did not find any solution to the following problem (well, I found http://lists.mailscanner.info/pipermail/mailscanner/2006-October/066594.html - but is this still the best way to go?) All outgoing mails (= mails received from internal, trusted servers) MUST NOT be scanned by MailScanner. ATM I'm using the postfix setup with header_checks enabled, but this (of course) causes ALL MAIL to be scanned by MailScanner. postfix has this nice "permit_mynetworks" keyword to bypass all checks for internal servers. 1) Is there a clean way to NOT PASS any mails from a list of relays to MailScanner at all (by postfix)? -OR- 2) Is there a similar keyword for Mailscanner so it ignores those mails completely? Has anybody a suggestion how to implement that the most clean way? It's not just a couple of IPs... Cheers, Ronny From martinh at solidstatelogic.com Thu Jan 3 16:48:50 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jan 3 16:49:02 2008 Subject: How to ignore all outgoing mail in MailScanner In-Reply-To: <477D0F19.4080007@gmail.com> Message-ID: <2824afed4547d34e9c5f832743dfbeac@solidstatelogic.com> Ronny Yes you can add a ruleset whereby the internal ip-addresses/networks are not scanned (either at all or at various stages). I do this here, don't spam scan outbound (ie FROM my internal email server), but do virus scan and add the footer below. The 'big off' switch is "Scan messages" in MailScanner.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert > Sent: 03 January 2008 16:37 > To: mailscanner@lists.mailscanner.info > Subject: How to ignore all outgoing mail in MailScanner > > Hi all, > > after endless searching with Google I did not find any solution to the > following problem (well, I found > http://lists.mailscanner.info/pipermail/mailscanner/2006- > October/066594.html > - but is this still the best way to go?) > > All outgoing mails (= mails received from internal, trusted servers) > MUST NOT be scanned by MailScanner. > > ATM I'm using the postfix setup with header_checks enabled, but this (of > course) causes ALL MAIL to be scanned by MailScanner. > > > postfix has this nice "permit_mynetworks" keyword to bypass all checks > for internal servers. > > 1) Is there a clean way to NOT PASS any mails from a list of relays to > MailScanner at all (by postfix)? > > -OR- > > 2) Is there a similar keyword for Mailscanner so it ignores those mails > completely? > > > Has anybody a suggestion how to implement that the most clean way? > It's not just a couple of IPs... > > > Cheers, > Ronny > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From clacroix at cegep-ste-foy.qc.ca Thu Jan 3 16:49:17 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Thu Jan 3 16:49:30 2008 Subject: How to ignore all outgoing mail in MailScanner In-Reply-To: <477D0F19.4080007@gmail.com> References: <477D0F19.4080007@gmail.com> Message-ID: <477D120D.30006@cegep-ste-foy.qc.ca> Ronny T. Lampert a ?crit : > Hi all, > > after endless searching with Google I did not find any solution to the > following problem (well, I found > http://lists.mailscanner.info/pipermail/mailscanner/2006-October/066594.html > - but is this still the best way to go?) > > All outgoing mails (= mails received from internal, trusted servers) > MUST NOT be scanned by MailScanner. > > ATM I'm using the postfix setup with header_checks enabled, but this > (of course) causes ALL MAIL to be scanned by MailScanner. > > > postfix has this nice "permit_mynetworks" keyword to bypass all checks > for internal servers. > > 1) Is there a clean way to NOT PASS any mails from a list of relays to > MailScanner at all (by postfix)? > > -OR- > > 2) Is there a similar keyword for Mailscanner so it ignores those > mails completely? > > > Has anybody a suggestion how to implement that the most clean way? > It's not just a couple of IPs... > > > Cheers, > Ronny Hi, just like this, i would try to experiment with a ruleset on this paticular option: # If this is set to yes, then email messages passing through MailScanner # will be processed and checked, and all the other options in this file # will be used to control what checks are made on the message. # If this is set to no, then email messages will NOT be processed or # checked *at all*, and so any viruses or other problems will be ignored. # # The purpose of this option is to set it to be a ruleset, so that you # can skip all scanning of mail destined for some of your users/customers # and still scan all the rest. # A sample ruleset would look like this: # To: bad.customer.com no # From: ignore.domain.com no # FromOrTo: default yes # That will scan all mail except mail to bad.customer.com and mail from # ignore.domain.com. To set this up, put the 3 lines above into a file # called /etc/MailScanner/rules/scan.messages.rules and set the next line to # Scan Messages = %rules-dir%/scan.messages.rules # This can also be the filename of a ruleset (as illustrated above). Scan Messages = yes I really think there is something you can do with this option. On the other hand, you can also whitelist your servers so they don't get tagged as spam. later, Charles From mikea at mikea.ath.cx Thu Jan 3 17:03:40 2008 From: mikea at mikea.ath.cx (mikea) Date: Thu Jan 3 17:03:54 2008 Subject: How to ignore all outgoing mail in MailScanner In-Reply-To: <477D0F19.4080007@gmail.com> References: <477D0F19.4080007@gmail.com> Message-ID: <20080103170340.GB49576@mikea.ath.cx> On Thu, Jan 03, 2008 at 05:36:41PM +0100, Ronny T. Lampert wrote: > Hi all, > > after endless searching with Google I did not find any solution to the > following problem (well, I found > http://lists.mailscanner.info/pipermail/mailscanner/2006-October/066594.html > - but is this still the best way to go?) > > All outgoing mails (= mails received from internal, trusted servers) > MUST NOT be scanned by MailScanner. > > ATM I'm using the postfix setup with header_checks enabled, but this (of > course) causes ALL MAIL to be scanned by MailScanner. > > > postfix has this nice "permit_mynetworks" keyword to bypass all checks > for internal servers. > > 1) Is there a clean way to NOT PASS any mails from a list of relays to > MailScanner at all (by postfix)? > > -OR- > > 2) Is there a similar keyword for Mailscanner so it ignores those mails > completely? > > > Has anybody a suggestion how to implement that the most clean way? > It's not just a couple of IPs... It sounds as though your internal network is more than minimally complex. I'm fortunate: we have only one authorized mail emitter internally, even if it *is* the dreaded-and-despised Lotus Domino. Can you split your mail processing into an inbound-only server and an outbound-only server? We did, where I work, and that took care of a *lot* of problems -- while generating others, to be sure, but those are easily solved. Our outbound mail load is very small, compared to the raging torrent of mail, most of it junk, which we see inbound. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From uxbod at splatnix.net Thu Jan 3 18:12:40 2008 From: uxbod at splatnix.net (UxBoD) Date: Thu Jan 3 18:13:42 2008 Subject: OT: IDS and APF Message-ID: <3093814.2061199383960477.JavaMail.root@office.splatnix.net> Off topic but may be of use. Before I re-invent the wheel has anybody used the information from SNORT and BASE to extract IPs for passing to APF for blocking ? I have just signed up for the sigs to use in Snort and would like to get the most from them. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From telecaadmin at gmail.com Thu Jan 3 18:39:03 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Thu Jan 3 18:39:12 2008 Subject: How to ignore all outgoing mail in MailScanner - SOLVED In-Reply-To: <20080103170340.GB49576@mikea.ath.cx> References: <477D0F19.4080007@gmail.com> <20080103170340.GB49576@mikea.ath.cx> Message-ID: <477D2BC7.2000601@gmail.com> > It sounds as though your internal network is more than minimally > complex. I'm fortunate: we have only one authorized mail emitter > internally, even if it *is* the dreaded-and-despised Lotus Domino. Well, multiple continents and failover are adding (rightfully) to complexity. > Can you split your mail processing into an inbound-only server and an > outbound-only server? We did, where I work, and that took care of a > *lot* of problems -- while generating others, to be sure, but those > are easily solved. Our outbound mail load is very small, compared to > the raging torrent of mail, most of it junk, which we see inbound. No, that is not possible as it would e.g. double the needed hardware, add more rules to our internal mail routing etc. But the Scan Messages = %rules-dir%/scan.messages.rules seems to do the trick. I'm auto-generating this file from postfix's trusted smtp servers (3 lines bash) from which I also automatically generate my transport table. Whitelisting is not an option as we still add headers to the mail and also scan it -- embarassing to leak that info to the outside, if an outgoing mail is tagges as SPAM! The above solution seems to be the cleanest way. Thanks for all pointers! Cheers, Ronny From fabienpenso at gmail.com Thu Jan 3 18:49:59 2008 From: fabienpenso at gmail.com (Fabien Penso) Date: Thu Jan 3 18:50:07 2008 Subject: MailScanner rulesets lookup table In-Reply-To: <46DBE697.3030001@ecs.soton.ac.uk> References: <9173fd7e0709021401k647dedcbkb1ab8359cac0c979@mail.gmail.com> <46DBE697.3030001@ecs.soton.ac.uk> Message-ID: <89fe6f1b0801031049j2d69a3e5ja79e3ae7b3205394@mail.gmail.com> > Hash: SHA1 > > No, there isn't. A rule is a triple of direction, address, and result. > As such it doesn't lend itself to storage in cdb or other simple > key/value lookup tables. I have the same request. My users can modify their settings through a web interface, and I'd like to avoid to have to generate the flat files everytime they do (many many users). Could I possibly do something so mailscanner would look into a database for thoses informations, instead of flat files ? From Kit at simplysites.co.uk Thu Jan 3 20:29:38 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Thu Jan 3 20:34:24 2008 Subject: How to ignore all outgoing mail in MailScanner - SOLVED References: <477D0F19.4080007@gmail.com> <20080103170340.GB49576@mikea.ath.cx> <477D2BC7.2000601@gmail.com> Message-ID: Sorry to butt in but how do I do this with sendmail? We currently use pop before smtp which stores ip in popip.db. Does anyone have a script that would look in there on a regular basis to update the scan.messages.rules file? Not sure if mailscanner need to be restarted everytime scan.messages.rules get changed though. If not maybe someone here may be able to create a simple script if its not already done. ________________________________ > It sounds as though your internal network is more than minimally > complex. I'm fortunate: we have only one authorized mail emitter > internally, even if it *is* the dreaded-and-despised Lotus Domino. Well, multiple continents and failover are adding (rightfully) to complexity. > Can you split your mail processing into an inbound-only server and an > outbound-only server? We did, where I work, and that took care of a > *lot* of problems -- while generating others, to be sure, but those > are easily solved. Our outbound mail load is very small, compared to > the raging torrent of mail, most of it junk, which we see inbound. No, that is not possible as it would e.g. double the needed hardware, add more rules to our internal mail routing etc. But the Scan Messages = %rules-dir%/scan.messages.rules seems to do the trick. I'm auto-generating this file from postfix's trusted smtp servers (3 lines bash) from which I also automatically generate my transport table. Whitelisting is not an option as we still add headers to the mail and also scan it -- embarassing to leak that info to the outside, if an outgoing mail is tagges as SPAM! The above solution seems to be the cleanest way. Thanks for all pointers! Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4968 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080103/8fa94108/attachment.bin From Kit at simplysites.co.uk Thu Jan 3 20:44:44 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Thu Jan 3 20:47:13 2008 Subject: How to ignore all outgoing mail in MailScanner - SOLVED References: <477D0F19.4080007@gmail.com> <20080103170340.GB49576@mikea.ath.cx> <477D2BC7.2000601@gmail.com> Message-ID: Further to my investigation, it seems its poprelayd daemon reads the ip form successful logins via the maillog, then writes to popip.db. there is a file called poprelay.conf which I think can be hacked to write to somewhere else as well as popip.db (hopefully scan.messages.rules). Anyone tried this? I don't have the programming skills that you guys have. Hope someone can help. ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Kit Wong Sent: Thu 03/01/2008 20:29 To: MailScanner discussion Subject: RE: How to ignore all outgoing mail in MailScanner - SOLVED Sorry to butt in but how do I do this with sendmail? We currently use pop before smtp which stores ip in popip.db. Does anyone have a script that would look in there on a regular basis to update the scan.messages.rules file? Not sure if mailscanner need to be restarted everytime scan.messages.rules get changed though. If not maybe someone here may be able to create a simple script if its not already done. ________________________________ > It sounds as though your internal network is more than minimally > complex. I'm fortunate: we have only one authorized mail emitter > internally, even if it *is* the dreaded-and-despised Lotus Domino. Well, multiple continents and failover are adding (rightfully) to complexity. > Can you split your mail processing into an inbound-only server and an > outbound-only server? We did, where I work, and that took care of a > *lot* of problems -- while generating others, to be sure, but those > are easily solved. Our outbound mail load is very small, compared to > the raging torrent of mail, most of it junk, which we see inbound. No, that is not possible as it would e.g. double the needed hardware, add more rules to our internal mail routing etc. But the Scan Messages = %rules-dir%/scan.messages.rules seems to do the trick. I'm auto-generating this file from postfix's trusted smtp servers (3 lines bash) from which I also automatically generate my transport table. Whitelisting is not an option as we still add headers to the mail and also scan it -- embarassing to leak that info to the outside, if an outgoing mail is tagges as SPAM! The above solution seems to be the cleanest way. Thanks for all pointers! Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 5660 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080103/a629b762/attachment.bin From gstory at pccctx.com Thu Jan 3 21:34:21 2008 From: gstory at pccctx.com (Guy Story KC5GOI) Date: Thu Jan 3 21:34:47 2008 Subject: Max file size Message-ID: <477D54DD.4050603@pccctx.com> I have a max file size question. I am getting " is too big for spam checks (2090980 > 150000 bytes) " A search of mailscanner.conf does not find the vaule 150000. I read a few posts I found after using google and they indicate this is not an issue. I added the EICAR to a 175k text file. It was flagged as too big for spam scanning and the AV scanning did not happen. Given the MS Windows Media file problems from last year, I would like to have Clam scan all attachments even if it was too big for spam. Some attachments can easily be bigger than a meg. I am aware of the performance concerns. -- Regards, Guy Story KC5GOI MIS Manager Texas Hematology Oncology Centers P.A. This email, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and the entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Patients Comprehensive Cancer Center at 972.395.1010 or via email at privacy@pccctx.com. PCCC, its subsidiaries, and affiliates hereby claim all applicable privileges related to this information. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: gstory.vcf Type: text/x-vcard Size: 291 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080103/c35bb617/gstory.vcf From Jeff.Mills at versacold.com.au Thu Jan 3 21:52:16 2008 From: Jeff.Mills at versacold.com.au (Jeff Mills) Date: Thu Jan 3 21:52:53 2008 Subject: Max file size Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Guy Story KC5GOI > Sent: Friday, 4 January 2008 8:34 AM > To: MailScanner@lists.mailscanner.info > Subject: Max file size > > I have a max file size question. I am getting " is too big > for spam checks (2090980 > 150000 bytes) " A search of > mailscanner.conf does not find the vaule 150000. Look for the following: Max Spam Check Size = I would have thought that virus scanning should still happen even if it is too big for spam though. From mkettler at evi-inc.com Thu Jan 3 21:59:03 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jan 3 21:59:21 2008 Subject: Max file size In-Reply-To: <477D54DD.4050603@pccctx.com> References: <477D54DD.4050603@pccctx.com> Message-ID: <477D5AA7.2060206@evi-inc.com> Guy Story KC5GOI wrote: > I have a max file size question. I am getting " is too big for spam > checks (2090980 > 150000 bytes) " A search of mailscanner.conf does not > find the vaule 150000. This should be the "Max SpamAssassin Size" option, which, AFAIK, should only apply to SpamAssassin, not AV scanning. > I read a few posts I found after using google and > they indicate this is not an issue. I added the EICAR to a 175k text > file. It was flagged as too big for spam scanning and the AV scanning > did not happen. Are you sure your AV would detect the resulting file as a virus? I tried pre-pending it to a 400k file, and MailScanner found it just fine. Appending it to the same file, it was not detected. HOWEVER, copying this same file to my server and manually running all of AV scanners on it (bitdefender, clamav, command av) did not detect a virus either. Apparently most AV products will only detect eicar if it's at the beginning of the file. (This is probably to reduce FP's) > > Given the MS Windows Media file problems from last year, I would like to > have Clam scan all attachments even if it was too big for spam. Some > attachments can easily be bigger than a meg. I am aware of the > performance concerns. AFAIK, they should always be av scanned. See above and test your file against your scanners to see if they detect it. > > From ssilva at sgvwater.com Fri Jan 4 00:11:49 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 4 00:12:16 2008 Subject: How to ignore all outgoing mail in MailScanner - SOLVED In-Reply-To: <477D2BC7.2000601@gmail.com> References: <477D0F19.4080007@gmail.com> <20080103170340.GB49576@mikea.ath.cx> <477D2BC7.2000601@gmail.com> Message-ID: on 1/3/2008 10:39 AM Ronny T. Lampert spake the following: >> It sounds as though your internal network is more than minimally >> complex. I'm fortunate: we have only one authorized mail emitter >> internally, even if it *is* the dreaded-and-despised Lotus Domino. > > Well, multiple continents and failover are adding (rightfully) to > complexity. > >> Can you split your mail processing into an inbound-only server and an >> outbound-only server? We did, where I work, and that took care of a >> *lot* of problems -- while generating others, to be sure, but those >> are easily solved. Our outbound mail load is very small, compared to >> the raging torrent of mail, most of it junk, which we see inbound. > > No, that is not possible as it would e.g. double the needed hardware, > add more rules to our internal mail routing etc. > > But the > > Scan Messages = %rules-dir%/scan.messages.rules > > seems to do the trick. > I'm auto-generating this file from postfix's trusted smtp servers (3 > lines bash) from which I also automatically generate my transport table. > > Whitelisting is not an option as we still add headers to the mail and > also scan it -- embarassing to leak that info to the outside, if an > outgoing mail is tagges as SPAM! > It is also embarrasing if outgoing e-mail IS spam, and you get blacklisted. I think I would still scan outgoing mail, and fix a ruleset to bounce bad back to originator "ONLY IF" they are on one of your servers. All you need is a bot on a users PC inside your network, which is very easy for some (l)users to get. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From bfebrian.mailscanner at indomino.net Fri Jan 4 03:13:02 2008 From: bfebrian.mailscanner at indomino.net (Budi Febrianto) Date: Fri Jan 4 03:13:29 2008 Subject: Txt file considered as program? Message-ID: <477DA43E.2060408@indomino.net> Dear all, I see many emails quarantine in the mailscanner server because it have attachment that considered as program, but the attachment actually txt attachment. MailScanner: No programs allowed (msg-27290-704.txt) I already allowed txt file in both filename.rules.conf and MailScanner.conf in filename.rules.conf allow \.txt$ - - in MailScanner.conf Allow Filenames = \.tmp$ \.par$ \.pce$ \.mod$ \.txt$ I'm using MailScanner 4.65.3 in CentOS 5. -- Budi Febrianto www.indomino.net/blog From ricky.boone at gmail.com Fri Jan 4 03:34:39 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Fri Jan 4 03:34:53 2008 Subject: Txt file considered as program? In-Reply-To: <477DA43E.2060408@indomino.net> References: <477DA43E.2060408@indomino.net> Message-ID: <477DA94F.4070409@gmail.com> Budi Febrianto wrote: > Dear all, > > I see many emails quarantine in the mailscanner server because it have > attachment that considered as program, but the attachment actually txt > attachment. > > MailScanner: No programs allowed (msg-27290-704.txt) You may want to verify the attachment is not an actual program or other form of executable code. The extension may be misleading, or MailScanner may not be reporting the actual extension name (for example, leaving the message with attachments encoded in the txt file). I wouldn't recommend enabling programs or executables, even for just TXT files, unless you are absolutely sure about their origin and have limited the ruleset down accordingly. From ugob at lubik.ca Fri Jan 4 03:34:59 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Jan 4 03:40:15 2008 Subject: Txt file considered as program? In-Reply-To: <477DA43E.2060408@indomino.net> References: <477DA43E.2060408@indomino.net> Message-ID: Budi Febrianto wrote: > Dear all, > > I see many emails quarantine in the mailscanner server because it have > attachment that considered as program, but the attachment actually txt > attachment. > > MailScanner: No programs allowed (msg-27290-704.txt) > > I already allowed txt file in both filename.rules.conf and MailScanner.conf > in filename.rules.conf > allow \.txt$ - - > > in MailScanner.conf > Allow Filenames = \.tmp$ \.par$ \.pce$ \.mod$ \.txt$ > > I'm using MailScanner 4.65.3 in CentOS 5. > That is a filetype problem, not a filename... Regards, Ugo From garry at glendown.de Fri Jan 4 08:56:38 2008 From: garry at glendown.de (Garry) Date: Fri Jan 4 08:56:52 2008 Subject: CRM114 - _many_ files in reaver_cache?! Message-ID: <477DF4C6.7000601@glendown.de> I'm wondering - is it normal that there is a massive amount of files in the reaver_cache hierarchy? I've been running it for something like half a year or so, with 144k documents learned, and a "du" will barely even go through that directory tree anymore ... /reaver_cache # ls -l total 21264 drwxrwxrwx 8 root root 224 Jul 31 22:34 . drwxrwxrwx 3 root root 584 Jan 4 09:55 .. drwxrwxrwx 2 root root 48 Jul 31 22:34 empty drwxrwxrwx 2 root root 4567968 Jan 4 09:54 known_good drwxrwxrwx 2 root root 2365008 Jan 4 09:50 known_spam drwxrwxrwx 2 root root 2397856 Jan 4 09:54 prob_good drwxrwxrwx 2 root root 1427112 Jan 4 09:50 prob_spam drwxrwxrwx 2 root root 11016856 Jan 4 09:54 texts Can these directories be "cleaned up" a bit, or are the files necessary for operation? Tnx, -garry From J.Ede at birchenallhowden.co.uk Fri Jan 4 09:12:40 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Jan 4 09:12:58 2008 Subject: MailScanner on yum repository Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local> Hugo, When do you plan to put 4.66 onto the yum respository? I've used it to install mailscanner and it went on like a dream apart from needing the mailtools patch for which I'll need to wait for 4.66 Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080104/f5372605/attachment.html From bfebrian.mailscanner at indomino.net Fri Jan 4 09:13:49 2008 From: bfebrian.mailscanner at indomino.net (Budi Febrianto) Date: Fri Jan 4 09:14:15 2008 Subject: Txt file considered as program? In-Reply-To: References: <477DA43E.2060408@indomino.net> Message-ID: <477DF8CD.9030800@indomino.net> Ugo Bellavance wrote: > Budi Febrianto wrote: >> Dear all, >> >> I see many emails quarantine in the mailscanner server because it >> have attachment that considered as program, but the attachment >> actually txt attachment. >> >> MailScanner: No programs allowed (msg-27290-704.txt) >> > > That is a filetype problem, not a filename... > > Regards, > > Ugo > Why txt file considered as program? Is it CentOS problem? -- Budi Febrianto Problem with SPAM? www.indomino.net/blog From garry at glendown.de Fri Jan 4 09:14:54 2008 From: garry at glendown.de (Garry) Date: Fri Jan 4 09:15:11 2008 Subject: CRM114 - _many_ files in reaver_cache?! In-Reply-To: <477DF4C6.7000601@glendown.de> References: <477DF4C6.7000601@glendown.de> Message-ID: <477DF90E.9020604@glendown.de> Never mind, found some hints via Google about this ... so "find -delete" it is ... ;) From prandal at herefordshire.gov.uk Fri Jan 4 09:15:13 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jan 4 09:15:27 2008 Subject: CRM114 - _many_ files in reaver_cache?! In-Reply-To: <477DF4C6.7000601@glendown.de> References: <477DF4C6.7000601@glendown.de> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02819237@HC-MBX02.herefordshire.gov.uk> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass assin:plugins:crm114 Scroll down to the "Notes" section: "Apparently there's no provision to limit the size of /etc/mail/spamassassin/crm114/reaver_cache's contents. Running on a very low traffic test box, the directory has grown to 59MB in less than 24 hrs. If you do not intend to perform manual re-training to correct ham/spam detection, it may be wise to set (in /etc/mail/spamassassin/crm114/mailfilter.cf): :text_cache: /reaver_cache/ to :text_cache: // This will disable msg caching of all your mail traffic (keeping a copy of all ham/spam could also be against corp. policy) Disabling "reaver_cache" may speed up CRM114 processing by avoiding the extra msg write operations to "reaver_cache" categories. Note text courtesy of Alex Broens" Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Garry > Sent: 04 January 2008 08:57 > To: MailScanner discussion > Subject: CRM114 - _many_ files in reaver_cache?! > > I'm wondering - is it normal that there is a massive amount > of files in > the reaver_cache hierarchy? I've been running it for > something like half > a year or so, with 144k documents learned, and a "du" will > barely even > go through that directory tree anymore ... > > /reaver_cache # ls -l > total 21264 > drwxrwxrwx 8 root root 224 Jul 31 22:34 . > drwxrwxrwx 3 root root 584 Jan 4 09:55 .. > drwxrwxrwx 2 root root 48 Jul 31 22:34 empty > drwxrwxrwx 2 root root 4567968 Jan 4 09:54 known_good > drwxrwxrwx 2 root root 2365008 Jan 4 09:50 known_spam > drwxrwxrwx 2 root root 2397856 Jan 4 09:54 prob_good > drwxrwxrwx 2 root root 1427112 Jan 4 09:50 prob_spam > drwxrwxrwx 2 root root 11016856 Jan 4 09:54 texts > > Can these directories be "cleaned up" a bit, or are the files > necessary > for operation? > > > Tnx, -garry > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From bfebrian.mailscanner at indomino.net Fri Jan 4 09:17:39 2008 From: bfebrian.mailscanner at indomino.net (Budi Febrianto) Date: Fri Jan 4 09:18:01 2008 Subject: Txt file considered as program? In-Reply-To: <477DA94F.4070409@gmail.com> References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> Message-ID: <477DF9B3.401@indomino.net> Ricky Boone wrote: > Budi Febrianto wrote: > >> Dear all, >> >> I see many emails quarantine in the mailscanner server because it have >> attachment that considered as program, but the attachment actually txt >> attachment. >> >> MailScanner: No programs allowed (msg-27290-704.txt) >> > > You may want to verify the attachment is not an actual program or other > form of executable code. The extension may be misleading, or > MailScanner may not be reporting the actual extension name (for example, > leaving the message with attachments encoded in the txt file). > > I wouldn't recommend enabling programs or executables, even for just TXT > files, unless you are absolutely sure about their origin and have > limited the ruleset down accordingly. > The attachment is text file, I can open it from mailwatch. I'm not sure why MailScanner detected as program. Best Regards -- Budi Febrianto Problem with SPAM? www.indomino.net/blog From a.peacock at chime.ucl.ac.uk Fri Jan 4 09:42:44 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Fri Jan 4 09:42:55 2008 Subject: Txt file considered as program? In-Reply-To: <477DF9B3.401@indomino.net> References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> Message-ID: <477DFF94.20403@chime.ucl.ac.uk> Hi, Budi Febrianto wrote: > Ricky Boone wrote: >> Budi Febrianto wrote: >> >>> Dear all, >>> >>> I see many emails quarantine in the mailscanner server because it have >>> attachment that considered as program, but the attachment actually txt >>> attachment. >>> >>> MailScanner: No programs allowed (msg-27290-704.txt) > The attachment is text file, I can open it from mailwatch. > I'm not sure why MailScanner detected as program. There is a problem with some versions of the file command, where it detects a text file in the Russion language as a executable program. What does the text file look like? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From glenn.steen at gmail.com Fri Jan 4 10:31:39 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 4 10:31:55 2008 Subject: Txt file considered as program? In-Reply-To: <477DFF94.20403@chime.ucl.ac.uk> References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> <477DFF94.20403@chime.ucl.ac.uk> Message-ID: <223f97700801040231h71a252cdx3a0fc827a4a26f70@mail.gmail.com> On 04/01/2008, Anthony Peacock wrote: > Hi, > > Budi Febrianto wrote: > > Ricky Boone wrote: > >> Budi Febrianto wrote: > >> > >>> Dear all, > >>> > >>> I see many emails quarantine in the mailscanner server because it have > >>> attachment that considered as program, but the attachment actually txt > >>> attachment. > >>> > >>> MailScanner: No programs allowed (msg-27290-704.txt) > > > > > The attachment is text file, I can open it from mailwatch. > > I'm not sure why MailScanner detected as program. > > There is a problem with some versions of the file command, where it > detects a text file in the Russion language as a executable program. Not only Russian.... Greek has been very frequently misdetected by some versions of "file" as well. It is usually a question of having a few very optimistic one-byte magics in the magic file... Sigh. > What does the text file look like? CC. If it is something like a COM executable, you likely suffer from a one-byte magic problem...;). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ricky.boone at gmail.com Fri Jan 4 12:45:25 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Fri Jan 4 12:45:38 2008 Subject: Txt file considered as program? In-Reply-To: <477DF9B3.401@indomino.net> References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> Message-ID: <477E2A65.10005@gmail.com> Budi Febrianto wrote: > The attachment is text file, I can open it from mailwatch. > I'm not sure why MailScanner detected as program. Are you able to log into the MailScanner server at the shell? If so, try running the `file` command against the message and attachments that are getting blocked. If memory serves, that's what MailScanner is doing as well, so you should be able to see what kind of file in better detail MailScanner thinks it is. For example: file /var/spool/MailScanner/quarantine/DATE_HERE/MESSAGE_ID_HERE/* (with DATE_HERE and MESSAGE_ID_HERE replaced with the appropriately logged info) From thenrique at gmail.com Fri Jan 4 13:48:44 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Fri Jan 4 13:48:53 2008 Subject: Txt file considered as program? In-Reply-To: <477E2A65.10005@gmail.com> References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> <477E2A65.10005@gmail.com> Message-ID: I have the same problem where. When i check the .txt file generated by Outoolk in reply of some messages this return "DOS executable (COM)". Example: morpheus quarantine # file ./20080104/1A48799ACB.89983/msg-2327-60.txt ./20080104/1A48799ACB.89983/msg-2327-60.txt: DOS executable (COM) On Jan 4, 2008 9:45 AM, Ricky Boone wrote: > Budi Febrianto wrote: > > The attachment is text file, I can open it from mailwatch. > > I'm not sure why MailScanner detected as program. > > Are you able to log into the MailScanner server at the shell? If so, > try running the `file` command against the message and attachments that > are getting blocked. If memory serves, that's what MailScanner is doing > as well, so you should be able to see what kind of file in better detail > MailScanner thinks it is. > > For example: > > file /var/spool/MailScanner/quarantine/DATE_HERE/MESSAGE_ID_HERE/* > > (with DATE_HERE and MESSAGE_ID_HERE replaced with the appropriately > logged info) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080104/e5ddc031/attachment.html From steve.freegard at fsl.com Fri Jan 4 13:58:08 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Jan 4 13:55:44 2008 Subject: Txt file considered as program? In-Reply-To: References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> <477E2A65.10005@gmail.com> Message-ID: <477E3B70.1040907@fsl.com> Thiago Henrique wrote: > I have the same problem where. When i check the .txt file generated by > Outoolk in reply of some messages this return "DOS executable (COM)". > > Example: > morpheus quarantine # file ./20080104/1A48799ACB.89983/msg- 2327-60.txt > ./20080104/1A48799ACB.89983/msg-2327-60.txt: DOS executable (COM) If you change this to 'file -i ' does it produce the same executable output? Kind regards, Steve. From MailScanner at ecs.soton.ac.uk Fri Jan 4 13:59:04 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 13:59:23 2008 Subject: ERROR: You must upgrade your perl IO module to at least In-Reply-To: <20080103030641.3766gepvswcckgck@gateway.nettix.com.pe> References: <20080103030641.3766gepvswcckgck@gateway.nettix.com.pe> Message-ID: <477E3BA8.2070607@ecs.soton.ac.uk> Did you use the install.sh installation script? It should have built and installed the IO Perl module. If it didn't for some reason you can always use CPAN to install it with "perl -MCPAN -e install IO". Martin Garcia wrote: > Guys, > > According to the late problems with perl-Mail-tools and perl-MIME-tools > I upgraded my server to 4.66 but im finding the below. > > Could you give me some lights on it? what should be the minimum version? > where I can find an apropiate rpm? I use the latest rpmforge and > centos repos. > > Im using CentOS 4.6 x386 > > Thanks in advance > > Cualquier duda o consulta estoy a su disposicion. > > Atentamente / Sincerely > > > MARTIN GARCIA > Consultor Linux y redes > Nettix Peru > telf: +(511)9735-4848 > > mailto:mgarcia@nettix.com.pe > > [root@gateway es]# service MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > Waiting for MailScanner to die gracefully dead. > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: > > **** ERROR: You must upgrade your perl IO module to at least > **** ERROR: version 1.2301 or MailScanner will not work! > > [ OK ] > > > > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From thenrique at gmail.com Fri Jan 4 14:12:07 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Fri Jan 4 14:12:16 2008 Subject: Txt file considered as program? In-Reply-To: <477E3B70.1040907@fsl.com> References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> <477E2A65.10005@gmail.com> <477E3B70.1040907@fsl.com> Message-ID: No, if i change the command to file -i the file is identifed correctly: morpheus quarantine # file -i ./20080104/1A48799ACB.89983/msg-2327-60.txt ./20080104/1A48799ACB.89983/msg-2327-60.txt: text/plain; charset=iso-8859-1 On Jan 4, 2008 10:58 AM, Steve Freegard wrote: > Thiago Henrique wrote: > > I have the same problem where. When i check the .txt file generated by > > Outoolk in reply of some messages this return "DOS executable (COM)". > > > > Example: > > morpheus quarantine # file ./20080104/1A48799ACB.89983/msg- 2327-60.txt > > ./20080104/1A48799ACB.89983/msg-2327-60.txt: DOS executable (COM) > > If you change this to 'file -i ' does it produce the same > executable output? > > Kind regards, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080104/b4c857b3/attachment.html From lists at hbcs.org Fri Jan 4 14:17:49 2008 From: lists at hbcs.org (Dave C) Date: Fri Jan 4 14:17:56 2008 Subject: Txt file considered as program? In-Reply-To: <477E3B70.1040907@fsl.com> References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> <477E2A65.10005@gmail.com> <477E3B70.1040907@fsl.com> Message-ID: <477E400D.4070802@hbcs.org> Steve Freegard wrote: > Thiago Henrique wrote: >> I have the same problem where. When i check the .txt file generated by >> Outoolk in reply of some messages this return "DOS executable (COM)". >> >> Example: >> morpheus quarantine # file ./20080104/1A48799ACB.89983/msg- 2327-60.txt >> ./20080104/1A48799ACB.89983/msg-2327-60.txt: DOS executable (COM) > > If you change this to 'file -i ' does it produce the same > executable output? > > Kind regards, > Steve. Having similar situation here. Have a quarantined message that was sent from a blackberry that is getting marked as a quicktime file. [lists~]#file /var/spool/MailScanner/quarantine/20071212/lBCEAfiE023370/msg-10792-41.txt /var/spool/MailScanner/quarantine/20071212/lBCEAfiE023370/msg-10792-41.txt: Apple QuickTime movie file (free) [lists~]# file -i /var/spool/MailScanner/quarantine/20071212/lBCEAfiE023370/msg-10792-41.txt /var/spool/MailScanner/quarantine/20071212/lBCEAfiE023370/msg-10792-41.txt: text/plain; charset=iso-8859-1 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 4 14:20:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 14:21:16 2008 Subject: Txt file considered as program? In-Reply-To: <477DA43E.2060408@indomino.net> References: <477DA43E.2060408@indomino.net> Message-ID: <477E40C9.5010806@ecs.soton.ac.uk> An attachment has to pass *both* the filename *and* filetype tests. So just allowing *.txt files in filename.rules.conf won't be enough, it has to pass the filetype test too (filetype.rules.conf). Budi Febrianto wrote: > Dear all, > > I see many emails quarantine in the mailscanner server because it have > attachment that considered as program, but the attachment actually txt > attachment. > > MailScanner: No programs allowed (msg-27290-704.txt) > > I already allowed txt file in both filename.rules.conf and > MailScanner.conf > in filename.rules.conf > allow \.txt$ - - > > in MailScanner.conf > Allow Filenames = \.tmp$ \.par$ \.pce$ \.mod$ \.txt$ > > I'm using MailScanner 4.65.3 in CentOS 5. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 4 14:26:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 14:26:39 2008 Subject: Txt file considered as program? In-Reply-To: References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> <477E2A65.10005@gmail.com> <477E3B70.1040907@fsl.com> Message-ID: <477E420B.8020805@ecs.soton.ac.uk> This is because "file -i" uses a totally different file of "magic strings" to look for than the normal "file" command does without the "-i". I would fix it by finding the string in your normal "magic" file that triggers the "COM executable" result and comment it out. My line (RHEL 5) looks like this: 0 byte 0xe9 DOS executable (COM) so you're looking for a line like that, in /usr/share/file/magic (though the location of your "magic" file may vary and will be documented in "man file" output. Thiago Henrique wrote: > No, if i change the command to file -i the file is identifed correctly: > > morpheus quarantine # file -i ./20080104/1A48799ACB.89983/msg-2327-60.txt > ./20080104/1A48799ACB.89983/msg-2327-60.txt: text/plain; > charset=iso-8859-1 > > > > On Jan 4, 2008 10:58 AM, Steve Freegard > wrote: > > Thiago Henrique wrote: > > I have the same problem where. When i check the .txt file > generated by > > Outoolk in reply of some messages this return "DOS executable > (COM)". > > > > Example: > > morpheus quarantine # file ./20080104/1A48799ACB.89983/msg- > 2327-60.txt > > ./20080104/1A48799ACB.89983/msg-2327-60.txt: DOS executable (COM) > > If you change this to 'file -i ' does it produce the same > executable output? > > Kind regards, > Steve. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gstory at pccctx.com Fri Jan 4 14:48:27 2008 From: gstory at pccctx.com (Guy Story KC5GOI) Date: Fri Jan 4 14:48:46 2008 Subject: Max file size In-Reply-To: <477D5AA7.2060206@evi-inc.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> Message-ID: <477E473B.9010706@pccctx.com> Matt, I did add the EICAR at the end of my test text file. Based on your suggestion I moved it to the top of the text file and that was stopped. Putting the EICAR in the middle kept it from getting caught. I increased the Max SpamAssassin Size parameter from 30000 to 300000 and that did not clear the error message. I will keep looking. Jeff mentioned looking for "Max Spam Check Size =" I could not find that entry in my MailScanner.conf file. That was also the parameter that my Google searches refered to. If it is not present, is that the default setting? Matt Kettler wrote: > Guy Story KC5GOI wrote: >> I have a max file size question. I am getting " is too big for spam >> checks (2090980 > 150000 bytes) " A search of mailscanner.conf does not >> find the vaule 150000. > > This should be the "Max SpamAssassin Size" option, which, AFAIK, should > only apply to SpamAssassin, not AV scanning. > >> I read a few posts I found after using google and >> they indicate this is not an issue. I added the EICAR to a 175k text >> file. It was flagged as too big for spam scanning and the AV scanning >> did not happen. > > Are you sure your AV would detect the resulting file as a virus? > > I tried pre-pending it to a 400k file, and MailScanner found it just fine. > > Appending it to the same file, it was not detected. > > HOWEVER, copying this same file to my server and manually running all of > AV scanners on it (bitdefender, clamav, command av) did not detect a > virus either. Apparently most AV products will only detect eicar if it's > at the beginning of the file. (This is probably to reduce FP's) -- Regards, Guy Story KC5GOI MIS Manager Texas Hematology Oncology Centers P.A. This email, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and the entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Patients Comprehensive Cancer Center at 972.395.1010 or via email at privacy@pccctx.com. PCCC, its subsidiaries, and affiliates hereby claim all applicable privileges related to this information. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: gstory.vcf Type: text/x-vcard Size: 291 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080104/e6a6acc1/gstory.vcf From martinh at solidstatelogic.com Fri Jan 4 15:22:29 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jan 4 15:22:45 2008 Subject: install 4.66.5.-2 error Message-ID: <1e58b8eea5f4ac47b3eed272d0085a72@solidstatelogic.com> Jules So this error pop up when trying to install the Storable perl module...perl 5.8.5 on FreeBSD 4.11... t/attach_errors.......ok t/attach_singleton....ok t/blessed.............ok t/canonical...........ok t/circular_hook.......ok t/code................ok t/compat01............skipped all skipped: Test only works for 32 bit little-ending machines t/compat06............ok t/croak...............Oi! No! Don't change this test so that Carp is used before Storable at t/croak.t line 23. BEGIN failed--compilation aborted at t/croak.t line 25. t/croak...............dubious Test returned status 255 (wstat 65280, 0xff00) t/dclone..............ok t/downgrade...........ok t/file_magic..........ok t/forgive.............ok t/freeze..............ok t/integer.............ok t/interwork56.........ok t/just_plain_nasty....ok t/lock................ok t/malice..............ok t/overload............ok t/recurse.............ok t/restrict............ok t/retrieve............ok t/sig_die.............ok t/store...............ok t/threads.............skipped all skipped: no threads t/tied................ok t/tied_hook...........ok t/tied_items..........ok t/utf8................ok t/utf8hash............ok t/weak................ok Failed Test Stat Wstat Total Fail List of Failed ------------------------------------------------------------------------------- t/croak.t 255 65280 ?? ?? ?? 2 tests skipped. Failed 1/32 test scripts. 0/2358 subtests failed. Files=32, Tests=2358, 4 wallclock secs ( 2.38 cusr + 0.27 csys = 2.64 CPU) Failed 1/32 test programs. 0/2358 subtests failed. *** Error code 255 Stop in /tmp/Storable-2.16. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From prandal at herefordshire.gov.uk Fri Jan 4 15:30:06 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Jan 4 15:30:24 2008 Subject: Max file size In-Reply-To: <477E473B.9010706@pccctx.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02819384@HC-MBX02.herefordshire.gov.uk> All of which is pretty pointless because a large file with the EICAR string attached at the end is no longer the EICAR "virus", IMHO, as the EICAR test file is defined to be 68 bytes long, no more, no less. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Guy Story KC5GOI > Sent: 04 January 2008 14:48 > To: MailScanner discussion > Subject: Re: Max file size > > Matt, I did add the EICAR at the end of my test text file. Based on > your suggestion I moved it to the top of the text file and that was > stopped. Putting the EICAR in the middle kept it from getting caught. > I increased the Max SpamAssassin Size parameter from 30000 to > 300000 and > that did not clear the error message. I will keep looking. > > Jeff mentioned looking for "Max Spam Check Size =" I could not find > that entry in my MailScanner.conf file. That was also the parameter > that my Google searches refered to. If it is not present, is that the > default setting? > > Matt Kettler wrote: > > Guy Story KC5GOI wrote: > >> I have a max file size question. I am getting " is too big for spam > >> checks (2090980 > 150000 bytes) " A search of > mailscanner.conf does not > >> find the vaule 150000. > > > > This should be the "Max SpamAssassin Size" option, which, > AFAIK, should > > only apply to SpamAssassin, not AV scanning. > > > >> I read a few posts I found after using google and > >> they indicate this is not an issue. I added the EICAR to a > 175k text > >> file. It was flagged as too big for spam scanning and the > AV scanning > >> did not happen. > > > > Are you sure your AV would detect the resulting file as a virus? > > > > I tried pre-pending it to a 400k file, and MailScanner > found it just fine. > > > > Appending it to the same file, it was not detected. > > > > HOWEVER, copying this same file to my server and manually > running all of > > AV scanners on it (bitdefender, clamav, command av) did not detect a > > virus either. Apparently most AV products will only detect > eicar if it's > > at the beginning of the file. (This is probably to reduce FP's) > > > -- > Regards, > > Guy Story KC5GOI > MIS Manager Texas Hematology Oncology Centers P.A. > > This email, facsimile, or letter and any files or attachments > transmitted with it contains information that is confidential and > privileged. This information is intended only for the use of the > individual(s) and the entity(ies) to whom it is addressed. If you > are the intended recipient, further disclosures are prohibited > without proper authorization. If you are not the intended recipient, > any disclosure, copying, printing or use of this information is > strictly prohibited and possibly a violation of federal or state > law and regulations. If you have received this information in > error, please notify Patients Comprehensive Cancer Center at > 972.395.1010 or via email at privacy@pccctx.com. PCCC, its > subsidiaries, and affiliates hereby claim all applicable privileges > related to this information. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > From MailScanner at ecs.soton.ac.uk Fri Jan 4 15:37:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 15:37:35 2008 Subject: Max file size In-Reply-To: <477E473B.9010706@pccctx.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> Message-ID: <477E52AA.30808@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It's called Max Spam Check Size = 200k in the default MailScanner.conf file. Guy Story KC5GOI wrote: > Matt, I did add the EICAR at the end of my test text file. Based on > your suggestion I moved it to the top of the text file and that was > stopped. Putting the EICAR in the middle kept it from getting caught. > I increased the Max SpamAssassin Size parameter from 30000 to 300000 and > that did not clear the error message. I will keep looking. > > Jeff mentioned looking for "Max Spam Check Size =" I could not find > that entry in my MailScanner.conf file. That was also the parameter > that my Google searches refered to. If it is not present, is that the > default setting? > > Matt Kettler wrote: > >> Guy Story KC5GOI wrote: >> >>> I have a max file size question. I am getting " is too big for spam >>> checks (2090980 > 150000 bytes) " A search of mailscanner.conf does not >>> find the vaule 150000. >>> >> This should be the "Max SpamAssassin Size" option, which, AFAIK, should >> only apply to SpamAssassin, not AV scanning. >> >> >>> I read a few posts I found after using google and >>> they indicate this is not an issue. I added the EICAR to a 175k text >>> file. It was flagged as too big for spam scanning and the AV scanning >>> did not happen. >>> >> Are you sure your AV would detect the resulting file as a virus? >> >> I tried pre-pending it to a 400k file, and MailScanner found it just fine. >> >> Appending it to the same file, it was not detected. >> >> HOWEVER, copying this same file to my server and manually running all of >> AV scanners on it (bitdefender, clamav, command av) did not detect a >> virus either. Apparently most AV products will only detect eicar if it's >> at the beginning of the file. (This is probably to reduce FP's) >> > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHflKrEfZZRxQVtlQRAoaBAJ9mlbSWCv1121h3usEYPtZaO0j4+wCcCKKj qJAb5H/karwWXUv6FyLIY/k= =F8CR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Fri Jan 4 15:39:55 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jan 4 15:40:18 2008 Subject: Max file size In-Reply-To: <477E473B.9010706@pccctx.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> Message-ID: <477E534B.5010107@evi-inc.com> Guy Story KC5GOI wrote: > Matt, I did add the EICAR at the end of my test text file. Based on > your suggestion I moved it to the top of the text file and that was > stopped. Putting the EICAR in the middle kept it from getting caught. > I increased the Max SpamAssassin Size parameter from 30000 to 300000 and > that did not clear the error message. I will keep looking. Again, be sure to test your files directly against your AV scanner. If your AV won't detect it, mailscanner won't detect it. ClamAV will not detect the EICAR signature at the end, and probably won't detect it anywhere other than the beginning. In fact, technically speaking, EICAR shouldn't even be detected when pre-pended to a large file. By definition of the EICAR signature, it is only valid at the start of a file, and may only by followed by whitespace charachters. There must not be more than a total file size of 128 bytes. So, any file over 128 bytes is, by definition, not an EICAR signature, and AV products should ignore it. See also: http://www.eicar.org/anti_virus_test_file.htm ClamAV appears to be running by the relaxed rule of detecting it at the beginning of the file, and allowing any arbitrary data to follow it. BitDefender appears to correctly ignore my large file with the EICAR signature at the front. > Jeff mentioned looking for "Max Spam Check Size =" I could not find > that entry in my MailScanner.conf file. That was also the parameter > that my Google searches refered to. If it is not present, is that the > default setting? I don't know. It seems rather odd you don't have that setting, unless you are running a *VERY* old MailScanner, or have been upgrading from one without using the upgrade script that updates your .cf file by adding in all the latest settings. From martinh at solidstatelogic.com Fri Jan 4 15:40:16 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jan 4 15:40:27 2008 Subject: install 4.66.5.-2 error In-Reply-To: <1e58b8eea5f4ac47b3eed272d0085a72@solidstatelogic.com> Message-ID: <3c3e33c0d7273b41ac1128589d332538@solidstatelogic.com> Jules I also note "MailScanner -V" doesn't mention Storable at any stage that I can spot..(but could be Friday afternoon blindness on my part ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: 04 January 2008 15:22 > To: MailScanner discussion > Subject: install 4.66.5.-2 error > > Jules > > So this error pop up when trying to install the Storable perl > module...perl 5.8.5 on FreeBSD 4.11... > > > t/attach_errors.......ok > t/attach_singleton....ok > t/blessed.............ok > t/canonical...........ok > t/circular_hook.......ok > t/code................ok > t/compat01............skipped > all skipped: Test only works for 32 bit little-ending machines > t/compat06............ok > t/croak...............Oi! No! Don't change this test so that Carp is used > before Storable at t/croak.t line 23. > BEGIN failed--compilation aborted at t/croak.t line 25. > t/croak...............dubious > Test returned status 255 (wstat 65280, 0xff00) > t/dclone..............ok > t/downgrade...........ok > t/file_magic..........ok > t/forgive.............ok > t/freeze..............ok > t/integer.............ok > t/interwork56.........ok > t/just_plain_nasty....ok > t/lock................ok > t/malice..............ok > t/overload............ok > t/recurse.............ok > t/restrict............ok > t/retrieve............ok > t/sig_die.............ok > t/store...............ok > t/threads.............skipped > all skipped: no threads > t/tied................ok > t/tied_hook...........ok > t/tied_items..........ok > t/utf8................ok > t/utf8hash............ok > t/weak................ok > Failed Test Stat Wstat Total Fail List of Failed > -------------------------------------------------------------------------- > ----- > t/croak.t 255 65280 ?? ?? ?? > 2 tests skipped. > Failed 1/32 test scripts. 0/2358 subtests failed. > Files=32, Tests=2358, 4 wallclock secs ( 2.38 cusr + 0.27 csys = 2.64 > CPU) > Failed 1/32 test programs. 0/2358 subtests failed. > *** Error code 255 > > Stop in /tmp/Storable-2.16. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Jan 4 15:40:28 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 15:40:52 2008 Subject: install 4.66.5.-2 error In-Reply-To: <1e58b8eea5f4ac47b3eed272d0085a72@solidstatelogic.com> References: <1e58b8eea5f4ac47b3eed272d0085a72@solidstatelogic.com> Message-ID: <477E536C.6000003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do you get the same error if you install the very latest Storable available from CPAN? Martin.Hepworth wrote: > Jules > > So this error pop up when trying to install the Storable perl module...perl 5.8.5 on FreeBSD 4.11... > > > t/attach_errors.......ok > t/attach_singleton....ok > t/blessed.............ok > t/canonical...........ok > t/circular_hook.......ok > t/code................ok > t/compat01............skipped > all skipped: Test only works for 32 bit little-ending machines > t/compat06............ok > t/croak...............Oi! No! Don't change this test so that Carp is used before Storable at t/croak.t line 23. > BEGIN failed--compilation aborted at t/croak.t line 25. > t/croak...............dubious > Test returned status 255 (wstat 65280, 0xff00) > t/dclone..............ok > t/downgrade...........ok > t/file_magic..........ok > t/forgive.............ok > t/freeze..............ok > t/integer.............ok > t/interwork56.........ok > t/just_plain_nasty....ok > t/lock................ok > t/malice..............ok > t/overload............ok > t/recurse.............ok > t/restrict............ok > t/retrieve............ok > t/sig_die.............ok > t/store...............ok > t/threads.............skipped > all skipped: no threads > t/tied................ok > t/tied_hook...........ok > t/tied_items..........ok > t/utf8................ok > t/utf8hash............ok > t/weak................ok > Failed Test Stat Wstat Total Fail List of Failed > ------------------------------------------------------------------------------- > t/croak.t 255 65280 ?? ?? ?? > 2 tests skipped. > Failed 1/32 test scripts. 0/2358 subtests failed. > Files=32, Tests=2358, 4 wallclock secs ( 2.38 cusr + 0.27 csys = 2.64 CPU) > Failed 1/32 test programs. 0/2358 subtests failed. > *** Error code 255 > > Stop in /tmp/Storable-2.16. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHflNtEfZZRxQVtlQRAr7PAJ9h3inNe4LCtjusQl2s9x4zlql7ywCeP7a+ t1E16wDHZcqWwEs/c+QZETE= =eP7d -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Fri Jan 4 15:41:28 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jan 4 15:42:00 2008 Subject: Max file size In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA02819384@HC-MBX02.herefordshire.gov.uk> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <7EF0EE5CB3B263488C8C18823239BEBA02819384@HC-MBX02.herefordshire.gov.uk> Message-ID: <477E53A8.1050809@evi-inc.com> Randal, Phil wrote: > All of which is pretty pointless because a large file with the EICAR > string attached at the end is no longer the EICAR "virus", IMHO, as the > EICAR test file is defined to be 68 bytes long, no more, no less. > Actually, it can be padded out to 128 bytes with whitespace, but no more. ------ The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. ------- Which is straight from the mouth of EICAR itself: http://www.eicar.org/anti_virus_test_file.htm From Denis.Beauchemin at USherbrooke.ca Fri Jan 4 15:45:44 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jan 4 15:46:26 2008 Subject: Max file size In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA02819384@HC-MBX02.herefordshire.gov.uk> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <7EF0EE5CB3B263488C8C18823239BEBA02819384@HC-MBX02.herefordshire.gov.uk> Message-ID: <477E54A8.1090603@USherbrooke.ca> Randal, Phil a ?crit : > All of which is pretty pointless because a large file with the EICAR > string attached at the end is no longer the EICAR "virus", IMHO, as the > EICAR test file is defined to be 68 bytes long, no more, no less. > I have found this on http://www.eicar.org/anti_virus_test_file.htm : The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!"). It is also short and simple - in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product that supports the EICAR test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From martinh at solidstatelogic.com Fri Jan 4 16:13:17 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jan 4 16:13:35 2008 Subject: install 4.66.5.-2 error In-Reply-To: <477E536C.6000003@ecs.soton.ac.uk> Message-ID: <620b2bec58c92b4fabe9e30e93851842@solidstatelogic.com> Jules For once I was ahead of you and using 2.18 (latest according the CPAN mirror I use) it works fine and dandy. Dunno why Mailscanner -v doesn't show storable though... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 04 January 2008 15:40 > To: MailScanner discussion > Subject: Re: install 4.66.5.-2 error > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Do you get the same error if you install the very latest Storable > available from CPAN? > > Martin.Hepworth wrote: > > Jules > > > > So this error pop up when trying to install the Storable perl > module...perl 5.8.5 on FreeBSD 4.11... > > > > > > t/attach_errors.......ok > > t/attach_singleton....ok > > t/blessed.............ok > > t/canonical...........ok > > t/circular_hook.......ok > > t/code................ok > > t/compat01............skipped > > all skipped: Test only works for 32 bit little-ending machines > > t/compat06............ok > > t/croak...............Oi! No! Don't change this test so that Carp is > used before Storable at t/croak.t line 23. > > BEGIN failed--compilation aborted at t/croak.t line 25. > > t/croak...............dubious > > Test returned status 255 (wstat 65280, 0xff00) > > t/dclone..............ok > > t/downgrade...........ok > > t/file_magic..........ok > > t/forgive.............ok > > t/freeze..............ok > > t/integer.............ok > > t/interwork56.........ok > > t/just_plain_nasty....ok > > t/lock................ok > > t/malice..............ok > > t/overload............ok > > t/recurse.............ok > > t/restrict............ok > > t/retrieve............ok > > t/sig_die.............ok > > t/store...............ok > > t/threads.............skipped > > all skipped: no threads > > t/tied................ok > > t/tied_hook...........ok > > t/tied_items..........ok > > t/utf8................ok > > t/utf8hash............ok > > t/weak................ok > > Failed Test Stat Wstat Total Fail List of Failed > > ------------------------------------------------------------------------ > ------- > > t/croak.t 255 65280 ?? ?? ?? > > 2 tests skipped. > > Failed 1/32 test scripts. 0/2358 subtests failed. > > Files=32, Tests=2358, 4 wallclock secs ( 2.38 cusr + 0.27 csys = 2.64 > CPU) > > Failed 1/32 test programs. 0/2358 subtests failed. > > *** Error code 255 > > > > Stop in /tmp/Storable-2.16. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHflNtEfZZRxQVtlQRAr7PAJ9h3inNe4LCtjusQl2s9x4zlql7ywCeP7a+ > t1E16wDHZcqWwEs/c+QZETE= > =eP7d > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ssilva at sgvwater.com Fri Jan 4 16:15:07 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 4 16:15:26 2008 Subject: Max file size In-Reply-To: <477E473B.9010706@pccctx.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> Message-ID: on 1/4/2008 6:48 AM Guy Story KC5GOI spake the following: > Matt, I did add the EICAR at the end of my test text file. Based on > your suggestion I moved it to the top of the text file and that was > stopped. Putting the EICAR in the middle kept it from getting caught. > I increased the Max SpamAssassin Size parameter from 30000 to 300000 and > that did not clear the error message. I will keep looking. > > Jeff mentioned looking for "Max Spam Check Size =" I could not find > that entry in my MailScanner.conf file. That was also the parameter > that my Google searches referred to. If it is not present, is that the > default setting? How about telling us what version of MailScanner you are using? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jan 4 16:19:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 4 16:20:15 2008 Subject: Txt file considered as program? In-Reply-To: <477E400D.4070802@hbcs.org> References: <477DA43E.2060408@indomino.net> <477DA94F.4070409@gmail.com> <477DF9B3.401@indomino.net> <477E2A65.10005@gmail.com> <477E3B70.1040907@fsl.com> <477E400D.4070802@hbcs.org> Message-ID: on 1/4/2008 6:17 AM Dave C spake the following: > Steve Freegard wrote: >> Thiago Henrique wrote: >>> I have the same problem where. When i check the .txt file generated >>> by Outoolk in reply of some messages this return "DOS executable (COM)". >>> >>> Example: >>> morpheus quarantine # file ./20080104/1A48799ACB.89983/msg- 2327-60.txt >>> ./20080104/1A48799ACB.89983/msg-2327-60.txt: DOS executable (COM) >> >> If you change this to 'file -i ' does it produce the same >> executable output? >> >> Kind regards, >> Steve. > > Having similar situation here. > Have a quarantined message that was sent from a blackberry that is > getting marked as a quicktime file. > > > [lists~]#file > /var/spool/MailScanner/quarantine/20071212/lBCEAfiE023370/msg-10792-41.txt > /var/spool/MailScanner/quarantine/20071212/lBCEAfiE023370/msg-10792-41.txt: > Apple QuickTime movie file (free) > > [lists~]# file -i > /var/spool/MailScanner/quarantine/20071212/lBCEAfiE023370/msg-10792-41.txt > /var/spool/MailScanner/quarantine/20071212/lBCEAfiE023370/msg-10792-41.txt: > text/plain; charset=iso-8859-1 > > That one is easy! If you start a txt file with the word "free" it will get detected as a quicktime file. Another one to "fix" in the magic file. That is why I never get the messages about "free beer"! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Fri Jan 4 16:24:01 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 4 16:25:13 2008 Subject: Txt file considered as program? In-Reply-To: <477DF8CD.9030800@indomino.net> References: <477DA43E.2060408@indomino.net> <477DF8CD.9030800@indomino.net> Message-ID: on 1/4/2008 1:13 AM Budi Febrianto spake the following: > Ugo Bellavance wrote: >> Budi Febrianto wrote: >>> Dear all, >>> >>> I see many emails quarantine in the mailscanner server because it >>> have attachment that considered as program, but the attachment >>> actually txt attachment. >>> >>> MailScanner: No programs allowed (msg-27290-704.txt) >>> >> >> That is a filetype problem, not a filename... >> >> Regards, >> >> Ugo >> > Why txt file considered as program? > Is it CentOS problem? > > Technically it would be a RedHat problem, because CentOS doesn't change the magic file that RedHat ships. But many other distros would also hit some of these. Those magic definitions are very old, and from a time when e-mail was less in use. Does anybody have a link to a better magic file? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gstory at pccctx.com Fri Jan 4 16:40:37 2008 From: gstory at pccctx.com (Guy Story KC5GOI) Date: Fri Jan 4 16:40:55 2008 Subject: Max file size In-Reply-To: References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> Message-ID: <477E6185.8020009@pccctx.com> I am using 4.58.9-2 since that is what is on the Ubuntu repositories. I have been using the same conf file for a long time and have not run the upgrade script manually. I assume, and it looks like this is a wrong assumption, that the Ubuntu package does not do it either. I can add the Max Spam Check Size to MailScanner.conf and go from there. Scott Silva wrote: > on 1/4/2008 6:48 AM Guy Story KC5GOI spake the following: >> Matt, I did add the EICAR at the end of my test text file. Based on >> your suggestion I moved it to the top of the text file and that was >> stopped. Putting the EICAR in the middle kept it from getting caught. >> I increased the Max SpamAssassin Size parameter from 30000 to 300000 and >> that did not clear the error message. I will keep looking. >> >> Jeff mentioned looking for "Max Spam Check Size =" I could not find >> that entry in my MailScanner.conf file. That was also the parameter >> that my Google searches referred to. If it is not present, is that the >> default setting? > How about telling us what version of MailScanner you are using? > > -- Regards, Guy Story KC5GOI MIS Manager Texas Hematology Oncology Centers P.A. This email, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and the entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Patients Comprehensive Cancer Center at 972.395.1010 or via email at privacy@pccctx.com. PCCC, its subsidiaries, and affiliates hereby claim all applicable privileges related to this information. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: gstory.vcf Type: text/x-vcard Size: 291 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080104/2453f4fc/gstory.vcf From martinh at solidstatelogic.com Fri Jan 4 16:52:41 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Jan 4 16:53:02 2008 Subject: Max file size In-Reply-To: <477E6185.8020009@pccctx.com> Message-ID: Guy Yes, looks like when you upgraded to 4.58 you didn't run the upgrade script to add this setting into the MailScanner.conf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Guy Story KC5GOI > Sent: 04 January 2008 16:41 > To: MailScanner discussion > Subject: Re: Max file size > > I am using 4.58.9-2 since that is what is on the Ubuntu repositories. I > have been using the same conf file for a long time and have not run the > upgrade script manually. I assume, and it looks like this is a wrong > assumption, that the Ubuntu package does not do it either. I can add > the Max Spam Check Size to MailScanner.conf and go from there. > > Scott Silva wrote: > > on 1/4/2008 6:48 AM Guy Story KC5GOI spake the following: > >> Matt, I did add the EICAR at the end of my test text file. Based on > >> your suggestion I moved it to the top of the text file and that was > >> stopped. Putting the EICAR in the middle kept it from getting caught. > >> I increased the Max SpamAssassin Size parameter from 30000 to 300000 > and > >> that did not clear the error message. I will keep looking. > >> > >> Jeff mentioned looking for "Max Spam Check Size =" I could not find > >> that entry in my MailScanner.conf file. That was also the parameter > >> that my Google searches referred to. If it is not present, is that the > >> default setting? > > How about telling us what version of MailScanner you are using? > > > > > > -- > Regards, > > Guy Story KC5GOI > MIS Manager Texas Hematology Oncology Centers P.A. > > This email, facsimile, or letter and any files or attachments > transmitted with it contains information that is confidential and > privileged. This information is intended only for the use of the > individual(s) and the entity(ies) to whom it is addressed. If you > are the intended recipient, further disclosures are prohibited > without proper authorization. If you are not the intended recipient, > any disclosure, copying, printing or use of this information is > strictly prohibited and possibly a violation of federal or state > law and regulations. If you have received this information in > error, please notify Patients Comprehensive Cancer Center at > 972.395.1010 or via email at privacy@pccctx.com. PCCC, its > subsidiaries, and affiliates hereby claim all applicable privileges > related to this information. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Fri Jan 4 16:56:58 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 16:57:19 2008 Subject: install 4.66.5.-2 error In-Reply-To: <620b2bec58c92b4fabe9e30e93851842@solidstatelogic.com> References: <620b2bec58c92b4fabe9e30e93851842@solidstatelogic.com> Message-ID: <477E655A.7070904@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin.Hepworth wrote: > Jules > > For once I was ahead of you and using 2.18 (latest according the CPAN mirror I use) it works fine and dandy. > > Dunno why Mailscanner -v doesn't show storable though... > The next version will show you this. There might be one or two others missing though. Let me know if you find any others that are missing. > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 04 January 2008 15:40 >> To: MailScanner discussion >> Subject: Re: install 4.66.5.-2 error >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Do you get the same error if you install the very latest Storable >> available from CPAN? >> >> Martin.Hepworth wrote: >> >>> Jules >>> >>> So this error pop up when trying to install the Storable perl >>> >> module...perl 5.8.5 on FreeBSD 4.11... >> >>> t/attach_errors.......ok >>> t/attach_singleton....ok >>> t/blessed.............ok >>> t/canonical...........ok >>> t/circular_hook.......ok >>> t/code................ok >>> t/compat01............skipped >>> all skipped: Test only works for 32 bit little-ending machines >>> t/compat06............ok >>> t/croak...............Oi! No! Don't change this test so that Carp is >>> >> used before Storable at t/croak.t line 23. >> >>> BEGIN failed--compilation aborted at t/croak.t line 25. >>> t/croak...............dubious >>> Test returned status 255 (wstat 65280, 0xff00) >>> t/dclone..............ok >>> t/downgrade...........ok >>> t/file_magic..........ok >>> t/forgive.............ok >>> t/freeze..............ok >>> t/integer.............ok >>> t/interwork56.........ok >>> t/just_plain_nasty....ok >>> t/lock................ok >>> t/malice..............ok >>> t/overload............ok >>> t/recurse.............ok >>> t/restrict............ok >>> t/retrieve............ok >>> t/sig_die.............ok >>> t/store...............ok >>> t/threads.............skipped >>> all skipped: no threads >>> t/tied................ok >>> t/tied_hook...........ok >>> t/tied_items..........ok >>> t/utf8................ok >>> t/utf8hash............ok >>> t/weak................ok >>> Failed Test Stat Wstat Total Fail List of Failed >>> ------------------------------------------------------------------------ >>> >> ------- >> >>> t/croak.t 255 65280 ?? ?? ?? >>> 2 tests skipped. >>> Failed 1/32 test scripts. 0/2358 subtests failed. >>> Files=32, Tests=2358, 4 wallclock secs ( 2.38 cusr + 0.27 csys = 2.64 >>> >> CPU) >> >>> Failed 1/32 test programs. 0/2358 subtests failed. >>> *** Error code 255 >>> >>> Stop in /tmp/Storable-2.16. >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>> >>> >>> >>> ********************************************************************** >>> Confidentiality : This e-mail and any attachments are intended for the >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We advise >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales >>> (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> ********************************************************************** >>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.7.0 (Build 1012) >> Comment: (pgp-secured) >> Charset: ISO-8859-1 >> >> wj8DBQFHflNtEfZZRxQVtlQRAr7PAJ9h3inNe4LCtjusQl2s9x4zlql7ywCeP7a+ >> t1E16wDHZcqWwEs/c+QZETE= >> =eP7d >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHfmVaEfZZRxQVtlQRAgrVAKDyXevLWGllDfFGKkqrY4bCi+xPTACglEXs jLv7zfqDTjNMLhd8eVMBhoI= =hNwI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 4 16:59:44 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 17:00:03 2008 Subject: Max file size In-Reply-To: <477E6185.8020009@pccctx.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E6185.8020009@pccctx.com> Message-ID: <477E6600.7000703@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guy Story KC5GOI wrote: > I am using 4.58.9-2 Considering the current version is 4.66, that's more than 8 months old. Quite old... > since that is what is on the Ubuntu repositories. I > have been using the same conf file for a long time and have not run the > upgrade script manually. I assume, and it looks like this is a wrong > assumption, that the Ubuntu package does not do it either. I can add > the Max Spam Check Size to MailScanner.conf and go from there. > Use the upgrade_MailScanner_conf script, it won't do any damage, it carefully preserves all your settings and just adds new ones so you don't have to use the defaults for new configuration settings. Just run the script without any parameters and it will tell you how to use it. > Scott Silva wrote: > >> on 1/4/2008 6:48 AM Guy Story KC5GOI spake the following: >> >>> Matt, I did add the EICAR at the end of my test text file. Based on >>> your suggestion I moved it to the top of the text file and that was >>> stopped. Putting the EICAR in the middle kept it from getting caught. >>> I increased the Max SpamAssassin Size parameter from 30000 to 300000 and >>> that did not clear the error message. I will keep looking. >>> >>> Jeff mentioned looking for "Max Spam Check Size =" I could not find >>> that entry in my MailScanner.conf file. That was also the parameter >>> that my Google searches referred to. If it is not present, is that the >>> default setting? >>> >> How about telling us what version of MailScanner you are using? >> >> >> > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHfmYBEfZZRxQVtlQRAvB/AJwKUubbF984lxaPc0C5FWhz47qpvwCgpkhB Plx+eHlJ53JJLvjelHNk0jQ= =fQ3G -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From davejones70 at gmail.com Fri Jan 4 17:38:40 2008 From: davejones70 at gmail.com (Dave Jones) Date: Fri Jan 4 17:38:50 2008 Subject: Txt file considered as program? Message-ID: <67a55ed50801040938t18105f4p4f11ce01d1adb778@mail.gmail.com> >> Ugo Bellavance wrote: >>> Budi Febrianto wrote: >>>> Dear all, >>>> >>>> I see many emails quarantine in the mailscanner server because it >>>> have attachment that considered as program, but the attachment >>>> actually txt attachment. >>>> >>>> MailScanner: No programs allowed (msg-27290-704.txt) >>>> >>> >>> That is a filetype problem, not a filename... >>> >>> Regards, >>> >>> Ugo >>> >> Why txt file considered as program? >> Is it CentOS problem? >> >> >Technically it would be a RedHat problem, because CentOS doesn't change the >magic file that RedHat ships. But many other distros would also hit some of >these. Those magic definitions are very old, and from a time when e-mail was l>ess in use. >Does anybody have a link to a better magic file? I have seeing this on RHEL5 with false RAR detections... Quarantine: /var/spool/MailScanner/quarantine/20080103/m03CmBos017909 Report: MailScanner: No RAR archive data allowed (msg-1125-214.txt) # file /var/spool/MailScanner/quarantine/20080103/m03CmBos017909/msg- 1125-214.txt /var/spool/MailScanner/quarantine/20080103/m03CmBos017909/msg- 1125-214.txt: Apple Partition data block size: 26214, first type: ominick; Herbst, Harry, name: ammy; Render, Ray; Berarducci, , number of blocks: 541614450, # file -i /var/spool/MailScanner/quarantine/20080103/m03CmBos017909/msg- 1125-214.txt /var/spool/MailScanner/quarantine/20080103/m03CmBos017909/msg-1125-214.txt: text/plain; charset=us-ascii -- Dave Jones -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080104/b8053f4f/attachment.html From mkettler at evi-inc.com Fri Jan 4 17:50:47 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jan 4 17:51:15 2008 Subject: Max file size In-Reply-To: <477E52AA.30808@ecs.soton.ac.uk> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E52AA.30808@ecs.soton.ac.uk> Message-ID: <477E71F7.8040805@evi-inc.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It's called > Max Spam Check Size = 200k > in the default MailScanner.conf file. Ok, so apparently *I'm* the one running a really old version (4.58 family). That version uses "Max SpamAssassin Size", which you apparently renamed at some point. From mgarcia at nettix.com.pe Fri Jan 4 19:03:06 2008 From: mgarcia at nettix.com.pe (Martin Garcia) Date: Fri Jan 4 19:02:28 2008 Subject: ERROR: You must upgrade your perl IO module to at least Message-ID: <20080104140306.leao5n2da8o0o0k8@gateway.nettix.com.pe> Guys, I installed IO using MCPAN, and fixed the problem, answering to Julian, I installed from the package for RH (as I usually update) I only did ./install.sh and everything ran, I have this perl-IO-1.2301-1.el4.rf and in the MS 4.66 tar.gz file it comes with perl-IO-1.2301-1.src.rpm May be im not installing properly, anyway is fixed Cualquier duda o consulta estoy a su disposicion. Atentamente / Sincerely MARTIN GARCIA Consultor Linux y redes Nettix Peru telf: +(511)9735-4848 mailto:mgarcia@nettix.com.pe ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From Denis.Beauchemin at USherbrooke.ca Fri Jan 4 19:02:29 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jan 4 19:03:41 2008 Subject: Vulnerability in Net::DNS 0.60 Message-ID: <477E82C5.3040702@USherbrooke.ca> Hello all, I just read the following: 07.52.14 CVE: CVE-2007-6341 Platform: Linux Title: Perl Net::DNS DNS Response Remote Denial of Service Description: The Perl Net::DNS module allows scripts written in Perl to perform DNS queries. The application is exposed to a remote denial of service issue due to a failure of the module to properly handle malformed DNS responses. DNS version 0.60 is affected. Ref: https://rt.cpan.org/Public/Bug/Display.html?id=30316 Julian, your easy Clam+SA install package contains Net::DNS 0.60. The current version is 0.62. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From shuttlebox at gmail.com Fri Jan 4 19:04:04 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jan 4 19:04:13 2008 Subject: Max file size In-Reply-To: <477E71F7.8040805@evi-inc.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E52AA.30808@ecs.soton.ac.uk> <477E71F7.8040805@evi-inc.com> Message-ID: <625385e30801041104w27cccc18s5a19a8bb1203ddcd@mail.gmail.com> On Jan 4, 2008 6:50 PM, Matt Kettler wrote: > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > It's called > > Max Spam Check Size = 200k > > in the default MailScanner.conf file. > > Ok, so apparently *I'm* the one running a really old version (4.58 family). That > version uses "Max SpamAssassin Size", which you apparently renamed at some point. If I'm not mistaken newer versions have both. The first is to skip spam checks checks, the second sets how much data is sent to SA. -- /peter From gmane at tippingmar.com Fri Jan 4 19:05:55 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Jan 4 19:06:23 2008 Subject: MailScanner on yum repository In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local> Message-ID: Jason Ede wrote: > Hugo, > > When do you plan to put 4.66 onto the yum respository? > > I?ve used it to install mailscanner and it went on like a dream apart > from needing the mailtools patch for which I?ll need to wait for 4.66 I played around with the repo too when I was setting up a new server. Initially I thought I could use the yum priorities plugin to prevent installation of packages from rpmforge that were already in the centOS base repo. This won't work though, because one of the requires for MailScanner is a recent SA and there is an old SA package in the base repo, so the priorities plugin prevents yum from finding the new SA package in rpmforge. You have to disable the priorities plugin or assign rpmforge an equal priority with the base repo, which effectively does the same thing. Then the problem of package updates in the rpmforge repo breaking a working MailScanner started to show up. Upon further reflection, I think there are a few ways to make this work. One would be to specify exact package version requirements in the mailscanner-wrapper spec file. So instead of: Requires: perl-MIME-tools >= 5.412 specify the exact package known to work with MailScanner. This should be the version provided in Julian's install package. I think yum would then refuse to upgrade those packages when new ones come out on rpmforge, which would be good. In fact, this would be an improvement over using Julian's installation script, because having the mailscanner-wrapper rpm installed would protect you against updates that might break your mailscanner. Another option would be to maintain a complete repo with all the packages needed, and then use the priorities plugin to give this repo a higher priority than rpmforge. I don't know much about maintaining repos. Maybe the packages are just copied over from rpmforge. I confess that ultimately I went back to the standard install script (which works perfectly well of course), but I think the repo method could be made to work with some volunteer effort, and may even offer some advantages as outlined above. Mark From shuttlebox at gmail.com Fri Jan 4 19:17:58 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jan 4 19:18:06 2008 Subject: ERROR: You must upgrade your perl IO module to at least In-Reply-To: <20080104140306.leao5n2da8o0o0k8@gateway.nettix.com.pe> References: <20080104140306.leao5n2da8o0o0k8@gateway.nettix.com.pe> Message-ID: <625385e30801041117i6170694em9c4444e57c0792d2@mail.gmail.com> On Jan 4, 2008 8:03 PM, Martin Garcia wrote: > Guys, > > I installed IO using MCPAN, > and fixed the problem, answering to Julian, I installed from the > package for RH (as I usually update) I only did ./install.sh and > everything ran, > I have this perl-IO-1.2301-1.el4.rf and in the MS 4.66 tar.gz file it > comes with perl-IO-1.2301-1.src.rpm > > May be im not installing properly, anyway is fixed Have you checked where that RPM installed the module? IO is included in Perl itself, I'm guessing you have 1.22. If the RPM with IO 1.2301 installed in site/vendor/lib/share or whatever is used for your OS it might not be used due to Perl's INC (search path). Here's the INC from the Ubuntu system I'm currently on: @INC: /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl . If you do "find /usr -name IO.pm" I guess you will find the included IO in one of the early directories with the version number in them. Your newly installed IO will be in one of the directories used later in the INC. That's why it wasn't used. When you install with CPAN it overwrites the standard modules which solved your problem but not in the nicest way. :-) -- /peter From MailScanner at ecs.soton.ac.uk Fri Jan 4 19:20:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 19:21:04 2008 Subject: 4.66.5-3 Message-ID: <477E8706.5000606@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've just released this, hopefully with only 1 change. It will force the installation of the Perl IO module which should stop the problems caused on RPM systems where people install the latest upgrade and then find their MailScanner won't start. Any problems with it, please shout! Thanks, Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHfocJEfZZRxQVtlQRAkRkAKDr5G0XuJU1qyH09fjW9fz/CyUqAACgtDPO QfGlzhp0npO+X+mkYb/iJ1k= =YFLW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 4 19:28:58 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 19:29:25 2008 Subject: ERROR: You must upgrade your perl IO module to at least In-Reply-To: <20080104140306.leao5n2da8o0o0k8@gateway.nettix.com.pe> References: <20080104140306.leao5n2da8o0o0k8@gateway.nettix.com.pe> Message-ID: <477E88FA.2000709@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The 4.66.5-3 I have just released should resolve this problem. Sorry guys! Martin Garcia wrote: > Guys, > > I installed IO using MCPAN, > and fixed the problem, answering to Julian, I installed from the > package for RH (as I usually update) I only did ./install.sh and > everything ran, > I have this perl-IO-1.2301-1.el4.rf and in the MS 4.66 tar.gz file it > comes with perl-IO-1.2301-1.src.rpm > > May be im not installing properly, anyway is fixed > > > Cualquier duda o consulta estoy a su disposicion. > > Atentamente / Sincerely > > > MARTIN GARCIA > Consultor Linux y redes > Nettix Peru > telf: +(511)9735-4848 > > mailto:mgarcia@nettix.com.pe > > > > > > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHfokAEfZZRxQVtlQRAtfgAJ0RgD2HJ86xQtQypqx862xCs/NujwCePt7C gYuTRyrK4o+mVACuTwOibSc= =uEJJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 4 19:34:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 19:35:02 2008 Subject: Vulnerability in Net::DNS 0.60 In-Reply-To: <477E82C5.3040702@USherbrooke.ca> References: <477E82C5.3040702@USherbrooke.ca> Message-ID: <477E8A43.8000001@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Upgraded. There is a new version on the website which includes Net::DNS 0.62 instead of 0.60. Denis Beauchemin wrote: > Hello all, > > I just read the following: > > 07.52.14 CVE: CVE-2007-6341 > Platform: Linux > Title: Perl Net::DNS DNS Response Remote Denial of Service > Description: The Perl Net::DNS module allows scripts written in Perl > to perform DNS queries. The application is exposed to a remote denial > of service issue due to a failure of the module to properly handle > malformed DNS responses. DNS version 0.60 is affected. > Ref: https://rt.cpan.org/Public/Bug/Display.html?id=30316 > > Julian, your easy Clam+SA install package contains Net::DNS 0.60. The > current version is 0.62. > > Denis > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHfopEEfZZRxQVtlQRAq+TAJ9HzyClf73GOIwgsEITHjQd2ym9EgCeIsCL 41gQiXMouQRmVnvlIsoE3lc= =bTee -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Fri Jan 4 19:46:25 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Jan 4 19:46:53 2008 Subject: Vulnerability in Net::DNS 0.60 In-Reply-To: <477E8A43.8000001@ecs.soton.ac.uk> References: <477E82C5.3040702@USherbrooke.ca> <477E8A43.8000001@ecs.soton.ac.uk> Message-ID: I just installed Net::DNS 0.62 onto my system running MS MailScanner-4.66.5-2 (Solaris 10), no problems with doing this. Denis, thanks for the warning... Jeff Earickson Colby College On Fri, 4 Jan 2008, Julian Field wrote: > Date: Fri, 04 Jan 2008 19:34:27 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Vulnerability in Net::DNS 0.60 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Upgraded. There is a new version on the website which includes Net::DNS > 0.62 instead of 0.60. > > Denis Beauchemin wrote: >> Hello all, >> >> I just read the following: >> >> 07.52.14 CVE: CVE-2007-6341 >> Platform: Linux >> Title: Perl Net::DNS DNS Response Remote Denial of Service >> Description: The Perl Net::DNS module allows scripts written in Perl >> to perform DNS queries. The application is exposed to a remote denial >> of service issue due to a failure of the module to properly handle >> malformed DNS responses. DNS version 0.60 is affected. >> Ref: https://rt.cpan.org/Public/Bug/Display.html?id=30316 >> >> Julian, your easy Clam+SA install package contains Net::DNS 0.60. The >> current version is 0.62. >> >> Denis >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHfopEEfZZRxQVtlQRAq+TAJ9HzyClf73GOIwgsEITHjQd2ym9EgCeIsCL > 41gQiXMouQRmVnvlIsoE3lc= > =bTee > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Fri Jan 4 19:54:32 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 4 19:54:54 2008 Subject: MailScanner on yum repository In-Reply-To: References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local> Message-ID: on 1/4/2008 11:05 AM Mark Nienberg spake the following: > Jason Ede wrote: >> Hugo, >> >> When do you plan to put 4.66 onto the yum respository? >> >> I?ve used it to install mailscanner and it went on like a dream apart >> from needing the mailtools patch for which I?ll need to wait for 4.66 > > I played around with the repo too when I was setting up a new server. > Initially I thought I could use the yum priorities plugin to prevent > installation of packages from rpmforge that were already in the centOS > base repo. This won't work though, because one of the requires for > MailScanner is a recent SA and there is an old SA package in the base > repo, so the priorities plugin prevents yum from finding the new SA > package in rpmforge. You have to disable the priorities plugin or > assign rpmforge an equal priority with the base repo, which effectively > does the same thing. > > Then the problem of package updates in the rpmforge repo breaking a > working MailScanner started to show up. > > Upon further reflection, I think there are a few ways to make this > work. One would be to specify exact package version requirements in the > mailscanner-wrapper spec file. So instead of: > > Requires: perl-MIME-tools >= 5.412 > > specify the exact package known to work with MailScanner. This should > be the version provided in Julian's install package. I think yum would > then refuse to upgrade those packages when new ones come out on > rpmforge, which would be good. In fact, this would be an improvement > over using Julian's installation script, because having the > mailscanner-wrapper rpm installed would protect you against updates that > might break your mailscanner. > > Another option would be to maintain a complete repo with all the > packages needed, and then use the priorities plugin to give this repo a > higher priority than rpmforge. I don't know much about maintaining > repos. Maybe the packages are just copied over from rpmforge. > > I confess that ultimately I went back to the standard install script > (which works perfectly well of course), but I think the repo method > could be made to work with some volunteer effort, and may even offer > some advantages as outlined above. > > Mark > I have to confess that I might also go back to Julian's install script. I want to get these servers online by the end of the month. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From fssilva at gmail.com Fri Jan 4 19:58:29 2008 From: fssilva at gmail.com (Fabio Silva) Date: Fri Jan 4 19:58:38 2008 Subject: Txt file considered as program? In-Reply-To: References: <477DA43E.2060408@indomino.net> <477DF8CD.9030800@indomino.net> Message-ID: I have this problem too with SLES and OpenSuse. What could be done to fix it?? Regards. Fabio On Jan 4, 2008 1:24 PM, Scott Silva wrote: > on 1/4/2008 1:13 AM Budi Febrianto spake the following: > > Ugo Bellavance wrote: > >> Budi Febrianto wrote: > >>> Dear all, > >>> > >>> I see many emails quarantine in the mailscanner server because it > >>> have attachment that considered as program, but the attachment > >>> actually txt attachment. > >>> > >>> MailScanner: No programs allowed (msg-27290-704.txt) > >>> > >> > >> That is a filetype problem, not a filename... > >> > >> Regards, > >> > >> Ugo > >> > > Why txt file considered as program? > > Is it CentOS problem? > > > > > Technically it would be a RedHat problem, because CentOS doesn't change the > magic file that RedHat ships. But many other distros would also hit some of > these. Those magic definitions are very old, and from a time when e-mail was > less in use. > Does anybody have a link to a better magic file? > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > -- > > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Fabio S. Silva Mail: fssilva@gmail.com From Denis.Beauchemin at USherbrooke.ca Fri Jan 4 20:06:08 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jan 4 20:06:46 2008 Subject: Vulnerability in Net::DNS 0.60 In-Reply-To: References: <477E82C5.3040702@USherbrooke.ca> <477E8A43.8000001@ecs.soton.ac.uk> Message-ID: <477E91B0.20405@USherbrooke.ca> Jeff A. Earickson a ?crit : > I just installed Net::DNS 0.62 onto my system running MS > MailScanner-4.66.5-2 (Solaris 10), no problems with doing this. > Denis, thanks for the warning... I've installed it on RHEL 4 and 5 servers (same as CentOS 4 and 5) and it's also working fine. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From shuttlebox at gmail.com Fri Jan 4 20:13:12 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jan 4 20:13:21 2008 Subject: 4.66.5-3 In-Reply-To: <477E8706.5000606@ecs.soton.ac.uk> References: <477E8706.5000606@ecs.soton.ac.uk> Message-ID: <625385e30801041213w7d73fc61r6d9dd6f80002bee5@mail.gmail.com> On Jan 4, 2008 8:20 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've just released this, hopefully with only 1 change. It will force the > installation of the Perl IO module which should stop the problems caused > on RPM systems where people install the latest upgrade and then find > their MailScanner won't start. What was the problem and what did you do to fix it? Was it that IO was installed "too late" in INC or that it failed to install at all? Is the change just in the RPM/install script or in MailScanner as well? I have run into the same problem with my Blastwave packages. The IO included in Perl 5.8.8 is 1.22 which makes MS not start. I built IO 1.2301 but it installed later in INC and is not used. Instead of overwriting files belonging to the Perl package (like CPAN does) I made a workaround with wrappers using PERLLIB to change INC for use with MS. I have requested a Perl rebuild including IO 1.2301 which would allow me to build a clean package. Just curious if this was the same thing. -- /peter From ajcartmell at fonant.com Fri Jan 4 20:35:47 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Fri Jan 4 20:35:49 2008 Subject: Vulnerability in Net::DNS 0.60 In-Reply-To: <477E8A43.8000001@ecs.soton.ac.uk> References: <477E82C5.3040702@USherbrooke.ca> <477E8A43.8000001@ecs.soton.ac.uk> Message-ID: > Upgraded. There is a new version on the website which includes Net::DNS > 0.62 instead of 0.60. Thanks Jules, installs fine on FC6. Anthony -- www.fonant.com - Quality web sites From MailScanner at ecs.soton.ac.uk Fri Jan 4 20:36:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 20:36:32 2008 Subject: 4.66.5-3 In-Reply-To: <625385e30801041213w7d73fc61r6d9dd6f80002bee5@mail.gmail.com> References: <477E8706.5000606@ecs.soton.ac.uk> <625385e30801041213w7d73fc61r6d9dd6f80002bee5@mail.gmail.com> Message-ID: <477E98B9.90803@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: > On Jan 4, 2008 8:20 PM, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I've just released this, hopefully with only 1 change. It will force the >> installation of the Perl IO module which should stop the problems caused >> on RPM systems where people install the latest upgrade and then find >> their MailScanner won't start. >> > > What was the problem and what did you do to fix it? Was it that IO was > installed "too late" in INC or that it failed to install at all? Is > the change just in the RPM/install script or in MailScanner as well? > The change is just in the install script. It just forces it to install the perl-IO RPM. I haven't had a chance to test it much yet, I've got a CentOS 4 box installing at the moment as a test environment for it. > I have run into the same problem with my Blastwave packages. The IO > included in Perl 5.8.8 is 1.22 which makes MS not start. I built IO > 1.2301 but it installed later in INC and is not used. Instead of > overwriting files belonging to the Perl package (like CPAN does) I > made a workaround with wrappers using PERLLIB to change INC for use > with MS. I have requested a Perl rebuild including IO 1.2301 which > would allow me to build a clean package. Just curious if this was the > same thing. > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHfpi6EfZZRxQVtlQRAksAAKDWTEg7u9xfCACqT1LP00cNXks9KQCfXnb1 rjLKUKsc9DBCiMhLFmAbVLg= =F+pA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 4 22:31:45 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 4 22:32:18 2008 Subject: 4.66.5-3 In-Reply-To: <477E98B9.90803@ecs.soton.ac.uk> References: <477E8706.5000606@ecs.soton.ac.uk> <625385e30801041213w7d73fc61r6d9dd6f80002bee5@mail.gmail.com> <477E98B9.90803@ecs.soton.ac.uk> Message-ID: <477EB3D1.9020000@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > * PGP Signed: 01/04/08 at 20:36:10 > > > > shuttlebox wrote: >> On Jan 4, 2008 8:20 PM, Julian Field >> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I've just released this, hopefully with only 1 change. It will force >>> the >>> installation of the Perl IO module which should stop the problems >>> caused >>> on RPM systems where people install the latest upgrade and then find >>> their MailScanner won't start. >>> >> >> What was the problem and what did you do to fix it? Was it that IO was >> installed "too late" in INC or that it failed to install at all? Is >> the change just in the RPM/install script or in MailScanner as well? >> > The change is just in the install script. It just forces it to install > the perl-IO RPM. I haven't had a chance to test it much yet, I've got > a CentOS 4 box installing at the moment as a test environment for it. It's not an @INC problem, the perl RPM installs in the right place. "MailScanner --debug" on an up to date CentOS 4 box with a fresh install of 4.66.5-3 on it starts up fine. >> I have run into the same problem with my Blastwave packages. The IO >> included in Perl 5.8.8 is 1.22 which makes MS not start. I built IO >> 1.2301 but it installed later in INC and is not used. Instead of >> overwriting files belonging to the Perl package (like CPAN does) I >> made a workaround with wrappers using PERLLIB to change INC for use >> with MS. I have requested a Perl rebuild including IO 1.2301 which >> would allow me to build a clean package. Just curious if this was the >> same thing. >> >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHfrPdEfZZRxQVtlQRAocVAKC6hPUdf9opAbEDR4w5cnSDC9DJpgCgjFYh r2DZsHVetnnPHa6tAlYdR+0= =ADA9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From kc5goi at gmail.com Sat Jan 5 04:04:10 2008 From: kc5goi at gmail.com (Guy Story) Date: Sat Jan 5 04:04:23 2008 Subject: Max file size In-Reply-To: <477E71F7.8040805@evi-inc.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E52AA.30808@ecs.soton.ac.uk> <477E71F7.8040805@evi-inc.com> Message-ID: <477F01BA.7060606@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt, I am on 4.58 as well and have not been using the update script. I compared the example for 4.58 against my conf file and several things are missing in the older file. I made the updated and restarted. It looks like the my size parameter question was something added a long time ago. If it is missing then it looks like MailScanner assumes the default. That is behavior I would expect. It does look like I need to review the ClamAV settings. One of the settings deals with stricter phishing scans. I did not have it in my conf file so I added it and turned it on. To the others that responded to my post earlier, thanks for the help. I should have reviewed the change logs going back to my older version. Guy Matt Kettler wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> It's called >> Max Spam Check Size = 200k >> in the default MailScanner.conf file. > > Ok, so apparently *I'm* the one running a really old version (4.58 > family). That version uses "Max SpamAssassin Size", which you apparently > renamed at some point. > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHfwG6R5em5LitiYoRAhjkAKCYWa9m83axa1RsKzQdbSBc8iNIvACePviP CKUr9kcwRlbWVxDxC3dJyOo= =c3xi -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Jan 5 07:40:19 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jan 5 07:41:09 2008 Subject: Max file size In-Reply-To: <477E6600.7000703@ecs.soton.ac.uk> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E6185.8020009@pccctx.com> <477E6600.7000703@ecs.soton.ac.uk> Message-ID: <477F3463.60008@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > Guy Story KC5GOI wrote: >> I am using 4.58.9-2 > Considering the current version is 4.66, that's more than 8 months old. > Quite old... >> since that is what is on the Ubuntu repositories. I >> have been using the same conf file for a long time and have not run the >> upgrade script manually. I assume, and it looks like this is a wrong >> assumption, that the Ubuntu package does not do it either. I can add >> the Max Spam Check Size to MailScanner.conf and go from there. > > Use the upgrade_MailScanner_conf script, it won't do any damage, it > carefully preserves all your settings and just adds new ones so you > don't have to use the defaults for new configuration settings. Just run > the script without any parameters and it will tell you how to use it. Well. That depends on how you define damage. I considere loosing my own comments in a configuration file damage as well. The warning that one will loose ones own comments is the sole reason I am extremely reluctant to run that config upgrade script. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHfzRhBvzDRVjxmYERAsdrAJ9krkvJLAMfPK7JOZhgXwU/T2jWzgCcDUKH O6H7MJBUyhswzsMjkd0CYzc= =P6S1 -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sat Jan 5 12:32:40 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 5 12:33:03 2008 Subject: Max file size In-Reply-To: <477F3463.60008@vanderkooij.org> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E6185.8020009@pccctx.com> <477E6600.7000703@ecs.soton.ac.uk> <477F3463.60008@vanderkooij.org> Message-ID: <477F78E8.4080609@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > * PGP Signed by an unknown key > > Julian Field wrote: > > >> Guy Story KC5GOI wrote: >> >>> I am using 4.58.9-2 >>> >> Considering the current version is 4.66, that's more than 8 months old. >> Quite old... >> >>> since that is what is on the Ubuntu repositories. I >>> have been using the same conf file for a long time and have not run the >>> upgrade script manually. I assume, and it looks like this is a wrong >>> assumption, that the Ubuntu package does not do it either. I can add >>> the Max Spam Check Size to MailScanner.conf and go from there. >>> >> Use the upgrade_MailScanner_conf script, it won't do any damage, it >> carefully preserves all your settings and just adds new ones so you >> don't have to use the defaults for new configuration settings. Just run >> the script without any parameters and it will tell you how to use it. >> > > Well. That depends on how you define damage. I considere loosing my own > comments in a configuration file damage as well. > Give the upgrade_MailScanner_conf script the "--keep-comments" command-line option, and it will. > The warning that one will loose ones own comments is the sole reason I > am extremely reluctant to run that config upgrade script. > I thought of that one a very long time ago :-) The only reason it's not the default is that occasionally I add to the comments for existing settings (such as listing new virus scanners), and it won't pick up these new comments if the --keep-comments switch is supplied. But I admit that I rarely do that anyway... > Hugo. > > -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > * Unknown Key > * 0x58F19981(L) > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf3jqEfZZRxQVtlQRApXZAKDZq8dtFFV0BeQvMcQft3/icT0TPACg9dUY 0gFEiwvBLEkXdpW6w59FJ0I= =L49M -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gstory at pccctx.com Sat Jan 5 15:29:38 2008 From: gstory at pccctx.com (Guy Story) Date: Sat Jan 5 15:29:57 2008 Subject: Max file size In-Reply-To: <477F3463.60008@vanderkooij.org> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E6185.8020009@pccctx.com> <477E6600.7000703@ecs.soton.ac.uk> <477F3463.60008@vanderkooij.org> Message-ID: <60293.71.252.142.93.1199546978.squirrel@webmail.pccctx.com> I was not aware the the script would pull out my comments. I spent the time before I knew this and checked for the missing parameters that the default conf file 4.58 has and added them to my existing file. It looks like if the parameters are missing then it uses the defaults. I added the parameter for max file size and increased it to 300k. That took care of my question. I really need to look at the change log and see what else I am missing. Guy > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > >> Guy Story KC5GOI wrote: >>> I am using 4.58.9-2 >> Considering the current version is 4.66, that's more than 8 months old. >> Quite old... >>> since that is what is on the Ubuntu repositories. I >>> have been using the same conf file for a long time and have not run the >>> upgrade script manually. I assume, and it looks like this is a wrong >>> assumption, that the Ubuntu package does not do it either. I can add >>> the Max Spam Check Size to MailScanner.conf and go from there. >> >> Use the upgrade_MailScanner_conf script, it won't do any damage, it >> carefully preserves all your settings and just adds new ones so you >> don't have to use the defaults for new configuration settings. Just run >> the script without any parameters and it will tell you how to use it. > > Well. That depends on how you define damage. I considere loosing my own > comments in a configuration file damage as well. > > The warning that one will loose ones own comments is the sole reason I > am extremely reluctant to run that config upgrade script. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHfzRhBvzDRVjxmYERAsdrAJ9krkvJLAMfPK7JOZhgXwU/T2jWzgCcDUKH > O6H7MJBUyhswzsMjkd0CYzc= > =P6S1 > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Regards, Guy Story KC5GOI This email, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and the entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Patients Comprehensive Cancer Center at 972.395.1010 or via email at privacy@pccctx.com. PCCC, its subsidiaries, and affiliates hereby claim all applicable privileges related to this information. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gstory at pccctx.com Sat Jan 5 15:30:52 2008 From: gstory at pccctx.com (Guy Story) Date: Sat Jan 5 15:31:09 2008 Subject: Max file size In-Reply-To: <477F78E8.4080609@ecs.soton.ac.uk> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E6185.8020009@pccctx.com> <477E6600.7000703@ecs.soton.ac.uk> <477F3463.60008@vanderkooij.org> <477F78E8.4080609@ecs.soton.ac.uk> Message-ID: <54513.71.252.142.93.1199547052.squirrel@webmail.pccctx.com> I wish I had read this before my last post. Thanks Julian. Guy > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Hugo van der Kooij wrote: >> * PGP Signed by an unknown key >> >> Julian Field wrote: >> >> >>> Guy Story KC5GOI wrote: >>> >>>> I am using 4.58.9-2 >>>> >>> Considering the current version is 4.66, that's more than 8 months old. >>> Quite old... >>> >>>> since that is what is on the Ubuntu repositories. I >>>> have been using the same conf file for a long time and have not run >>>> the >>>> upgrade script manually. I assume, and it looks like this is a wrong >>>> assumption, that the Ubuntu package does not do it either. I can add >>>> the Max Spam Check Size to MailScanner.conf and go from there. >>>> >>> Use the upgrade_MailScanner_conf script, it won't do any damage, it >>> carefully preserves all your settings and just adds new ones so you >>> don't have to use the defaults for new configuration settings. Just run >>> the script without any parameters and it will tell you how to use it. >>> >> >> Well. That depends on how you define damage. I considere loosing my own >> comments in a configuration file damage as well. >> > Give the upgrade_MailScanner_conf script the "--keep-comments" > command-line option, and it will. >> The warning that one will loose ones own comments is the sole reason I >> am extremely reluctant to run that config upgrade script. >> > I thought of that one a very long time ago :-) > > The only reason it's not the default is that occasionally I add to the > comments for existing settings (such as listing new virus scanners), and > it won't pick up these new comments if the --keep-comments switch is > supplied. But I admit that I rarely do that anyway... > >> Hugo. >> >> -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> A: Yes. >> >Q: Are you sure? >> >>A: Because it reverses the logical flow of conversation. >> >>>Q: Why is top posting frowned upon? >> >> Bored? Click on http://spamornot.org/ and rate those images. >> >> * Unknown Key >> * 0x58F19981(L) >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHf3jqEfZZRxQVtlQRApXZAKDZq8dtFFV0BeQvMcQft3/icT0TPACg9dUY > 0gFEiwvBLEkXdpW6w59FJ0I= > =L49M > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > Regards, Guy Story KC5GOI This email, facsimile, or letter and any files or attachments transmitted with it contains information that is confidential and privileged. This information is intended only for the use of the individual(s) and the entity(ies) to whom it is addressed. If you are the intended recipient, further disclosures are prohibited without proper authorization. If you are not the intended recipient, any disclosure, copying, printing or use of this information is strictly prohibited and possibly a violation of federal or state law and regulations. If you have received this information in error, please notify Patients Comprehensive Cancer Center at 972.395.1010 or via email at privacy@pccctx.com. PCCC, its subsidiaries, and affiliates hereby claim all applicable privileges related to this information. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 5 15:56:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 5 15:57:05 2008 Subject: Max file size In-Reply-To: <60293.71.252.142.93.1199546978.squirrel@webmail.pccctx.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E6185.8020009@pccctx.com> <477E6600.7000703@ecs.soton.ac.uk> <477F3463.60008@vanderkooij.org> <60293.71.252.142.93.1199546978.squirrel@webmail.pccctx.com> Message-ID: <477FA8B5.4020103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guy Story wrote: > I was not aware the the script would pull out my comments. I spent the > time before I knew this and checked for the missing parameters that the > default conf file 4.58 has and added them to my existing file. It looks > like if the parameters are missing then it uses the defaults. I added > the parameter for max file size and increased it to 300k. That took care > of my question. I really need to look at the change log and see what else > I am missing. > Run the script to generate a new copy of the file and just diff it against your old conf file. That will show you all the new stuff without touching your old conf file. upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new diff MailScanner.conf MailScanner.new | less and you'll see what new stuff you're missing. But it's all in the ChangeLog as well, which is at http://www.mailscanner.info/ChangeLog Jules. > Guy > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Julian Field wrote: >> >> >>> Guy Story KC5GOI wrote: >>> >>>> I am using 4.58.9-2 >>>> >>> Considering the current version is 4.66, that's more than 8 months old. >>> Quite old... >>> >>>> since that is what is on the Ubuntu repositories. I >>>> have been using the same conf file for a long time and have not run the >>>> upgrade script manually. I assume, and it looks like this is a wrong >>>> assumption, that the Ubuntu package does not do it either. I can add >>>> the Max Spam Check Size to MailScanner.conf and go from there. >>>> >>> Use the upgrade_MailScanner_conf script, it won't do any damage, it >>> carefully preserves all your settings and just adds new ones so you >>> don't have to use the defaults for new configuration settings. Just run >>> the script without any parameters and it will tell you how to use it. >>> >> Well. That depends on how you define damage. I considere loosing my own >> comments in a configuration file damage as well. >> >> The warning that one will loose ones own comments is the sole reason I >> am extremely reluctant to run that config upgrade script. >> >> Hugo. >> >> - -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> A: Yes. >> >Q: Are you sure? >> >>A: Because it reverses the logical flow of conversation. >> >>>Q: Why is top posting frowned upon? >> >> Bored? Click on http://spamornot.org/ and rate those images. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (GNU/Linux) >> >> iD8DBQFHfzRhBvzDRVjxmYERAsdrAJ9krkvJLAMfPK7JOZhgXwU/T2jWzgCcDUKH >> O6H7MJBUyhswzsMjkd0CYzc= >> =P6S1 >> -----END PGP SIGNATURE----- >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> > > > Regards, > > Guy Story KC5GOI > > This email, facsimile, or letter and any files or attachments > transmitted with it contains information that is confidential and > privileged. This information is intended only for the use of the > individual(s) and the entity(ies) to whom it is addressed. If you > are the intended recipient, further disclosures are prohibited > without proper authorization. If you are not the intended recipient, > any disclosure, copying, printing or use of this information is > strictly prohibited and possibly a violation of federal or state > law and regulations. If you have received this information in > error, please notify Patients Comprehensive Cancer Center at > 972.395.1010 or via email at privacy@pccctx.com. PCCC, its > subsidiaries, and affiliates hereby claim all applicable privileges > related to this information. > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf6i2EfZZRxQVtlQRAgVAAJ9dfuJUbWVVT40sJaWQH2LxEonGMwCg6qfV q2UK67IJAyLsI/p9/zu0roM= =GrwZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 5 15:58:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 5 15:59:15 2008 Subject: Max file size In-Reply-To: <54513.71.252.142.93.1199547052.squirrel@webmail.pccctx.com> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E6185.8020009@pccctx.com> <477E6600.7000703@ecs.soton.ac.uk> <477F3463.60008@vanderkooij.org> <477F78E8.4080609@ecs.soton.ac.uk> <54513.71.252.142.93.1199547052.squirrel@webmail.pccctx.com> Message-ID: <477FA93C.8040809@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No worries. Where do you think would be the best place to document it? Jules. Guy Story wrote: > I wish I had read this before my last post. Thanks Julian. > > Guy > > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Hugo van der Kooij wrote: >> >>> * PGP Signed by an unknown key >>> >>> Julian Field wrote: >>> >>> >>> >>>> Guy Story KC5GOI wrote: >>>> >>>> >>>>> I am using 4.58.9-2 >>>>> >>>>> >>>> Considering the current version is 4.66, that's more than 8 months old. >>>> Quite old... >>>> >>>> >>>>> since that is what is on the Ubuntu repositories. I >>>>> have been using the same conf file for a long time and have not run >>>>> the >>>>> upgrade script manually. I assume, and it looks like this is a wrong >>>>> assumption, that the Ubuntu package does not do it either. I can add >>>>> the Max Spam Check Size to MailScanner.conf and go from there. >>>>> >>>>> >>>> Use the upgrade_MailScanner_conf script, it won't do any damage, it >>>> carefully preserves all your settings and just adds new ones so you >>>> don't have to use the defaults for new configuration settings. Just run >>>> the script without any parameters and it will tell you how to use it. >>>> >>>> >>> Well. That depends on how you define damage. I considere loosing my own >>> comments in a configuration file damage as well. >>> >>> >> Give the upgrade_MailScanner_conf script the "--keep-comments" >> command-line option, and it will. >> >>> The warning that one will loose ones own comments is the sole reason I >>> am extremely reluctant to run that config upgrade script. >>> >>> >> I thought of that one a very long time ago :-) >> >> The only reason it's not the default is that occasionally I add to the >> comments for existing settings (such as listing new virus scanners), and >> it won't pick up these new comments if the --keep-comments switch is >> supplied. But I admit that I rarely do that anyway... >> >> >>> Hugo. >>> >>> -- >>> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >>> >>> A: Yes. >>> >Q: Are you sure? >>> >>A: Because it reverses the logical flow of conversation. >>> >>>Q: Why is top posting frowned upon? >>> >>> Bored? Click on http://spamornot.org/ and rate those images. >>> >>> * Unknown Key >>> * 0x58F19981(L) >>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.7.0 (Build 1012) >> Comment: Use Thunderbird's Enigmail add-on to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFHf3jqEfZZRxQVtlQRApXZAKDZq8dtFFV0BeQvMcQft3/icT0TPACg9dUY >> 0gFEiwvBLEkXdpW6w59FJ0I= >> =L49M >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> > > > Regards, > > Guy Story KC5GOI > > This email, facsimile, or letter and any files or attachments > transmitted with it contains information that is confidential and > privileged. This information is intended only for the use of the > individual(s) and the entity(ies) to whom it is addressed. If you > are the intended recipient, further disclosures are prohibited > without proper authorization. If you are not the intended recipient, > any disclosure, copying, printing or use of this information is > strictly prohibited and possibly a violation of federal or state > law and regulations. If you have received this information in > error, please notify Patients Comprehensive Cancer Center at > 972.395.1010 or via email at privacy@pccctx.com. PCCC, its > subsidiaries, and affiliates hereby claim all applicable privileges > related to this information. > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf6k9EfZZRxQVtlQRAqpeAKC0A20Z8xoN93RS1WD6q4/uH/AW1wCg9zoo 9bnLBoMKyRYjlNkiw6C35hE= =3b2b -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.hutchings at mira.co.uk Sat Jan 5 17:22:52 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sat Jan 5 17:23:09 2008 Subject: Upgrade Erros on CentOS 5 - File::Temp Message-ID: Seeing errors upgrading to the latest stable on CentOS5, AIUI file::temp is included in the latest perl, 5.8.8-10.el5_0.2? Any suggestions (noob alert!) *** The following required modules are missing: File::Temp: At least version 0.17 *** Please install them before attempting to use MIME::Tools. WARNING: LICENSE is not a known parameter. Checking if your kit is complete... Looks good Warning: prerequisite File::Temp 0.17 not found. We have 0.16. 'LICENSE' is not a known MakeMaker parameter name. Writing Makefile for MIME-tools + make cp lib/MIME/Body.pm blib/lib/MIME/Body.pm cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm cp lib/MIME/Head.pm blib/lib/MIME/Head.pm cp lib/MIME/Words.pm blib/lib/MIME/Words.pm cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm cp lib/MIME/Decoder/BinHex.pm blib/lib/MIME/Decoder/BinHex.pm cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm cp lib/MIME/Decoder/QuotedPrint.pm blib/lib/MIME/Decoder/QuotedPrint.pm cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm Manifying blib/man3/MIME::Decoder::Gzip64.3pm Manifying blib/man3/MIME::Body.3pm Manifying blib/man3/MIME::Field::ContDisp.3pm Manifying blib/man3/MIME::Parser::Results.3pm Manifying blib/man3/MIME::Field::ContType.3pm Manifying blib/man3/MIME::Decoder::NBit.3pm Manifying blib/man3/MIME::Entity.3pm Manifying blib/man3/MIME::Parser::Filer.3pm Manifying blib/man3/MIME::Head.3pm Manifying blib/man3/MIME::Words.3pm Manifying blib/man3/MIME::Field::ParamVal.3pm Manifying blib/man3/MIME::Decoder::BinHex.3pm Manifying blib/man3/MIME::Field::ConTraEnc.3pm Manifying blib/man3/MIME::Tools.3pm Manifying blib/man3/MIME::Decoder::Binary.3pm Manifying blib/man3/MIME::Decoder.3pm Manifying blib/man3/MIME::Decoder::UU.3pm Manifying blib/man3/MIME::Decoder::Base64.3pm Manifying blib/man3/MIME::Decoder::QuotedPrint.3pm Manifying blib/man3/MIME::WordDecoder.3pm Manifying blib/man3/MIME::Parser::Reader.3pm Manifying blib/man3/MIME::Parser.3pm + make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/02-kwalitee........skipped all skipped: Test::Kwalitee not installed; skipping t/02-pod-coverage....skipped all skipped: Test::Pod::Coverage disabled. TEST_POD_COVERAGE=1 if you want it. t/02-pod.............ok t/99-prepare.........ok t/Body...............ok t/Decoder............# Using gzip: 1 t/Decoder............ok 1/8Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Decoder/Gzip64.pm line 103. # Looks like you planned 8 tests but only ran 5. # Looks like your test died just after 5. t/Decoder............dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED tests 6-8 Failed 3/8 tests, 62.50% okay t/Entity.............ok 1/30Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 22. # Looks like you planned 30 tests but only ran 18. # Looks like your test died just after 18. t/Entity.............dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED tests 19-30 Failed 12/30 tests, 60.00% okay t/Gauntlet...........ok t/Head...............ok t/Misc...............ok 1/14Can't call method "parts" on an undefined value at t/Misc.t line 123. # Looks like you planned 14 tests but only ran 12. # Looks like your test died just after 12. t/Misc...............dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED tests 13-14 Failed 2/14 tests, 85.71% okay t/Parser.............Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 22. # Looks like your test died before it could output anything. t/Parser.............dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED tests 1-31 Failed 31/31 tests, 0.00% okay t/ParserEncoded......ok t/ParserPreamble.....ok 1/2Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, <$fh> line 18. # Looks like you planned 2 tests but only ran 1. # Looks like your test died just after 1. t/ParserPreamble.....dubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED test 2 Failed 1/2 tests, 50.00% okay t/Ref................NOK 5 # Failed test 'testmsgs/multi-nested.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 22. # ' # at t/Ref.t line 89. t/Ref................NOK 7 # Failed test 'testmsgs/uu-zeegee.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 125. # ' # at t/Ref.t line 89. t/Ref................NOK 9 # Failed test 'testmsgs/multi-2gifs.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 32. # ' # at t/Ref.t line 89. t/Ref................NOK 11 # Failed test 'testmsgs/multi-igor.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 31. # ' # at t/Ref.t line 89. t/Ref................NOK 13 # Failed test 'testmsgs/multi-nested3.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 22. # ' # at t/Ref.t line 89. t/Ref................NOK 15 # Failed test 'testmsgs/ak-0696-nest.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 21. # ' # at t/Ref.t line 89. t/Ref................NOK 17 # Failed test 'testmsgs/ak-0696-replace.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 21. # ' # at t/Ref.t line 89. t/Ref................NOK 19 # Failed test 'testmsgs/ak-0696-none.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 21. # ' # at t/Ref.t line 89. t/Ref................NOK 21 # Failed test 'testmsgs/bluedot-postcard.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 19. # ' # at t/Ref.t line 89. t/Ref................NOK 25 # Failed test 'testmsgs/uu-junk.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 39. # ' # at t/Ref.t line 89. t/Ref................NOK 27 # Failed test 'testmsgs/multi-clen.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 15. # ' # at t/Ref.t line 89. t/Ref................NOK 29 # Failed test 'testmsgs/multi-weirdspace.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 30. # ' # at t/Ref.t line 89. t/Ref................NOK 31 # Failed test 'testmsgs/multi-simple.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 15. # ' # at t/Ref.t line 89. t/Ref................NOK 33 # Failed test 'testmsgs/multi-nested2.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 22. # ' # at t/Ref.t line 89. t/Ref................NOK 35 # Failed test 'testmsgs/multi-digest.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 18. # ' # at t/Ref.t line 89. t/Ref................NOK 37 # Failed test 'testmsgs/multi-2evil.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 32. # ' # at t/Ref.t line 89. # Failed test 'testmsgs/multi-igor2.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 31. # ' # at t/Ref.t line 89. # Failed test 'testmsgs/uu-junk-extracted.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 39. # ' # at t/Ref.t line 89. # Failed test 'testmsgs/dup-names.ref, problem: Can't locate object method "seek" via package "File::Temp" at /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, line 27. # ' # at t/Ref.t line 89. # Looks like you failed 19 tests of 50. t/Ref................dubious Test returned status 19 (wstat 4864, 0x1300) DIED. FAILED tests 5, 7, 9, 11, 13, 15, 17, 19, 21, 25, 27, 29, 31, 33, 35, 37, 45, 47, 49 Failed 19/50 tests, 62.00% okay t/Smtpsend...........ok t/WordDecoder........ok t/Words..............ok Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------ ------- t/Decoder.t 255 65280 8 6 75.00% 6-8 t/Entity.t 255 65280 30 24 80.00% 19-30 t/Misc.t 255 65280 14 4 28.57% 13-14 t/Parser.t 255 65280 31 62 200.00% 1-31 t/ParserPreamble.t 255 65280 2 2 100.00% 2 t/Ref.t 19 4864 50 19 38.00% 5 7 9 11 13 15 17 19 21 25 27 29 31 33 35 37 45 47 49 2 tests skipped. Failed 6/17 test scripts, 64.71% okay. 68/321 subtests failed, 78.82% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.54342 (%build) Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From MailScanner at ecs.soton.ac.uk Sat Jan 5 17:55:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 5 17:56:04 2008 Subject: Upgrade Erros on CentOS 5 - File::Temp In-Reply-To: References: Message-ID: <477FC49A.8020707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But you are using the RPM distro of MailScanner 4.66.5-3 aren't you? If so, perl-File-Temp is force-installed, so you will get the correct version installed by install.sh. Check that in install.sh, there is a line starting "File::Temp" and the last 2 words on that line are "yes" and "yes". If not, please let me know. How exactly did you install MailScanner this time around? Paul Hutchings wrote: > Seeing errors upgrading to the latest stable on CentOS5, > > AIUI file::temp is included in the latest perl, 5.8.8-10.el5_0.2? > > Any suggestions (noob alert!) > > *** The following required modules are missing: > File::Temp: At least version 0.17 > *** Please install them before attempting to use MIME::Tools. > WARNING: LICENSE is not a known parameter. > Checking if your kit is complete... > Looks good > Warning: prerequisite File::Temp 0.17 not found. We have 0.16. > 'LICENSE' is not a known MakeMaker parameter name. > Writing Makefile for MIME-tools > + make > cp lib/MIME/Body.pm blib/lib/MIME/Body.pm > cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm > cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm > cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm > cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm > cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm > cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm > cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm > cp lib/MIME/Head.pm blib/lib/MIME/Head.pm > cp lib/MIME/Words.pm blib/lib/MIME/Words.pm > cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm > cp lib/MIME/Decoder/BinHex.pm blib/lib/MIME/Decoder/BinHex.pm > cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm > cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm > cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm > cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm > cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm > cp lib/MIME/Decoder/QuotedPrint.pm blib/lib/MIME/Decoder/QuotedPrint.pm > cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm > cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm > cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm > cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm > Manifying blib/man3/MIME::Decoder::Gzip64.3pm > Manifying blib/man3/MIME::Body.3pm > Manifying blib/man3/MIME::Field::ContDisp.3pm > Manifying blib/man3/MIME::Parser::Results.3pm > Manifying blib/man3/MIME::Field::ContType.3pm > Manifying blib/man3/MIME::Decoder::NBit.3pm > Manifying blib/man3/MIME::Entity.3pm > Manifying blib/man3/MIME::Parser::Filer.3pm > Manifying blib/man3/MIME::Head.3pm > Manifying blib/man3/MIME::Words.3pm > Manifying blib/man3/MIME::Field::ParamVal.3pm > Manifying blib/man3/MIME::Decoder::BinHex.3pm > Manifying blib/man3/MIME::Field::ConTraEnc.3pm > Manifying blib/man3/MIME::Tools.3pm > Manifying blib/man3/MIME::Decoder::Binary.3pm > Manifying blib/man3/MIME::Decoder.3pm > Manifying blib/man3/MIME::Decoder::UU.3pm > Manifying blib/man3/MIME::Decoder::Base64.3pm > Manifying blib/man3/MIME::Decoder::QuotedPrint.3pm > Manifying blib/man3/MIME::WordDecoder.3pm > Manifying blib/man3/MIME::Parser::Reader.3pm > Manifying blib/man3/MIME::Parser.3pm > + make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/02-kwalitee........skipped > all skipped: Test::Kwalitee not installed; skipping > t/02-pod-coverage....skipped > all skipped: Test::Pod::Coverage disabled. TEST_POD_COVERAGE=1 > if you want it. > t/02-pod.............ok > t/99-prepare.........ok > t/Body...............ok > t/Decoder............# Using gzip: 1 > t/Decoder............ok 1/8Can't locate object method "seek" via package > "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Decoder/Gzip64.pm > line 103. > # Looks like you planned 8 tests but only ran 5. > # Looks like your test died just after 5. > t/Decoder............dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 6-8 > Failed 3/8 tests, 62.50% okay > t/Entity.............ok 1/30Can't locate object method "seek" via > package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # Looks like you planned 30 tests but only ran 18. > # Looks like your test died just after 18. > t/Entity.............dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 19-30 > Failed 12/30 tests, 60.00% okay > t/Gauntlet...........ok > t/Head...............ok > t/Misc...............ok 1/14Can't call method "parts" on an undefined > value at t/Misc.t line 123. > # Looks like you planned 14 tests but only ran 12. > # Looks like your test died just after 12. > t/Misc...............dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 13-14 > Failed 2/14 tests, 85.71% okay > t/Parser.............Can't locate object method "seek" via package > "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # Looks like your test died before it could output anything. > t/Parser.............dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 1-31 > Failed 31/31 tests, 0.00% okay > t/ParserEncoded......ok > t/ParserPreamble.....ok 1/2Can't locate object method "seek" via package > "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > <$fh> line 18. > # Looks like you planned 2 tests but only ran 1. > # Looks like your test died just after 1. > t/ParserPreamble.....dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED test 2 > Failed 1/2 tests, 50.00% okay > t/Ref................NOK 5 > # Failed test 'testmsgs/multi-nested.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 7 > # Failed test 'testmsgs/uu-zeegee.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 125. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 9 > # Failed test 'testmsgs/multi-2gifs.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 32. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 11 > # Failed test 'testmsgs/multi-igor.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 31. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 13 > # Failed test 'testmsgs/multi-nested3.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 15 > # Failed test 'testmsgs/ak-0696-nest.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 21. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 17 > # Failed test 'testmsgs/ak-0696-replace.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 21. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 19 > # Failed test 'testmsgs/ak-0696-none.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 21. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 21 > # Failed test 'testmsgs/bluedot-postcard.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 19. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 25 > # Failed test 'testmsgs/uu-junk.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 39. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 27 > # Failed test 'testmsgs/multi-clen.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 15. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 29 > # Failed test 'testmsgs/multi-weirdspace.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 30. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 31 > # Failed test 'testmsgs/multi-simple.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 15. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 33 > # Failed test 'testmsgs/multi-nested2.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 35 > # Failed test 'testmsgs/multi-digest.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 18. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 37 > # Failed test 'testmsgs/multi-2evil.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 32. > # ' > # at t/Ref.t line 89. > > # Failed test 'testmsgs/multi-igor2.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 31. > # ' > # at t/Ref.t line 89. > > # Failed test 'testmsgs/uu-junk-extracted.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 39. > # ' > # at t/Ref.t line 89. > > # Failed test 'testmsgs/dup-names.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 27. > # ' > # at t/Ref.t line 89. > # Looks like you failed 19 tests of 50. > t/Ref................dubious > Test returned status 19 (wstat 4864, 0x1300) > DIED. FAILED tests 5, 7, 9, 11, 13, 15, 17, 19, 21, 25, 27, 29, 31, 33, > 35, 37, 45, 47, 49 > Failed 19/50 tests, 62.00% okay > t/Smtpsend...........ok > t/WordDecoder........ok > t/Words..............ok > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------ > ------- > t/Decoder.t 255 65280 8 6 75.00% 6-8 > t/Entity.t 255 65280 30 24 80.00% 19-30 > t/Misc.t 255 65280 14 4 28.57% 13-14 > t/Parser.t 255 65280 31 62 200.00% 1-31 > t/ParserPreamble.t 255 65280 2 2 100.00% 2 > t/Ref.t 19 4864 50 19 38.00% 5 7 9 11 13 15 17 19 > 21 25 27 > 29 31 33 35 37 45 47 > 49 > 2 tests skipped. > Failed 6/17 test scripts, 64.71% okay. 68/321 subtests failed, 78.82% > okay. > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.54342 (%build) > > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 44 (0)24 7635 5378 > Fax: 44 (0)24 7635 8378 > mailto:paul.hutchings@mira.co.uk > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf8ScEfZZRxQVtlQRAvSbAKC2n/B9D8FwWn4hu2Z/LlM3OxdTQgCeIjRY QIwGhWPSneUngSmNNefivm8= =dkij -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 5 18:01:08 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 5 18:01:28 2008 Subject: People forget to install unrar Message-ID: <477FC5E4.5010707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is one problem I see time and again on other people's systems, they never remember to install unrar, which means that MailScanner cannot check filenames or filetypes in RAR archives. Anyone got any good practical ideas on how I might go about solving this one? Thanks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf8XmEfZZRxQVtlQRAmnxAKCUNB8FcRRDc9WUdrA68lXnSqWerwCg4Wjq U92Tcf3ZAqQE5+LmIu5Z/Fs= =gps0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul.hutchings at mira.co.uk Sat Jan 5 18:06:45 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sat Jan 5 18:07:05 2008 Subject: Upgrade Erros on CentOS 5 - File::Temp References: <477FC49A.8020707@ecs.soton.ac.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 05 January 2008 17:56 To: MailScanner discussion Subject: Re: Upgrade Erros on CentOS 5 - File::Temp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But you are using the RPM distro of MailScanner 4.66.5-3 aren't you? If so, perl-File-Temp is force-installed, so you will get the correct version installed by install.sh. Check that in install.sh, there is a line starting "File::Temp" and the last 2 words on that line are "yes" and "yes". If not, please let me know. How exactly did you install MailScanner this time around? RPM distro yes, just downloaded, unzipped/tarred and ran install.sh File::Temp File-Temp 0.19 1 noarch yes yes -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From paul.hutchings at mira.co.uk Sat Jan 5 18:14:13 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sat Jan 5 18:14:22 2008 Subject: Upgrade Erros on CentOS 5 - File::Temp References: <477FC49A.8020707@ecs.soton.ac.uk> Message-ID: Attempting to build and install perl-File-Temp-0.19-1 Installing perl-File-Temp-0.19-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.5106 + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + rm -rf File-Temp-0.19 + /bin/gzip -dc /usr/src/redhat/SOURCES/File-Temp-0.19.tar.gz + tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd File-Temp-0.19 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.5106 + umask 022 + cd /usr/src/redhat/BUILD + cd File-Temp-0.19 + CFLAGS='-O2 -g' + perl Makefile.PL PREFIX=/var/tmp/perl-File-Temp-0.19-1-root/usr Checking if your kit is complete... Looks good Writing Makefile for File::Temp + make cp Temp.pm blib/lib/File/Temp.pm Manifying blib/man3/File::Temp.3pm + make test PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/cmp.........ok t/fork........ok t/lock........You tried to run a test without a plan at t/lock.t line 8. BEGIN failed--compilation aborted at t/lock.t line 8. # Looks like your test died before it could output anything. t/lock........dubious Test returned status 255 (wstat 65280, 0xff00) t/mktemp......ok t/object......ok t/posix.......ok t/security....ok 3/13 skipped: Test inappropriate for root t/seekable....ok t/tempfile....ok Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------ ------- t/lock.t 255 65280 ?? ?? % ?? 3 subtests skipped. Failed 1/9 test scripts, 88.89% okay. 0/102 subtests failed, 100.00% okay. make: *** [test_dynamic] Error 255 error: Bad exit status from /var/tmp/rpm-tmp.5106 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.5106 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-File-Temp-0.19-1.noarch.rpm. Maybe it did not build correctly? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 05 January 2008 17:56 To: MailScanner discussion Subject: Re: Upgrade Erros on CentOS 5 - File::Temp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But you are using the RPM distro of MailScanner 4.66.5-3 aren't you? If so, perl-File-Temp is force-installed, so you will get the correct version installed by install.sh. Check that in install.sh, there is a line starting "File::Temp" and the last 2 words on that line are "yes" and "yes". If not, please let me know. How exactly did you install MailScanner this time around? Paul Hutchings wrote: > Seeing errors upgrading to the latest stable on CentOS5, > > AIUI file::temp is included in the latest perl, 5.8.8-10.el5_0.2? > > Any suggestions (noob alert!) > > *** The following required modules are missing: > File::Temp: At least version 0.17 > *** Please install them before attempting to use MIME::Tools. > WARNING: LICENSE is not a known parameter. > Checking if your kit is complete... > Looks good > Warning: prerequisite File::Temp 0.17 not found. We have 0.16. > 'LICENSE' is not a known MakeMaker parameter name. > Writing Makefile for MIME-tools > + make > cp lib/MIME/Body.pm blib/lib/MIME/Body.pm > cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm > cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm > cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm > cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm > cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm > cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm > cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm > cp lib/MIME/Head.pm blib/lib/MIME/Head.pm > cp lib/MIME/Words.pm blib/lib/MIME/Words.pm > cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm > cp lib/MIME/Decoder/BinHex.pm blib/lib/MIME/Decoder/BinHex.pm > cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm > cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm > cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm > cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm > cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm > cp lib/MIME/Decoder/QuotedPrint.pm blib/lib/MIME/Decoder/QuotedPrint.pm > cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm > cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm > cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm > cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm > Manifying blib/man3/MIME::Decoder::Gzip64.3pm > Manifying blib/man3/MIME::Body.3pm > Manifying blib/man3/MIME::Field::ContDisp.3pm > Manifying blib/man3/MIME::Parser::Results.3pm > Manifying blib/man3/MIME::Field::ContType.3pm > Manifying blib/man3/MIME::Decoder::NBit.3pm > Manifying blib/man3/MIME::Entity.3pm > Manifying blib/man3/MIME::Parser::Filer.3pm > Manifying blib/man3/MIME::Head.3pm > Manifying blib/man3/MIME::Words.3pm > Manifying blib/man3/MIME::Field::ParamVal.3pm > Manifying blib/man3/MIME::Decoder::BinHex.3pm > Manifying blib/man3/MIME::Field::ConTraEnc.3pm > Manifying blib/man3/MIME::Tools.3pm > Manifying blib/man3/MIME::Decoder::Binary.3pm > Manifying blib/man3/MIME::Decoder.3pm > Manifying blib/man3/MIME::Decoder::UU.3pm > Manifying blib/man3/MIME::Decoder::Base64.3pm > Manifying blib/man3/MIME::Decoder::QuotedPrint.3pm > Manifying blib/man3/MIME::WordDecoder.3pm > Manifying blib/man3/MIME::Parser::Reader.3pm > Manifying blib/man3/MIME::Parser.3pm > + make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/02-kwalitee........skipped > all skipped: Test::Kwalitee not installed; skipping > t/02-pod-coverage....skipped > all skipped: Test::Pod::Coverage disabled. TEST_POD_COVERAGE=1 > if you want it. > t/02-pod.............ok > t/99-prepare.........ok > t/Body...............ok > t/Decoder............# Using gzip: 1 > t/Decoder............ok 1/8Can't locate object method "seek" via package > "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Decoder/Gzip64.pm > line 103. > # Looks like you planned 8 tests but only ran 5. > # Looks like your test died just after 5. > t/Decoder............dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 6-8 > Failed 3/8 tests, 62.50% okay > t/Entity.............ok 1/30Can't locate object method "seek" via > package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # Looks like you planned 30 tests but only ran 18. > # Looks like your test died just after 18. > t/Entity.............dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 19-30 > Failed 12/30 tests, 60.00% okay > t/Gauntlet...........ok > t/Head...............ok > t/Misc...............ok 1/14Can't call method "parts" on an undefined > value at t/Misc.t line 123. > # Looks like you planned 14 tests but only ran 12. > # Looks like your test died just after 12. > t/Misc...............dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 13-14 > Failed 2/14 tests, 85.71% okay > t/Parser.............Can't locate object method "seek" via package > "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # Looks like your test died before it could output anything. > t/Parser.............dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED tests 1-31 > Failed 31/31 tests, 0.00% okay > t/ParserEncoded......ok > t/ParserPreamble.....ok 1/2Can't locate object method "seek" via package > "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > <$fh> line 18. > # Looks like you planned 2 tests but only ran 1. > # Looks like your test died just after 1. > t/ParserPreamble.....dubious > Test returned status 255 (wstat 65280, 0xff00) > DIED. FAILED test 2 > Failed 1/2 tests, 50.00% okay > t/Ref................NOK 5 > # Failed test 'testmsgs/multi-nested.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 7 > # Failed test 'testmsgs/uu-zeegee.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 125. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 9 > # Failed test 'testmsgs/multi-2gifs.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 32. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 11 > # Failed test 'testmsgs/multi-igor.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 31. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 13 > # Failed test 'testmsgs/multi-nested3.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 15 > # Failed test 'testmsgs/ak-0696-nest.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 21. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 17 > # Failed test 'testmsgs/ak-0696-replace.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 21. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 19 > # Failed test 'testmsgs/ak-0696-none.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 21. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 21 > # Failed test 'testmsgs/bluedot-postcard.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 19. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 25 > # Failed test 'testmsgs/uu-junk.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 39. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 27 > # Failed test 'testmsgs/multi-clen.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 15. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 29 > # Failed test 'testmsgs/multi-weirdspace.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 30. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 31 > # Failed test 'testmsgs/multi-simple.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 15. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 33 > # Failed test 'testmsgs/multi-nested2.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 22. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 35 > # Failed test 'testmsgs/multi-digest.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 18. > # ' > # at t/Ref.t line 89. > t/Ref................NOK 37 > # Failed test 'testmsgs/multi-2evil.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 32. > # ' > # at t/Ref.t line 89. > > # Failed test 'testmsgs/multi-igor2.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 31. > # ' > # at t/Ref.t line 89. > > # Failed test 'testmsgs/uu-junk-extracted.ref, problem: Can't locate > object method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 39. > # ' > # at t/Ref.t line 89. > > # Failed test 'testmsgs/dup-names.ref, problem: Can't locate object > method "seek" via package "File::Temp" at > /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line 816, > line 27. > # ' > # at t/Ref.t line 89. > # Looks like you failed 19 tests of 50. > t/Ref................dubious > Test returned status 19 (wstat 4864, 0x1300) > DIED. FAILED tests 5, 7, 9, 11, 13, 15, 17, 19, 21, 25, 27, 29, 31, 33, > 35, 37, 45, 47, 49 > Failed 19/50 tests, 62.00% okay > t/Smtpsend...........ok > t/WordDecoder........ok > t/Words..............ok > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------ > ------- > t/Decoder.t 255 65280 8 6 75.00% 6-8 > t/Entity.t 255 65280 30 24 80.00% 19-30 > t/Misc.t 255 65280 14 4 28.57% 13-14 > t/Parser.t 255 65280 31 62 200.00% 1-31 > t/ParserPreamble.t 255 65280 2 2 100.00% 2 > t/Ref.t 19 4864 50 19 38.00% 5 7 9 11 13 15 17 19 > 21 25 27 > 29 31 33 35 37 45 47 > 49 > 2 tests skipped. > Failed 6/17 test scripts, 64.71% okay. 68/321 subtests failed, 78.82% > okay. > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.54342 (%build) > > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 44 (0)24 7635 5378 > Fax: 44 (0)24 7635 8378 > mailto:paul.hutchings@mira.co.uk > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf8ScEfZZRxQVtlQRAvSbAKC2n/B9D8FwWn4hu2Z/LlM3OxdTQgCeIjRY QIwGhWPSneUngSmNNefivm8= =dkij -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From dave.list at pixelhammer.com Sat Jan 5 18:20:51 2008 From: dave.list at pixelhammer.com (DAve) Date: Sat Jan 5 18:19:06 2008 Subject: People forget to install unrar In-Reply-To: <477FC5E4.5010707@ecs.soton.ac.uk> References: <477FC5E4.5010707@ecs.soton.ac.uk> Message-ID: <477FCA83.2080902@pixelhammer.com> Julian Field wrote: > This is one problem I see time and again on other people's systems, they > never remember to install unrar, which means that MailScanner cannot > check filenames or filetypes in RAR archives. > > Anyone got any good practical ideas on how I might go about solving this > one? > > Thanks! > > Jules > I have not seen a RAR archive in 7 years. In the last three years of running MailScanner it has never had to open a RAR archive (I know, I've looked). Can you make the opening of RAR archives an option defaulted to off, or are others dealing with RAR archives more often than I am? DAve -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? From MailScanner at ecs.soton.ac.uk Sat Jan 5 18:26:35 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 5 18:26:57 2008 Subject: 4.67.1-1 with esets virus scanner support Message-ID: <477FCBDB.7090204@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just put out a beta release which includes support for the esets virus scanner. Thanks to Phil (UxBoD) for writing the support for it. What's the difference between esets and nod32? They both seem to be produced by the same people. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf8vcEfZZRxQVtlQRArjuAKDz5DAPoBqaQhj/4PLBLsotQ175OwCfe1Pi kzKayX5Z40grEU4IV5snKio= =nNQa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 5 18:41:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 5 18:41:54 2008 Subject: Upgrade Erros on CentOS 5 - File::Temp In-Reply-To: References: <477FC49A.8020707@ecs.soton.ac.uk> Message-ID: <477FCF5A.4090405@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Hutchings wrote: > Attempting to build and install perl-File-Temp-0.19-1 > Installing perl-File-Temp-0.19-1.src.rpm > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.5106 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd /usr/src/redhat/BUILD > + rm -rf File-Temp-0.19 > + /bin/gzip -dc /usr/src/redhat/SOURCES/File-Temp-0.19.tar.gz > + tar -xf - > + STATUS=0 > + '[' 0 -ne 0 ']' > + cd File-Temp-0.19 > ++ /usr/bin/id -u > + '[' 0 = 0 ']' > + /bin/chown -Rhf root . > ++ /usr/bin/id -u > + '[' 0 = 0 ']' > + /bin/chgrp -Rhf root . > + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > + exit 0 > Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.5106 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd File-Temp-0.19 > + CFLAGS='-O2 -g' > + perl Makefile.PL PREFIX=/var/tmp/perl-File-Temp-0.19-1-root/usr > Checking if your kit is complete... > Looks good > Writing Makefile for File::Temp > + make > cp Temp.pm blib/lib/File/Temp.pm > Manifying blib/man3/File::Temp.3pm > + make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/cmp.........ok > t/fork........ok > t/lock........You tried to run a test without a plan at t/lock.t line 8. > BEGIN failed--compilation aborted at t/lock.t line 8. > # Looks like your test died before it could output anything. > Do you get the same output if you download the module from search.cpan.org and then unpack it, cd into it and perl Makefile.PL make make test or does it then build okay? I don't get this error on my systems, I tested this an hour ago to be sure it was working, which it did. I get this: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/cmp.........ok t/fork........ok t/lock........skipped all skipped: Do not seem to have O_EXLOCK t/mktemp......ok t/object......ok t/posix.......ok t/security....ok 3/13 skipped: Test inappropriate for root t/seekable....ok t/tempfile....ok All tests successful, 1 test and 3 subtests skipped. So I assume that for some reason you have O_EXLOCK defined, so the tests aren't skipped. This is defined in Fcntl. Have you got Fcntl installed? perl -MFcntl -e 'print $Fcntl::VERSION;' What is the output of that? I get "1.05", and &Fcntl::O_EXLOCK is not defined, as perl -MFcntl -e '&Fcntl::O_EXLOCK;' produces an error. Interesting no-one else has seen this problem before. According to search.cpan.org, it is shipped in Perl 5.10. Its latest version is 1.06. > t/lock........dubious > Test returned status 255 (wstat 65280, 0xff00) > t/mktemp......ok > t/object......ok > t/posix.......ok > t/security....ok > 3/13 skipped: Test inappropriate for root > t/seekable....ok > t/tempfile....ok > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------ > ------- > t/lock.t 255 65280 ?? ?? % ?? > 3 subtests skipped. > Failed 1/9 test scripts, 88.89% okay. 0/102 subtests failed, 100.00% > okay. > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.5106 (%build) > > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.5106 (%build) > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-File-Temp-0.19-1.noarch.rpm. > Maybe it did not build correctly? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: 05 January 2008 17:56 > To: MailScanner discussion > Subject: Re: Upgrade Erros on CentOS 5 - File::Temp > > > * PGP Bad Signature, Signed by an unverified key: 01/05/08 at 17:55:40 > > But you are using the RPM distro of MailScanner 4.66.5-3 aren't you? > If so, perl-File-Temp is force-installed, so you will get the correct > version installed by install.sh. > Check that in install.sh, there is a line starting "File::Temp" and the > last 2 words on that line are "yes" and "yes". > If not, please let me know. > > How exactly did you install MailScanner this time around? > > Paul Hutchings wrote: > >> Seeing errors upgrading to the latest stable on CentOS5, >> >> AIUI file::temp is included in the latest perl, 5.8.8-10.el5_0.2? >> >> Any suggestions (noob alert!) >> >> *** The following required modules are missing: >> File::Temp: At least version 0.17 >> *** Please install them before attempting to use MIME::Tools. >> WARNING: LICENSE is not a known parameter. >> Checking if your kit is complete... >> Looks good >> Warning: prerequisite File::Temp 0.17 not found. We have 0.16. >> 'LICENSE' is not a known MakeMaker parameter name. >> Writing Makefile for MIME-tools >> + make >> cp lib/MIME/Body.pm blib/lib/MIME/Body.pm >> cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm >> cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm >> cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm >> cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm >> cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm >> cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm >> cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm >> cp lib/MIME/Head.pm blib/lib/MIME/Head.pm >> cp lib/MIME/Words.pm blib/lib/MIME/Words.pm >> cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm >> cp lib/MIME/Decoder/BinHex.pm blib/lib/MIME/Decoder/BinHex.pm >> cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm >> cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm >> cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm >> cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm >> cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm >> cp lib/MIME/Decoder/QuotedPrint.pm >> > blib/lib/MIME/Decoder/QuotedPrint.pm > >> cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm >> cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm >> cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm >> cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm >> Manifying blib/man3/MIME::Decoder::Gzip64.3pm >> Manifying blib/man3/MIME::Body.3pm >> Manifying blib/man3/MIME::Field::ContDisp.3pm >> Manifying blib/man3/MIME::Parser::Results.3pm >> Manifying blib/man3/MIME::Field::ContType.3pm >> Manifying blib/man3/MIME::Decoder::NBit.3pm >> Manifying blib/man3/MIME::Entity.3pm >> Manifying blib/man3/MIME::Parser::Filer.3pm >> Manifying blib/man3/MIME::Head.3pm >> Manifying blib/man3/MIME::Words.3pm >> Manifying blib/man3/MIME::Field::ParamVal.3pm >> Manifying blib/man3/MIME::Decoder::BinHex.3pm >> Manifying blib/man3/MIME::Field::ConTraEnc.3pm >> Manifying blib/man3/MIME::Tools.3pm >> Manifying blib/man3/MIME::Decoder::Binary.3pm >> Manifying blib/man3/MIME::Decoder.3pm >> Manifying blib/man3/MIME::Decoder::UU.3pm >> Manifying blib/man3/MIME::Decoder::Base64.3pm >> Manifying blib/man3/MIME::Decoder::QuotedPrint.3pm >> Manifying blib/man3/MIME::WordDecoder.3pm >> Manifying blib/man3/MIME::Parser::Reader.3pm >> Manifying blib/man3/MIME::Parser.3pm >> + make test >> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >> t/02-kwalitee........skipped >> all skipped: Test::Kwalitee not installed; skipping >> t/02-pod-coverage....skipped >> all skipped: Test::Pod::Coverage disabled. TEST_POD_COVERAGE=1 >> if you want it. >> t/02-pod.............ok >> t/99-prepare.........ok >> t/Body...............ok >> t/Decoder............# Using gzip: 1 >> t/Decoder............ok 1/8Can't locate object method "seek" via >> > package > >> "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Decoder/Gzip64.pm >> line 103. >> # Looks like you planned 8 tests but only ran 5. >> # Looks like your test died just after 5. >> t/Decoder............dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 6-8 >> Failed 3/8 tests, 62.50% okay >> t/Entity.............ok 1/30Can't locate object method "seek" via >> package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # Looks like you planned 30 tests but only ran 18. >> # Looks like your test died just after 18. >> t/Entity.............dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 19-30 >> Failed 12/30 tests, 60.00% okay >> t/Gauntlet...........ok >> t/Head...............ok >> t/Misc...............ok 1/14Can't call method "parts" on an undefined >> value at t/Misc.t line 123. >> # Looks like you planned 14 tests but only ran 12. >> # Looks like your test died just after 12. >> t/Misc...............dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 13-14 >> Failed 2/14 tests, 85.71% okay >> t/Parser.............Can't locate object method "seek" via package >> "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # Looks like your test died before it could output anything. >> t/Parser.............dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 1-31 >> Failed 31/31 tests, 0.00% okay >> t/ParserEncoded......ok >> t/ParserPreamble.....ok 1/2Can't locate object method "seek" via >> > package > >> "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> <$fh> line 18. >> # Looks like you planned 2 tests but only ran 1. >> # Looks like your test died just after 1. >> t/ParserPreamble.....dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED test 2 >> Failed 1/2 tests, 50.00% okay >> t/Ref................NOK 5 >> # Failed test 'testmsgs/multi-nested.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 7 >> # Failed test 'testmsgs/uu-zeegee.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 125. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 9 >> # Failed test 'testmsgs/multi-2gifs.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 32. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 11 >> # Failed test 'testmsgs/multi-igor.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 31. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 13 >> # Failed test 'testmsgs/multi-nested3.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 15 >> # Failed test 'testmsgs/ak-0696-nest.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 21. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 17 >> # Failed test 'testmsgs/ak-0696-replace.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 21. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 19 >> # Failed test 'testmsgs/ak-0696-none.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 21. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 21 >> # Failed test 'testmsgs/bluedot-postcard.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 19. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 25 >> # Failed test 'testmsgs/uu-junk.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 39. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 27 >> # Failed test 'testmsgs/multi-clen.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 15. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 29 >> # Failed test 'testmsgs/multi-weirdspace.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 30. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 31 >> # Failed test 'testmsgs/multi-simple.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 15. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 33 >> # Failed test 'testmsgs/multi-nested2.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 35 >> # Failed test 'testmsgs/multi-digest.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 18. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 37 >> # Failed test 'testmsgs/multi-2evil.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 32. >> # ' >> # at t/Ref.t line 89. >> >> # Failed test 'testmsgs/multi-igor2.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 31. >> # ' >> # at t/Ref.t line 89. >> >> # Failed test 'testmsgs/uu-junk-extracted.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 39. >> # ' >> # at t/Ref.t line 89. >> >> # Failed test 'testmsgs/dup-names.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 27. >> # ' >> # at t/Ref.t line 89. >> # Looks like you failed 19 tests of 50. >> t/Ref................dubious >> Test returned status 19 (wstat 4864, 0x1300) >> DIED. FAILED tests 5, 7, 9, 11, 13, 15, 17, 19, 21, 25, 27, 29, 31, >> > 33, > >> 35, 37, 45, 47, 49 >> Failed 19/50 tests, 62.00% okay >> t/Smtpsend...........ok >> t/WordDecoder........ok >> t/Words..............ok >> Failed Test Stat Wstat Total Fail Failed List of Failed >> >> > ------------------------------------------------------------------------ > >> ------- >> t/Decoder.t 255 65280 8 6 75.00% 6-8 >> t/Entity.t 255 65280 30 24 80.00% 19-30 >> t/Misc.t 255 65280 14 4 28.57% 13-14 >> t/Parser.t 255 65280 31 62 200.00% 1-31 >> t/ParserPreamble.t 255 65280 2 2 100.00% 2 >> t/Ref.t 19 4864 50 19 38.00% 5 7 9 11 13 15 17 19 >> 21 25 27 >> 29 31 33 35 37 45 47 >> 49 >> 2 tests skipped. >> Failed 6/17 test scripts, 64.71% okay. 68/321 subtests failed, 78.82% >> okay. >> make: *** [test_dynamic] Error 255 >> error: Bad exit status from /var/tmp/rpm-tmp.54342 (%build) >> >> Paul Hutchings >> Network Administrator, MIRA Ltd. >> Tel: 44 (0)24 7635 5378 >> Fax: 44 (0)24 7635 8378 >> mailto:paul.hutchings@mira.co.uk >> >> >> >> > > Jules > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf89bEfZZRxQVtlQRAqr3AJ4/wgvhxhSnsaptkF6QsPmRN8lwRwCgnUeF 1fgtGACJSI9EYh0goTHFY1c= =Y4BY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 5 18:42:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 5 18:42:38 2008 Subject: People forget to install unrar In-Reply-To: <477FCA83.2080902@pixelhammer.com> References: <477FC5E4.5010707@ecs.soton.ac.uk> <477FCA83.2080902@pixelhammer.com> Message-ID: <477FCF88.4060801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DAve wrote: > Julian Field wrote: > >> This is one problem I see time and again on other people's systems, they >> never remember to install unrar, which means that MailScanner cannot >> check filenames or filetypes in RAR archives. >> >> Anyone got any good practical ideas on how I might go about solving this >> one? >> >> Thanks! >> >> Jules >> >> > > I have not seen a RAR archive in 7 years. In the last three years of > running MailScanner it has never had to open a RAR archive (I know, I've > looked). > > Can you make the opening of RAR archives an option defaulted to off, or > are others dealing with RAR archives more often than I am? > It tries to open them and fails, but that doesn't do any damage to the message, so the status quo works okay. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf8+KEfZZRxQVtlQRAganAJ9+p+oeRT4cjErtsZzB+VsrP0emBgCeMQnZ OyPqlzEQtLCpIL/96ZODeI0= =JTqj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Sat Jan 5 19:04:17 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Jan 5 19:05:33 2008 Subject: People forget to install unrar In-Reply-To: <477FCF88.4060801@ecs.soton.ac.uk> References: <477FC5E4.5010707@ecs.soton.ac.uk> <477FCA83.2080902@pixelhammer.com>,<477FCF88.4060801@ecs.soton.ac.uk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D00@server02.bhl.local> From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field [MailScanner@ecs.soton.ac.uk] Sent: 05 January 2008 18:42 To: MailScanner discussion Subject: Re: People forget to install unrar -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DAve wrote: > Julian Field wrote: > >> This is one problem I see time and again on other people's systems, they >> never remember to install unrar, which means that MailScanner cannot >> check filenames or filetypes in RAR archives. >> >> Anyone got any good practical ideas on how I might go about solving this >> one? >> >> Thanks! >> >> Jules >> >> > > I have not seen a RAR archive in 7 years. In the last three years of > running MailScanner it has never had to open a RAR archive (I know, I've > looked). > > Can you make the opening of RAR archives an option defaulted to off, or > are others dealing with RAR archives more often than I am? > It tries to open them and fails, but that doesn't do any damage to the message, so the status quo works okay. Jules Wouldn't it be sufficient if it just reported it as not installed when you do a --lint or run it in debug mode? Jason From hvdkooij at vanderkooij.org Sat Jan 5 19:19:21 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jan 5 19:19:48 2008 Subject: Max file size In-Reply-To: <477F78E8.4080609@ecs.soton.ac.uk> References: <477D54DD.4050603@pccctx.com> <477D5AA7.2060206@evi-inc.com> <477E473B.9010706@pccctx.com> <477E6185.8020009@pccctx.com> <477E6600.7000703@ecs.soton.ac.uk> <477F3463.60008@vanderkooij.org> <477F78E8.4080609@ecs.soton.ac.uk> Message-ID: <477FD839.6090307@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > > Hugo van der Kooij wrote: >> * PGP Signed by an unknown key > >> Julian Field wrote: > > >>> Guy Story KC5GOI wrote: >>> >>>> I am using 4.58.9-2 >>>> >>> Considering the current version is 4.66, that's more than 8 months old. >>> Quite old... >>> >>>> since that is what is on the Ubuntu repositories. I >>>> have been using the same conf file for a long time and have not run the >>>> upgrade script manually. I assume, and it looks like this is a wrong >>>> assumption, that the Ubuntu package does not do it either. I can add >>>> the Max Spam Check Size to MailScanner.conf and go from there. >>>> >>> Use the upgrade_MailScanner_conf script, it won't do any damage, it >>> carefully preserves all your settings and just adds new ones so you >>> don't have to use the defaults for new configuration settings. Just run >>> the script without any parameters and it will tell you how to use it. >>> >> Well. That depends on how you define damage. I considere loosing my own >> comments in a configuration file damage as well. > > Give the upgrade_MailScanner_conf script the "--keep-comments" > command-line option, and it will. >> The warning that one will loose ones own comments is the sole reason I >> am extremely reluctant to run that config upgrade script. > > I thought of that one a very long time ago :-) How about a way to mark my private comments? I now use #H# on each line so I can fast forward with my $EDITOR to my comments. How about adding some option like: --keep-notes "#H#" Or even with regex support: --keep-notes "^#H#" Indicating which comments to keep. As you put comments above the parameter it would be a reasonable request that people put their own remarks above the parameter line. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHf9g1BvzDRVjxmYERAufVAJ9VV6uSCg4/7JJwcoUl3YjlGpCXkwCfX3PL YkDSF2yr1aBi4FgWpjnwoI0= =VNqF -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Jan 5 19:44:50 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jan 5 19:45:32 2008 Subject: MailScanner on yum repository In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local> Message-ID: <477FDE32.7030509@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Ede wrote: > Hugo, > > > > When do you plan to put 4.66 onto the yum respository? Who knows. I am still not clear on what works best. But I would say it is rather obvious I would prefer to have a yum repository on the MailSanner site if none of the regular repositories are willing to pick it up. I allready forwarded the manual to create a repository to Jules. And it is small enough to fit on one of those annoying yellow sticky pieces of papers some people will stick to their monitor. But there is the problem of dependencies. So far I have come up with the following scenarios: 1. Forget about it. Not realy what I wish for but it is an option that must be listed just for arguments sake. 2. Use a minimal set of packages in the repository and rely on other repositories. That might break things every now and again untill it is fixed in a new beta and official release in due time. A partial fix is to be more strict on which packages are acceptable by adding more version checks. Something like: Requires: perl-MailTools >= 1.7, perl-MailTools < 2.0 (This should forbid one to install a 2.x version.) Or use a very strict list of tested version. So in this case it would read: Requires: perl-MailTools = 1.77 3. Use a big repository and add tested package that are working well with RHEL/Centos for example and just use that repository next to RHEL/Centos itself. No more need to add another repository. At this point both options 2 and 3 have their own merits and challenges. I tend to lean towards option 2 as it is propably much less work in the long run. BTW: Jules, unrar can just be another requirement in your spec file. If you do not use the --force option but let package management play it nice it might actually work. Hugo. PS: Today is day 5 of the year and I am allready on +16 hours. So it seems I need to plan some quality time with my bed sometime soon. (As if plans ever survive first contact with the customer ;-) - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHf94vBvzDRVjxmYERAiTFAJ9OTUafnzu2pdL7BgUB6MinKHhQkgCcCCBE 3+jzen7b99YnY8JI/SCg0KA= =UiZu -----END PGP SIGNATURE----- From paul.hutchings at mira.co.uk Sat Jan 5 19:48:53 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Sat Jan 5 19:49:03 2008 Subject: Upgrade Erros on CentOS 5 - File::Temp References: <477FC49A.8020707@ecs.soton.ac.uk> <477FCF5A.4090405@ecs.soton.ac.uk> Message-ID: I think I'm OK now. I did a forced rpm install of perl-file-temp (as the rpm seemed to complain about a man file installed with the latest version of Perl) and then I re-ran install.sh and it now appears happy and has updated the MIME-Tools module. Thanks Paul -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: 05 January 2008 18:42 To: MailScanner discussion Subject: Re: Upgrade Erros on CentOS 5 - File::Temp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Hutchings wrote: > Attempting to build and install perl-File-Temp-0.19-1 > Installing perl-File-Temp-0.19-1.src.rpm > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.5106 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd /usr/src/redhat/BUILD > + rm -rf File-Temp-0.19 > + /bin/gzip -dc /usr/src/redhat/SOURCES/File-Temp-0.19.tar.gz > + tar -xf - > + STATUS=0 > + '[' 0 -ne 0 ']' > + cd File-Temp-0.19 > ++ /usr/bin/id -u > + '[' 0 = 0 ']' > + /bin/chown -Rhf root . > ++ /usr/bin/id -u > + '[' 0 = 0 ']' > + /bin/chgrp -Rhf root . > + /bin/chmod -Rf a+rX,u+w,g-w,o-w . > + exit 0 > Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.5106 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd File-Temp-0.19 > + CFLAGS='-O2 -g' > + perl Makefile.PL PREFIX=/var/tmp/perl-File-Temp-0.19-1-root/usr > Checking if your kit is complete... > Looks good > Writing Makefile for File::Temp > + make > cp Temp.pm blib/lib/File/Temp.pm > Manifying blib/man3/File::Temp.3pm > + make test > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/cmp.........ok > t/fork........ok > t/lock........You tried to run a test without a plan at t/lock.t line 8. > BEGIN failed--compilation aborted at t/lock.t line 8. > # Looks like your test died before it could output anything. > Do you get the same output if you download the module from search.cpan.org and then unpack it, cd into it and perl Makefile.PL make make test or does it then build okay? I don't get this error on my systems, I tested this an hour ago to be sure it was working, which it did. I get this: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/cmp.........ok t/fork........ok t/lock........skipped all skipped: Do not seem to have O_EXLOCK t/mktemp......ok t/object......ok t/posix.......ok t/security....ok 3/13 skipped: Test inappropriate for root t/seekable....ok t/tempfile....ok All tests successful, 1 test and 3 subtests skipped. So I assume that for some reason you have O_EXLOCK defined, so the tests aren't skipped. This is defined in Fcntl. Have you got Fcntl installed? perl -MFcntl -e 'print $Fcntl::VERSION;' What is the output of that? I get "1.05", and &Fcntl::O_EXLOCK is not defined, as perl -MFcntl -e '&Fcntl::O_EXLOCK;' produces an error. Interesting no-one else has seen this problem before. According to search.cpan.org, it is shipped in Perl 5.10. Its latest version is 1.06. > t/lock........dubious > Test returned status 255 (wstat 65280, 0xff00) > t/mktemp......ok > t/object......ok > t/posix.......ok > t/security....ok > 3/13 skipped: Test inappropriate for root > t/seekable....ok > t/tempfile....ok > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------ > ------- > t/lock.t 255 65280 ?? ?? % ?? > 3 subtests skipped. > Failed 1/9 test scripts, 88.89% okay. 0/102 subtests failed, 100.00% > okay. > make: *** [test_dynamic] Error 255 > error: Bad exit status from /var/tmp/rpm-tmp.5106 (%build) > > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.5106 (%build) > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-File-Temp-0.19-1.noarch.rpm. > Maybe it did not build correctly? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: 05 January 2008 17:56 > To: MailScanner discussion > Subject: Re: Upgrade Erros on CentOS 5 - File::Temp > > > * PGP Bad Signature, Signed by an unverified key: 01/05/08 at 17:55:40 > > But you are using the RPM distro of MailScanner 4.66.5-3 aren't you? > If so, perl-File-Temp is force-installed, so you will get the correct > version installed by install.sh. > Check that in install.sh, there is a line starting "File::Temp" and the > last 2 words on that line are "yes" and "yes". > If not, please let me know. > > How exactly did you install MailScanner this time around? > > Paul Hutchings wrote: > >> Seeing errors upgrading to the latest stable on CentOS5, >> >> AIUI file::temp is included in the latest perl, 5.8.8-10.el5_0.2? >> >> Any suggestions (noob alert!) >> >> *** The following required modules are missing: >> File::Temp: At least version 0.17 >> *** Please install them before attempting to use MIME::Tools. >> WARNING: LICENSE is not a known parameter. >> Checking if your kit is complete... >> Looks good >> Warning: prerequisite File::Temp 0.17 not found. We have 0.16. >> 'LICENSE' is not a known MakeMaker parameter name. >> Writing Makefile for MIME-tools >> + make >> cp lib/MIME/Body.pm blib/lib/MIME/Body.pm >> cp lib/MIME/Decoder/Gzip64.pm blib/lib/MIME/Decoder/Gzip64.pm >> cp lib/MIME/Field/ContDisp.pm blib/lib/MIME/Field/ContDisp.pm >> cp lib/MIME/Parser/Results.pm blib/lib/MIME/Parser/Results.pm >> cp lib/MIME/Field/ContType.pm blib/lib/MIME/Field/ContType.pm >> cp lib/MIME/Decoder/NBit.pm blib/lib/MIME/Decoder/NBit.pm >> cp lib/MIME/Entity.pm blib/lib/MIME/Entity.pm >> cp lib/MIME/Parser/Filer.pm blib/lib/MIME/Parser/Filer.pm >> cp lib/MIME/Head.pm blib/lib/MIME/Head.pm >> cp lib/MIME/Words.pm blib/lib/MIME/Words.pm >> cp lib/MIME/Field/ParamVal.pm blib/lib/MIME/Field/ParamVal.pm >> cp lib/MIME/Decoder/BinHex.pm blib/lib/MIME/Decoder/BinHex.pm >> cp lib/MIME/Field/ConTraEnc.pm blib/lib/MIME/Field/ConTraEnc.pm >> cp lib/MIME/Tools.pm blib/lib/MIME/Tools.pm >> cp lib/MIME/Decoder/Binary.pm blib/lib/MIME/Decoder/Binary.pm >> cp lib/MIME/Decoder.pm blib/lib/MIME/Decoder.pm >> cp lib/MIME/Decoder/UU.pm blib/lib/MIME/Decoder/UU.pm >> cp lib/MIME/Decoder/QuotedPrint.pm >> > blib/lib/MIME/Decoder/QuotedPrint.pm > >> cp lib/MIME/Decoder/Base64.pm blib/lib/MIME/Decoder/Base64.pm >> cp lib/MIME/WordDecoder.pm blib/lib/MIME/WordDecoder.pm >> cp lib/MIME/Parser.pm blib/lib/MIME/Parser.pm >> cp lib/MIME/Parser/Reader.pm blib/lib/MIME/Parser/Reader.pm >> Manifying blib/man3/MIME::Decoder::Gzip64.3pm >> Manifying blib/man3/MIME::Body.3pm >> Manifying blib/man3/MIME::Field::ContDisp.3pm >> Manifying blib/man3/MIME::Parser::Results.3pm >> Manifying blib/man3/MIME::Field::ContType.3pm >> Manifying blib/man3/MIME::Decoder::NBit.3pm >> Manifying blib/man3/MIME::Entity.3pm >> Manifying blib/man3/MIME::Parser::Filer.3pm >> Manifying blib/man3/MIME::Head.3pm >> Manifying blib/man3/MIME::Words.3pm >> Manifying blib/man3/MIME::Field::ParamVal.3pm >> Manifying blib/man3/MIME::Decoder::BinHex.3pm >> Manifying blib/man3/MIME::Field::ConTraEnc.3pm >> Manifying blib/man3/MIME::Tools.3pm >> Manifying blib/man3/MIME::Decoder::Binary.3pm >> Manifying blib/man3/MIME::Decoder.3pm >> Manifying blib/man3/MIME::Decoder::UU.3pm >> Manifying blib/man3/MIME::Decoder::Base64.3pm >> Manifying blib/man3/MIME::Decoder::QuotedPrint.3pm >> Manifying blib/man3/MIME::WordDecoder.3pm >> Manifying blib/man3/MIME::Parser::Reader.3pm >> Manifying blib/man3/MIME::Parser.3pm >> + make test >> PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" >> "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >> t/02-kwalitee........skipped >> all skipped: Test::Kwalitee not installed; skipping >> t/02-pod-coverage....skipped >> all skipped: Test::Pod::Coverage disabled. TEST_POD_COVERAGE=1 >> if you want it. >> t/02-pod.............ok >> t/99-prepare.........ok >> t/Body...............ok >> t/Decoder............# Using gzip: 1 >> t/Decoder............ok 1/8Can't locate object method "seek" via >> > package > >> "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Decoder/Gzip64.pm >> line 103. >> # Looks like you planned 8 tests but only ran 5. >> # Looks like your test died just after 5. >> t/Decoder............dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 6-8 >> Failed 3/8 tests, 62.50% okay >> t/Entity.............ok 1/30Can't locate object method "seek" via >> package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # Looks like you planned 30 tests but only ran 18. >> # Looks like your test died just after 18. >> t/Entity.............dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 19-30 >> Failed 12/30 tests, 60.00% okay >> t/Gauntlet...........ok >> t/Head...............ok >> t/Misc...............ok 1/14Can't call method "parts" on an undefined >> value at t/Misc.t line 123. >> # Looks like you planned 14 tests but only ran 12. >> # Looks like your test died just after 12. >> t/Misc...............dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 13-14 >> Failed 2/14 tests, 85.71% okay >> t/Parser.............Can't locate object method "seek" via package >> "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # Looks like your test died before it could output anything. >> t/Parser.............dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED tests 1-31 >> Failed 31/31 tests, 0.00% okay >> t/ParserEncoded......ok >> t/ParserPreamble.....ok 1/2Can't locate object method "seek" via >> > package > >> "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> <$fh> line 18. >> # Looks like you planned 2 tests but only ran 1. >> # Looks like your test died just after 1. >> t/ParserPreamble.....dubious >> Test returned status 255 (wstat 65280, 0xff00) >> DIED. FAILED test 2 >> Failed 1/2 tests, 50.00% okay >> t/Ref................NOK 5 >> # Failed test 'testmsgs/multi-nested.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 7 >> # Failed test 'testmsgs/uu-zeegee.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 125. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 9 >> # Failed test 'testmsgs/multi-2gifs.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 32. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 11 >> # Failed test 'testmsgs/multi-igor.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 31. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 13 >> # Failed test 'testmsgs/multi-nested3.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 15 >> # Failed test 'testmsgs/ak-0696-nest.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 21. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 17 >> # Failed test 'testmsgs/ak-0696-replace.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 21. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 19 >> # Failed test 'testmsgs/ak-0696-none.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 21. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 21 >> # Failed test 'testmsgs/bluedot-postcard.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 19. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 25 >> # Failed test 'testmsgs/uu-junk.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 39. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 27 >> # Failed test 'testmsgs/multi-clen.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 15. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 29 >> # Failed test 'testmsgs/multi-weirdspace.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 30. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 31 >> # Failed test 'testmsgs/multi-simple.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 15. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 33 >> # Failed test 'testmsgs/multi-nested2.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 22. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 35 >> # Failed test 'testmsgs/multi-digest.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 18. >> # ' >> # at t/Ref.t line 89. >> t/Ref................NOK 37 >> # Failed test 'testmsgs/multi-2evil.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 32. >> # ' >> # at t/Ref.t line 89. >> >> # Failed test 'testmsgs/multi-igor2.ref, problem: Can't locate >> > object > >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 31. >> # ' >> # at t/Ref.t line 89. >> >> # Failed test 'testmsgs/uu-junk-extracted.ref, problem: Can't locate >> object method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 39. >> # ' >> # at t/Ref.t line 89. >> >> # Failed test 'testmsgs/dup-names.ref, problem: Can't locate object >> method "seek" via package "File::Temp" at >> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Parser.pm line >> > 816, > >> line 27. >> # ' >> # at t/Ref.t line 89. >> # Looks like you failed 19 tests of 50. >> t/Ref................dubious >> Test returned status 19 (wstat 4864, 0x1300) >> DIED. FAILED tests 5, 7, 9, 11, 13, 15, 17, 19, 21, 25, 27, 29, 31, >> > 33, > >> 35, 37, 45, 47, 49 >> Failed 19/50 tests, 62.00% okay >> t/Smtpsend...........ok >> t/WordDecoder........ok >> t/Words..............ok >> Failed Test Stat Wstat Total Fail Failed List of Failed >> >> > ------------------------------------------------------------------------ > >> ------- >> t/Decoder.t 255 65280 8 6 75.00% 6-8 >> t/Entity.t 255 65280 30 24 80.00% 19-30 >> t/Misc.t 255 65280 14 4 28.57% 13-14 >> t/Parser.t 255 65280 31 62 200.00% 1-31 >> t/ParserPreamble.t 255 65280 2 2 100.00% 2 >> t/Ref.t 19 4864 50 19 38.00% 5 7 9 11 13 15 17 19 >> 21 25 27 >> 29 31 33 35 37 45 47 >> 49 >> 2 tests skipped. >> Failed 6/17 test scripts, 64.71% okay. 68/321 subtests failed, 78.82% >> okay. >> make: *** [test_dynamic] Error 255 >> error: Bad exit status from /var/tmp/rpm-tmp.54342 (%build) >> >> Paul Hutchings >> Network Administrator, MIRA Ltd. >> Tel: 44 (0)24 7635 5378 >> Fax: 44 (0)24 7635 8378 >> mailto:paul.hutchings@mira.co.uk >> >> >> >> > > Jules > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf89bEfZZRxQVtlQRAqr3AJ4/wgvhxhSnsaptkF6QsPmRN8lwRwCgnUeF 1fgtGACJSI9EYh0goTHFY1c= =Y4BY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From uxbod at splatnix.net Sun Jan 6 09:26:23 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 6 09:26:49 2008 Subject: 4.67.1-1 with esets virus scanner support In-Reply-To: <477FCBDB.7090204@ecs.soton.ac.uk> Message-ID: <18415963.121199611583612.JavaMail.root@office.splatnix.net> Hi Jules, It appears that it is just a bit of rebranding. All the previous nod32 commands are now prefixed esets instead ie nod32_cli becomes esets_cli. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Julian Field" To: "MailScanner discussion" Sent: 05 January 2008 18:26:35 o'clock (GMT) Europe/London Subject: 4.67.1-1 with esets virus scanner support -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just put out a beta release which includes support for the esets virus scanner. Thanks to Phil (UxBoD) for writing the support for it. What's the difference between esets and nod32? They both seem to be produced by the same people. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf8vcEfZZRxQVtlQRArjuAKDz5DAPoBqaQhj/4PLBLsotQ175OwCfe1Pi kzKayX5Z40grEU4IV5snKio= =nNQa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 6 10:34:32 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 6 10:34:54 2008 Subject: 4.67.1-1 with esets virus scanner support In-Reply-To: <1080367.151199615668183.JavaMail.root@office.splatnix.net> Message-ID: <29091041.171199615672263.JavaMail.root@office.splatnix.net> Jules, I found that the esets_update returned 0 whether the definitions were updated or not. I have attached a patch that checks all return codes, and if the update text shows that it is already up to date will report accordingly. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Julian Field" To: "MailScanner discussion" Sent: 05 January 2008 18:26:35 o'clock (GMT) Europe/London Subject: 4.67.1-1 with esets virus scanner support -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just put out a beta release which includes support for the esets virus scanner. Thanks to Phil (UxBoD) for writing the support for it. What's the difference between esets and nod32? They both seem to be produced by the same people. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHf8vcEfZZRxQVtlQRArjuAKDz5DAPoBqaQhj/4PLBLsotQ175OwCfe1Pi kzKayX5Z40grEU4IV5snKio= =nNQa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: esets-autoupdate.patch Type: text/x-patch Size: 1191 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080106/bd484a7a/esets-autoupdate.bin From MailScanner at ecs.soton.ac.uk Sun Jan 6 11:54:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 6 11:54:32 2008 Subject: 4.67.1-1 with esets virus scanner support In-Reply-To: <29091041.171199615672263.JavaMail.root@office.splatnix.net> References: <29091041.171199615672263.JavaMail.root@office.splatnix.net> Message-ID: <4780C161.9070905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for the patch. It will be in the next release. UxBoD wrote: > Jules, > > I found that the esets_update returned 0 whether the definitions were updated or not. I have attached a patch that checks all return codes, and if the update text shows that it is already up to date will report accordingly. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "Julian Field" > To: "MailScanner discussion" > Sent: 05 January 2008 18:26:35 o'clock (GMT) Europe/London > Subject: 4.67.1-1 with esets virus scanner support > > > * PGP Signed by an unmatched address: 01/05/08 at 18:26:36 > > I have just put out a beta release which includes support for the esets > virus scanner. > Thanks to Phil (UxBoD) for writing the support for it. > > What's the difference between esets and nod32? They both seem to be > produced by the same people. > > Jules > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHgMFjEfZZRxQVtlQRAguwAJ9rM0MJbyPuEeEWziMA9oM3rkPggACfc99Q Y/BhLR/pgFM840OR6yU2U3U= =IGf7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 6 11:56:30 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 6 12:02:16 2008 Subject: Kaspersky not detected In-Reply-To: <3463007.21199620250584.JavaMail.root@office.splatnix.net> Message-ID: <4799946.41199620590150.JavaMail.root@office.splatnix.net> Hi, Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 # Kaspersky 4.5 and newer kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky and in kaspersky-wrapper it looks for :- Scanner=kav4fs/bin/kav4fs-kavscanner so on checking that :- [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner Any ideas ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 6 14:02:06 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 6 14:02:41 2008 Subject: Kaspersky not detected In-Reply-To: <4799946.41199620590150.JavaMail.root@office.splatnix.net> Message-ID: <19109760.101199628126348.JavaMail.root@office.splatnix.net> Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "UxBoD" To: mailscanner@lists.mailscanner.info Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London Subject: Kaspersky not detected Hi, Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 # Kaspersky 4.5 and newer kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky and in kaspersky-wrapper it looks for :- Scanner=kav4fs/bin/kav4fs-kavscanner so on checking that :- [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner Any ideas ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jaearick at colby.edu Sun Jan 6 14:15:59 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Sun Jan 6 14:16:20 2008 Subject: People forget to install unrar In-Reply-To: <477FC5E4.5010707@ecs.soton.ac.uk> References: <477FC5E4.5010707@ecs.soton.ac.uk> Message-ID: On Sat, 5 Jan 2008, Julian Field wrote: > This is one problem I see time and again on other people's systems, they > never remember to install unrar, which means that MailScanner cannot > check filenames or filetypes in RAR archives. > > Anyone got any good practical ideas on how I might go about solving this > one? > > Thanks! > > Jules Julian, I just updated to unrarsrc-3.7.6 a few days ago, concurrent with installing MS 4.66.5. I don't remember what motivated me to do this; previously I had unrar 3.5.4 installed. Must have been new-year enthusiasum. Any chance that unrarsrc (from www.rarlab.com, you have to hunt for the download) can be included and built like tnef is? There might be legal issues with unrarlab on this. FWIW, I occasionally *do* see rar files at my sight; I don't know why. Mailscanner deals with them nicely. Jeff Earickson Colby College From MailScanner at ecs.soton.ac.uk Sun Jan 6 14:30:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 6 14:31:11 2008 Subject: People forget to install unrar In-Reply-To: References: <477FC5E4.5010707@ecs.soton.ac.uk> Message-ID: <4780E619.8000304@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > On Sat, 5 Jan 2008, Julian Field wrote: > >> This is one problem I see time and again on other people's systems, they >> never remember to install unrar, which means that MailScanner cannot >> check filenames or filetypes in RAR archives. >> >> Anyone got any good practical ideas on how I might go about solving this >> one? >> >> Thanks! >> >> Jules > > Julian, > > I just updated to unrarsrc-3.7.6 a few days ago, concurrent with > installing MS 4.66.5. I don't remember what motivated me to do this; > previously I had unrar 3.5.4 installed. Must have been new-year > enthusiasum. > > Any chance that unrarsrc (from www.rarlab.com, you have to hunt for > the download) can be included and built like tnef is? There might > be legal issues with unrarlab on this. I could have a look, but I would rather have people just download the RPM from dag.wieers.com or somewhere like that. But I'll definitely take a look at rarlab.com and see if it can be built from source easily and reliably on a wide range of systems. I'll then ask them about distributing it. It must be possible, as Dag does it. What I have done in the mean time is add a check to MailScanner --lint to check that it is installed and executable, so at least you'll get to find out you haven't got it installed. Cheers, Jules. > > FWIW, I occasionally *do* see rar files at my sight; I don't know why. > Mailscanner deals with them nicely. > > Jeff Earickson > Colby College Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHgOYbEfZZRxQVtlQRAo7UAKDxFHK2MuhaGMmzSMTikQi02/QogwCgpOia Yeut0vs99ldPQGYQlXs4iUA= =Sl+C -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 6 15:26:34 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 6 15:57:59 2008 Subject: Kaspersky not detected In-Reply-To: <16460484.131199633099934.JavaMail.root@office.splatnix.net> Message-ID: <18289675.151199633194074.JavaMail.root@office.splatnix.net> Right finally got it working :) Here is the lint :- [root@mailhub tmp]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.1) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/spamassassin SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd, kaspersky-4.5, esets =========================================================================== =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File" esets said "Found virus Eicar test file in eicar.com" If any of your virus scanners (clamd,kaspersky-4.5,esets) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. To get it to work I changed the following :- 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf 2) Modified the above file and changed Ichecker=no under the section [scanner.options] 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses Hope this helps. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "UxBoD" To: "MailScanner discussion" Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London Subject: Re: Kaspersky not detected Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "UxBoD" To: mailscanner@lists.mailscanner.info Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London Subject: Kaspersky not detected Hi, Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 # Kaspersky 4.5 and newer kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky and in kaspersky-wrapper it looks for :- Scanner=kav4fs/bin/kav4fs-kavscanner so on checking that :- [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner Any ideas ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jkf at ecs.soton.ac.uk Sun Jan 6 16:35:25 2008 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 6 16:35:47 2008 Subject: Kaspersky not detected In-Reply-To: <18289675.151199633194074.JavaMail.root@office.splatnix.net> References: <18289675.151199633194074.JavaMail.root@office.splatnix.net> Message-ID: <4781034D.4040608@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote: > Right finally got it working :) Here is the lint :- > > [root@mailhub tmp]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.67.1) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/spamassassin > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd, kaspersky-4.5, esets > =========================================================================== > =========================================================================== > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File" > esets said "Found virus Eicar test file in eicar.com" > > If any of your virus scanners (clamd,kaspersky-4.5,esets) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > To get it to work I changed the following :- > > 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf > I assume you are using Exim or Postfix (i.e. you aren't running MailScanner as root). > 2) Modified the above file and changed Ichecker=no under the section [scanner.options] > What is the Ichecker? What does this setting control, and what is the effect of the change? > 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses > Eek, don't like that. Someone could nullify your licences which is a simple DoS attack on your scanner. Wouldn't a chmod a+rX /var/opt/kaspersky/kav4fs/licenses do the job instead? > Hope this helps. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "UxBoD" > To: "MailScanner discussion" > Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London > Subject: Re: Kaspersky not detected > > Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "UxBoD" > To: mailscanner@lists.mailscanner.info > Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London > Subject: Kaspersky not detected > > Hi, > > Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- > > # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 > # Kaspersky 4.5 and newer > kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky > > and in kaspersky-wrapper it looks for :- > > Scanner=kav4fs/bin/kav4fs-kavscanner > > so on checking that :- > > [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner > -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner > > Any ideas ? > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > Jules - -- Julian Field MEng MBCS CITP CEng jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHgQNPEfZZRxQVtlQRAmI/AKDPkmV5Rt86c+Fgj57k1ugkTvykewCgk+qh syt+hXFZt1GG3l1ll96D9iY= =bicz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jkf at ecs.soton.ac.uk Sun Jan 6 16:35:25 2008 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 6 16:36:37 2008 Subject: Kaspersky not detected In-Reply-To: <18289675.151199633194074.JavaMail.root@office.splatnix.net> References: <18289675.151199633194074.JavaMail.root@office.splatnix.net> Message-ID: <4781034D.4040608@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote: > Right finally got it working :) Here is the lint :- > > [root@mailhub tmp]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.67.1) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/spamassassin > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd, kaspersky-4.5, esets > =========================================================================== > =========================================================================== > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File" > esets said "Found virus Eicar test file in eicar.com" > > If any of your virus scanners (clamd,kaspersky-4.5,esets) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > To get it to work I changed the following :- > > 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf > I assume you are using Exim or Postfix (i.e. you aren't running MailScanner as root). > 2) Modified the above file and changed Ichecker=no under the section [scanner.options] > What is the Ichecker? What does this setting control, and what is the effect of the change? > 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses > Eek, don't like that. Someone could nullify your licences which is a simple DoS attack on your scanner. Wouldn't a chmod a+rX /var/opt/kaspersky/kav4fs/licenses do the job instead? > Hope this helps. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "UxBoD" > To: "MailScanner discussion" > Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London > Subject: Re: Kaspersky not detected > > Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "UxBoD" > To: mailscanner@lists.mailscanner.info > Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London > Subject: Kaspersky not detected > > Hi, > > Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- > > # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 > # Kaspersky 4.5 and newer > kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky > > and in kaspersky-wrapper it looks for :- > > Scanner=kav4fs/bin/kav4fs-kavscanner > > so on checking that :- > > [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner > -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner > > Any ideas ? > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > Jules - -- Julian Field MEng MBCS CITP CEng jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHgQN/EfZZRxQVtlQRAiw8AKCmM2Lsx0qlEooyFWPatJ6ZcIF6kgCgvjEd XEAZ/R6f9t8iJnoUEhl+Nko= =mO0M -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 6 16:51:35 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 6 16:53:54 2008 Subject: Kaspersky not detected In-Reply-To: <21106666.201199638133454.JavaMail.root@office.splatnix.net> Message-ID: <29184573.221199638295290.JavaMail.root@office.splatnix.net> Hi Jules, Okay :- 1) Yes running Postfix so in my MailScanner.conf am using Run/Group As Postfix 2) IChecker is basically a cache http://www.kaspersky.co.uk/faq?qid=156636746 3) The license is not actually in there, but a file called appinfo.dat. This gets updated each time a user run kav4fs-kavscanner. I don't think a DDoS would get at that file to be honest. I have posted on the Kasersky forums (http://forum.kaspersky.com/index.php?showtopic=57167&st=0&gopid=518553&#entry518553) so will see if they actually reply. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Julian Field" To: "MailScanner discussion" Sent: 06 January 2008 16:35:25 o'clock (GMT) Europe/London Subject: Re: Kaspersky not detected -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote: > Right finally got it working :) Here is the lint :- > > [root@mailhub tmp]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.67.1) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/spamassassin > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = auto" > Found these virus scanners installed: clamd, kaspersky-4.5, esets > =========================================================================== > =========================================================================== > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File" > esets said "Found virus Eicar test file in eicar.com" > > If any of your virus scanners (clamd,kaspersky-4.5,esets) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > To get it to work I changed the following :- > > 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf > I assume you are using Exim or Postfix (i.e. you aren't running MailScanner as root). > 2) Modified the above file and changed Ichecker=no under the section [scanner.options] > What is the Ichecker? What does this setting control, and what is the effect of the change? > 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses > Eek, don't like that. Someone could nullify your licences which is a simple DoS attack on your scanner. Wouldn't a chmod a+rX /var/opt/kaspersky/kav4fs/licenses do the job instead? > Hope this helps. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "UxBoD" > To: "MailScanner discussion" > Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London > Subject: Re: Kaspersky not detected > > Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "UxBoD" > To: mailscanner@lists.mailscanner.info > Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London > Subject: Kaspersky not detected > > Hi, > > Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- > > # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 > # Kaspersky 4.5 and newer > kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky > > and in kaspersky-wrapper it looks for :- > > Scanner=kav4fs/bin/kav4fs-kavscanner > > so on checking that :- > > [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner > -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner > > Any ideas ? > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > Jules - -- Julian Field MEng MBCS CITP CEng jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHgQNPEfZZRxQVtlQRAmI/AKDPkmV5Rt86c+Fgj57k1ugkTvykewCgk+qh syt+hXFZt1GG3l1ll96D9iY= =bicz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Jan 6 17:07:11 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 6 17:08:03 2008 Subject: Kaspersky not detected In-Reply-To: <29184573.221199638295290.JavaMail.root@office.splatnix.net> References: <29184573.221199638295290.JavaMail.root@office.splatnix.net> Message-ID: <47810ABF.2000501@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So without the changes you have suggested, what works and what doesn't? Can we make a MailScanner --lint highlight the changes if they haven't been done? Or can we make the -wrapper script log if it finds things not set up the way it needs? UxBoD wrote: > Hi Jules, > > Okay :- > > 1) Yes running Postfix so in my MailScanner.conf am using Run/Group As Postfix > 2) IChecker is basically a cache http://www.kaspersky.co.uk/faq?qid=156636746 > 3) The license is not actually in there, but a file called appinfo.dat. This gets updated each time a user run kav4fs-kavscanner. I don't think a DDoS would get at that file to be honest. > > I have posted on the Kasersky forums (http://forum.kaspersky.com/index.php?showtopic=57167&st=0&gopid=518553&#entry518553) so will see if they actually reply. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "Julian Field" > To: "MailScanner discussion" > Sent: 06 January 2008 16:35:25 o'clock (GMT) Europe/London > Subject: Re: Kaspersky not detected > > > * PGP Signed by an unmatched address: 01/06/08 at 16:35:27 > > > > UxBoD wrote: > >> Right finally got it working :) Here is the lint :- >> >> [root@mailhub tmp]# MailScanner --lint >> Trying to setlogsock(unix) >> Checking version numbers... >> Version number in MailScanner.conf (4.67.1) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = /var/spool/MailScanner/spamassassin >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = auto" >> Found these virus scanners installed: clamd, kaspersky-4.5, esets >> =========================================================================== >> =========================================================================== >> Virus Scanner test reports: >> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >> Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File" >> esets said "Found virus Eicar test file in eicar.com" >> >> If any of your virus scanners (clamd,kaspersky-4.5,esets) >> are not listed there, you should check that they are installed correctly >> and that MailScanner is finding them correctly via its virus.scanners.conf. >> >> To get it to work I changed the following :- >> >> 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf >> >> > I assume you are using Exim or Postfix (i.e. you aren't running > MailScanner as root). > >> 2) Modified the above file and changed Ichecker=no under the section [scanner.options] >> >> > What is the Ichecker? What does this setting control, and what is the > effect of the change? > > >> 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses >> >> > Eek, don't like that. Someone could nullify your licences which is a > simple DoS attack on your scanner. Wouldn't a chmod a+rX > /var/opt/kaspersky/kav4fs/licenses do the job instead? > > >> Hope this helps. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> step 3.: "UxBoD" >> To: "MailScanner discussion" >> Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London >> Subject: Re: Kaspersky not detected >> >> Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> step 3.: "UxBoD" >> To: mailscanner@lists.mailscanner.info >> Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London >> Subject: Kaspersky not detected >> >> Hi, >> >> Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- >> >> # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 >> # Kaspersky 4.5 and newer >> kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky >> >> and in kaspersky-wrapper it looks for :- >> >> Scanner=kav4fs/bin/kav4fs-kavscanner >> >> so on checking that :- >> >> [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner >> -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner >> >> Any ideas ? >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> >> > > Jules > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHgQrXEfZZRxQVtlQRApBFAJ0V+OqyJsUTG8vuyM9f8caEUj9bPQCdE1y1 VBywjUMxQcJuVxJ6tiUlGoI= =dfGn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 6 17:24:33 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 6 17:25:02 2008 Subject: Kaspersky not detected In-Reply-To: <30242330.281199640172607.JavaMail.root@office.splatnix.net> Message-ID: <18277846.301199640273760.JavaMail.root@office.splatnix.net> Jules, if you run MS as root then no problems at all, otherwise due to the permissions on /etc/opt/kaspersky/kav4fs.conf then it will fail straight away! The definitions upgrade script works fine as that is run via the root cron. Hmmm, the lint could check the conf file, but would also need to check the MS Run As parameter as you might aswell run the cache if you are just using root. What I have done may not be the correct or elegant way but it got it to work. Will see what comes back on the forum post, as they say the default is only run by root, so there must be a workaround. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Julian Field" To: "MailScanner discussion" Sent: 06 January 2008 17:07:11 o'clock (GMT) Europe/London Subject: Re: Kaspersky not detected -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So without the changes you have suggested, what works and what doesn't? Can we make a MailScanner --lint highlight the changes if they haven't been done? Or can we make the -wrapper script log if it finds things not set up the way it needs? UxBoD wrote: > Hi Jules, > > Okay :- > > 1) Yes running Postfix so in my MailScanner.conf am using Run/Group As Postfix > 2) IChecker is basically a cache http://www.kaspersky.co.uk/faq?qid=156636746 > 3) The license is not actually in there, but a file called appinfo.dat. This gets updated each time a user run kav4fs-kavscanner. I don't think a DDoS would get at that file to be honest. > > I have posted on the Kasersky forums (http://forum.kaspersky.com/index.php?showtopic=57167&st=0&gopid=518553&#entry518553) so will see if they actually reply. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "Julian Field" > To: "MailScanner discussion" > Sent: 06 January 2008 16:35:25 o'clock (GMT) Europe/London > Subject: Re: Kaspersky not detected > > > * PGP Signed by an unmatched address: 01/06/08 at 16:35:27 > > > > UxBoD wrote: > >> Right finally got it working :) Here is the lint :- >> >> [root@mailhub tmp]# MailScanner --lint >> Trying to setlogsock(unix) >> Checking version numbers... >> Version number in MailScanner.conf (4.67.1) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = /var/spool/MailScanner/spamassassin >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = auto" >> Found these virus scanners installed: clamd, kaspersky-4.5, esets >> =========================================================================== >> =========================================================================== >> Virus Scanner test reports: >> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >> Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File" >> esets said "Found virus Eicar test file in eicar.com" >> >> If any of your virus scanners (clamd,kaspersky-4.5,esets) >> are not listed there, you should check that they are installed correctly >> and that MailScanner is finding them correctly via its virus.scanners.conf. >> >> To get it to work I changed the following :- >> >> 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf >> >> > I assume you are using Exim or Postfix (i.e. you aren't running > MailScanner as root). > >> 2) Modified the above file and changed Ichecker=no under the section [scanner.options] >> >> > What is the Ichecker? What does this setting control, and what is the > effect of the change? > > >> 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses >> >> > Eek, don't like that. Someone could nullify your licences which is a > simple DoS attack on your scanner. Wouldn't a chmod a+rX > /var/opt/kaspersky/kav4fs/licenses do the job instead? > > >> Hope this helps. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> step 3.: "UxBoD" >> To: "MailScanner discussion" >> Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London >> Subject: Re: Kaspersky not detected >> >> Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> step 3.: "UxBoD" >> To: mailscanner@lists.mailscanner.info >> Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London >> Subject: Kaspersky not detected >> >> Hi, >> >> Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- >> >> # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 >> # Kaspersky 4.5 and newer >> kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky >> >> and in kaspersky-wrapper it looks for :- >> >> Scanner=kav4fs/bin/kav4fs-kavscanner >> >> so on checking that :- >> >> [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner >> -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner >> >> Any ideas ? >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> >> > > Jules > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHgQrXEfZZRxQVtlQRApBFAJ0V+OqyJsUTG8vuyM9f8caEUj9bPQCdE1y1 VBywjUMxQcJuVxJ6tiUlGoI= =dfGn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Jan 6 17:56:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 6 17:57:06 2008 Subject: Kaspersky not detected In-Reply-To: <18277846.301199640273760.JavaMail.root@office.splatnix.net> References: <18277846.301199640273760.JavaMail.root@office.splatnix.net> Message-ID: <47811643.8050305@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote: > Jules, > > if you run MS as root then no problems at all, otherwise due to the permissions on /etc/opt/kaspersky/kav4fs.conf then it will fail straight away! > > The definitions upgrade script works fine as that is run via the root cron. > > Hmmm, the lint could check the conf file, but would also need to check the MS Run As parameter as you might aswell run the cache if you are just using root. > So if not running as root and kaspersky (which versions?) is installed, then we mustn't use the cache, so "Ichecker=no" must appear in the conf file, after a "[scanner,options]" line but before any other /^\[/ line. Also, if not running as root, then kav4fs.conf must be readable and /var/opt/kaspersky/kav4fs/licenses must be writable and readable. Let me know exactly what versions of kaspersky we are talking about (i.e. what "Virus Scanners =" strings), and I should be able to write all this for you. Jules. > What I have done may not be the correct or elegant way but it got it to work. Will see what comes back on the forum post, as they say the default is only run by root, so there must be a workaround. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "Julian Field" > To: "MailScanner discussion" > Sent: 06 January 2008 17:07:11 o'clock (GMT) Europe/London > Subject: Re: Kaspersky not detected > > > * PGP Signed by an unmatched address: 01/06/08 at 17:07:35 > > So without the changes you have suggested, what works and what doesn't? > Can we make a MailScanner --lint highlight the changes if they haven't > been done? Or can we make the -wrapper script log if it finds things not > set up the way it needs? > > UxBoD wrote: > >> Hi Jules, >> >> Okay :- >> >> 1) Yes running Postfix so in my MailScanner.conf am using Run/Group As Postfix >> 2) IChecker is basically a cache http://www.kaspersky.co.uk/faq?qid=156636746 >> 3) The license is not actually in there, but a file called appinfo.dat. This gets updated each time a user run kav4fs-kavscanner. I don't think a DDoS would get at that file to be honest. >> >> I have posted on the Kasersky forums (http://forum.kaspersky.com/index.php?showtopic=57167&st=0&gopid=518553&#entry518553) so will see if they actually reply. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> step 3.: "Julian Field" >> To: "MailScanner discussion" >> Sent: 06 January 2008 16:35:25 o'clock (GMT) Europe/London >> Subject: Re: Kaspersky not detected >> >> >> >>> Old Signed by an unmatched address: 01/06/08 at 16:35:27 >>> >> >> UxBoD wrote: >> >> >>> Right finally got it working :) Here is the lint :- >>> >>> [root@mailhub tmp]# MailScanner --lint >>> Trying to setlogsock(unix) >>> Checking version numbers... >>> Version number in MailScanner.conf (4.67.1) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> >>> Checking for SpamAssassin errors (if you use it)... >>> SpamAssassin temp dir = /var/spool/MailScanner/spamassassin >>> SpamAssassin reported no errors. >>> MailScanner.conf says "Virus Scanners = auto" >>> Found these virus scanners installed: clamd, kaspersky-4.5, esets >>> =========================================================================== >>> =========================================================================== >>> Virus Scanner test reports: >>> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >>> Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File" >>> esets said "Found virus Eicar test file in eicar.com" >>> >>> If any of your virus scanners (clamd,kaspersky-4.5,esets) >>> are not listed there, you should check that they are installed correctly >>> and that MailScanner is finding them correctly via its virus.scanners.conf. >>> >>> To get it to work I changed the following :- >>> >>> 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf >>> >>> >>> >> I assume you are using Exim or Postfix (i.e. you aren't running >> MailScanner as root). >> >> >>> 2) Modified the above file and changed Ichecker=no under the section [scanner.options] >>> >>> >>> >> What is the Ichecker? What does this setting control, and what is the >> effect of the change? >> >> >> >>> 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses >>> >>> >>> >> Eek, don't like that. Someone could nullify your licences which is a >> simple DoS attack on your scanner. Wouldn't a chmod a+rX >> /var/opt/kaspersky/kav4fs/licenses do the job instead? >> >> >> >>> Hope this helps. >>> >>> Regards, >>> >>> --[ UxBoD ]-- >>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >>> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >>> >>> ----- Original Message ----- >>> step 3.: "UxBoD" >>> To: "MailScanner discussion" >>> Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London >>> Subject: Re: Kaspersky not detected >>> >>> Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. >>> >>> Regards, >>> >>> --[ UxBoD ]-- >>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >>> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >>> >>> ----- Original Message ----- >>> step 3.: "UxBoD" >>> To: mailscanner@lists.mailscanner.info >>> Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London >>> Subject: Kaspersky not detected >>> >>> Hi, >>> >>> Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- >>> >>> # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 >>> # Kaspersky 4.5 and newer >>> kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky >>> >>> and in kaspersky-wrapper it looks for :- >>> >>> Scanner=kav4fs/bin/kav4fs-kavscanner >>> >>> so on checking that :- >>> >>> [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner >>> -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner >>> >>> Any ideas ? >>> >>> Regards, >>> >>> --[ UxBoD ]-- >>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >>> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >>> >>> >>> >>> >> Jules >> >> >> > > Jules > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHgRZZEfZZRxQVtlQRAgLeAJsH2fwf71brwp5e5vw84qLpNvJZ0wCgyIvq h6MMli3jnYxbfC9n7zEGV+c= =0P6/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 6 20:31:21 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 6 21:34:47 2008 Subject: Kaspersky not detected In-Reply-To: <47811643.8050305@ecs.soton.ac.uk> Message-ID: <20568209.361199651481715.JavaMail.root@office.splatnix.net> [root@mailhub MailScanner]# /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner -v Kaspersky Anti-Virus On-Demand Scanner Linux. Version 5.7.13/RELEASE build #36, compiled Apr 19 2007, 15:47:58 Copyright (C) Kaspersky Lab, 1997-2007. # kaspersky-4.5 from www.kaspersky.com (Version 4.5 and newer) is the virus string I am using Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- step 3.: "Julian Field" To: "MailScanner discussion" Sent: 06 January 2008 17:56:19 o'clock (GMT) Europe/London Subject: Re: Kaspersky not detected -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote: > Jules, > > if you run MS as root then no problems at all, otherwise due to the permissions on /etc/opt/kaspersky/kav4fs.conf then it will fail straight away! > > The definitions upgrade script works fine as that is run via the root cron. > > Hmmm, the lint could check the conf file, but would also need to check the MS Run As parameter as you might aswell run the cache if you are just using root. > So if not running as root and kaspersky (which versions?) is installed, then we mustn't use the cache, so "Ichecker=no" must appear in the conf file, after a "[scanner,options]" line but before any other /^\[/ line. Also, if not running as root, then kav4fs.conf must be readable and /var/opt/kaspersky/kav4fs/licenses must be writable and readable. Let me know exactly what versions of kaspersky we are talking about (i.e. what "Virus Scanners =" strings), and I should be able to write all this for you. Jules. > What I have done may not be the correct or elegant way but it got it to work. Will see what comes back on the forum post, as they say the default is only run by root, so there must be a workaround. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > step 3.: "Julian Field" > To: "MailScanner discussion" > Sent: 06 January 2008 17:07:11 o'clock (GMT) Europe/London > Subject: Re: Kaspersky not detected > > > * PGP Signed by an unmatched address: 01/06/08 at 17:07:35 > > So without the changes you have suggested, what works and what doesn't? > Can we make a MailScanner --lint highlight the changes if they haven't > been done? Or can we make the -wrapper script log if it finds things not > set up the way it needs? > > UxBoD wrote: > >> Hi Jules, >> >> Okay :- >> >> 1) Yes running Postfix so in my MailScanner.conf am using Run/Group As Postfix >> 2) IChecker is basically a cache http://www.kaspersky.co.uk/faq?qid=156636746 >> 3) The license is not actually in there, but a file called appinfo.dat. This gets updated each time a user run kav4fs-kavscanner. I don't think a DDoS would get at that file to be honest. >> >> I have posted on the Kasersky forums (http://forum.kaspersky.com/index.php?showtopic=57167&st=0&gopid=518553&#entry518553) so will see if they actually reply. >> >> Regards, >> >> --[ UxBoD ]-- >> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >> >> ----- Original Message ----- >> step 3.: "Julian Field" >> To: "MailScanner discussion" >> Sent: 06 January 2008 16:35:25 o'clock (GMT) Europe/London >> Subject: Re: Kaspersky not detected >> >> >> >>> Old Signed by an unmatched address: 01/06/08 at 16:35:27 >>> >> >> UxBoD wrote: >> >> >>> Right finally got it working :) Here is the lint :- >>> >>> [root@mailhub tmp]# MailScanner --lint >>> Trying to setlogsock(unix) >>> Checking version numbers... >>> Version number in MailScanner.conf (4.67.1) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> >>> Checking for SpamAssassin errors (if you use it)... >>> SpamAssassin temp dir = /var/spool/MailScanner/spamassassin >>> SpamAssassin reported no errors. >>> MailScanner.conf says "Virus Scanners = auto" >>> Found these virus scanners installed: clamd, kaspersky-4.5, esets >>> =========================================================================== >>> =========================================================================== >>> Virus Scanner test reports: >>> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >>> Kaspersky said "/var/spool/MailScanner/incoming/28442/1/eicar.com INFECTED EICAR-Test-File" >>> esets said "Found virus Eicar test file in eicar.com" >>> >>> If any of your virus scanners (clamd,kaspersky-4.5,esets) >>> are not listed there, you should check that they are installed correctly >>> and that MailScanner is finding them correctly via its virus.scanners.conf. >>> >>> To get it to work I changed the following :- >>> >>> 1) chmod 644 /etc/opt/kaspersky/kav4fs.conf >>> >>> >>> >> I assume you are using Exim or Postfix (i.e. you aren't running >> MailScanner as root). >> >> >>> 2) Modified the above file and changed Ichecker=no under the section [scanner.options] >>> >>> >>> >> What is the Ichecker? What does this setting control, and what is the >> effect of the change? >> >> >> >>> 3) chmod -R 777 /var/opt/kaspersky/kav4fs/licenses >>> >>> >>> >> Eek, don't like that. Someone could nullify your licences which is a >> simple DoS attack on your scanner. Wouldn't a chmod a+rX >> /var/opt/kaspersky/kav4fs/licenses do the job instead? >> >> >> >>> Hope this helps. >>> >>> Regards, >>> >>> --[ UxBoD ]-- >>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >>> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >>> >>> ----- Original Message ----- >>> step 3.: "UxBoD" >>> To: "MailScanner discussion" >>> Sent: 06 January 2008 14:02:06 o'clock (GMT) Europe/London >>> Subject: Re: Kaspersky not detected >>> >>> Hmmm, okay got past the first hurdle but now it just falls in a big heap. I see from the release notes that the on demand scanner will only run as root. How stupid! Will keep ya posted as seeing what the Kaspersky forums say. >>> >>> Regards, >>> >>> --[ UxBoD ]-- >>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >>> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >>> >>> ----- Original Message ----- >>> step 3.: "UxBoD" >>> To: mailscanner@lists.mailscanner.info >>> Sent: 06 January 2008 11:56:30 o'clock (GMT) Europe/London >>> Subject: Kaspersky not detected >>> >>> Hi, >>> >>> Just trying out Kaspersky File Server and MS is not detecting it installed :( I have set virus scanners to auto in MailScanner.conf, and have updated virus.scanners.conf to the following :- >>> >>> # Kaspersky 5.5: your kaspersky-4.5 path should be /opt/kav/5.5 >>> # Kaspersky 4.5 and newer >>> kaspersky-4.5 /usr/lib/MailScanner/kaspersky-wrapper /opt/kaspersky >>> >>> and in kaspersky-wrapper it looks for :- >>> >>> Scanner=kav4fs/bin/kav4fs-kavscanner >>> >>> so on checking that :- >>> >>> [root@mailhub ~]# ls -l /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner >>> -rwxr-xr-x 1 root root 3991208 Apr 28 2007 /opt/kaspersky/kav4fs/bin/kav4fs-kavscanner >>> >>> Any ideas ? >>> >>> Regards, >>> >>> --[ UxBoD ]-- >>> // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" >>> // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B >>> // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B >>> // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net >>> >>> >>> >>> >> Jules >> >> >> > > Jules > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHgRZZEfZZRxQVtlQRAgLeAJsH2fwf71brwp5e5vw84qLpNvJZ0wCgyIvq h6MMli3jnYxbfC9n7zEGV+c= =0P6/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Mon Jan 7 09:34:05 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Jan 7 09:34:29 2008 Subject: Txt file considered as program? In-Reply-To: References: <477DA43E.2060408@indomino.net> <477DF8CD.9030800@indomino.net> Message-ID: <4781F20D.8090708@nerc.ac.uk> Scott Silva wrote: > Technically it would be a RedHat problem, because CentOS doesn't change > the magic file that RedHat ships. But many other distros would also hit > some of these. Those magic definitions are very old, and from a time > when e-mail was less in use. > Does anybody have a link to a better magic file? I take the approach of editing and formatting the magic used by file and exclude the file package from updates (exclude=file in /etc/yum.conf). It's quite a simple process - the flat file and compiled binary data are at /usr/share/file/ read the man page for file(1) for details of compiling the magic. Copy the /usr/share/file/magic to /tmp, edit to your taste and then "file -C -m /tmp/magic" to compile it. Make sure you keep a copy of your edited magic file somewhere as its really annoying when rpm overwrites it! the edits that I make are simply to comment out 5 lines that identify Apple Quicktime movie files where the first four bytes spell out a word or a start of a word (free, junk, skip, wide and pict). So far QT is the only false positive I've had to deal with but the same approach can be used for others. hth GREG > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From mi6 at orcon.net.nz Mon Jan 7 09:56:48 2008 From: mi6 at orcon.net.nz (Charlie) Date: Mon Jan 7 09:57:06 2008 Subject: cannot forward a contact from Outlook Message-ID: <02a501c85113$a03b52d0$0200a8c0@CharlieCompaq> Hi, I have a problem with Mailscanner (and so does one of my clients). Whenever I try to forward a contact in Outlook 2003 through my SMTP server with Mailscanner turned on, the recipient instead receives a file called 'Untitled Attachment.dat'. This is the way that I am forwarding a contact: Contacts Open specific contact Actions Forward This method works when I use another SMTP server that doesn't have Mailscanner turned on. Please can someone help me on this? Thanks From devonharding at gmail.com Mon Jan 7 12:43:53 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jan 7 12:44:02 2008 Subject: Listen on different port Message-ID: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> My ISP (Comcast) has decided to start blocking port 25. I'm using easydns and it allows me to forward emails to ports other than port 25. How do I configure Mailscanner to listen on ports other/in addition to 25? Thanks, -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/775febe1/attachment.html From uxbod at splatnix.net Mon Jan 7 12:50:14 2008 From: uxbod at splatnix.net (UxBoD) Date: Mon Jan 7 12:50:43 2008 Subject: Listen on different port In-Reply-To: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> Message-ID: <29061548.1171199710214117.JavaMail.root@office.splatnix.net> It would be your MTA that needs to be configured on another port. What are you using ? Sendmail/Postfix/Exim. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Devon Harding" To: "MailScanner discussion" Sent: 07 January 2008 12:43:53 o'clock (GMT) Europe/London Subject: Listen on different port My ISP (Comcast) has decided to start blocking port 25. I'm using easydns and it allows me to forward emails to ports other than port 25. How do I configure Mailscanner to listen on ports other/in addition to 25? Thanks, -Devon -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From telecaadmin at gmail.com Mon Jan 7 12:57:49 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jan 7 12:57:58 2008 Subject: Listen on different port In-Reply-To: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> Message-ID: <478221CD.8040505@gmail.com> > My ISP (Comcast) has decided to start blocking port 25. I'm using > easydns and it allows me to forward emails to ports other than port 25. > How do I configure Mailscanner to listen on ports other/in addition to 25? Rightfully so! Dialups should NEVER EVER do SMTP directly. This is just asking for trouble. Why not use the SMTP of your provider (either ISP or eMail provider) as upsteam-SMTP-relay? Cheers, Ronny From Hostmaster at computerservicecentre.com Mon Jan 7 13:03:48 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Mon Jan 7 13:04:00 2008 Subject: Centos 5 with Perl 5.10.0 ConfigDefs.pl "strict refs" error Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A35471F@commssrv01.computerservicecentre.com> Hi MailScanner users, I have a fresh-built Centos 5 box, on which I have compiled Perl 5.10.0 from source, and MailScanner 4.66.5 installed from RPM. Perl was upgraded after MailScanner was installed. I know RPM should be an "all or nothing" decision The problem I have is that I noticed that the processes MailScanner was forking when starting where dying instantly, and when running MailScanner --lint, it dies with the error: "Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while "strict refs" in use at /usr/sbin/MailScanner line 441." "/var/spool/mqueue.in" is not my incoming directory, "/var/spool/exim.in" is, and the mqueue.in directory does not exist. The correct incoming directory is set in /etc/MailScanner/MailScanner.conf. Using "locate MailScanner |xargs grep "mqueue.in" and some luck, I managed to find that the mqueue reference was coming from "/usr/lib/MailScanner/MailScanner/ConfigDefs.pl", so I hacked the "inqueuedir" variable to point at the correct directory, but it doesn't change the error, apart from the path within string(). My first thought was a missing perlmod dependency for MailScanner after the upgrade of Perl, however MailScanner -v shows: This is CentOS release 5 (Final) This is Perl version 5.010000 (5.10.0) This is MailScanner version 4.66.5 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 1.08 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.01 DirHandle 1.06 Fcntl 2.76 File::Basename 2.11 File::Copy 2.01 FileHandle 2.04 File::Path 0.20 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23_01 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.88 Math::BigInt 3.07_01 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.13 POSIX 1.19 Scalar::Util 1.80 Socket 1.4 Sys::Hostname::Long 0.24 Sys::Syslog 1.9711 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.22 bignum 2.03 Business::ISBN 1.17 Business::ISBN::Data 0.17 Convert::TNEF 1.08 Data::Dump 1.816_1 DB_File 1.14 DBD::SQLite 1.601 DBI 1.15 Digest 1.01 Digest::HMAC 2.36_01 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17011 Error 0.21 ExtUtils::CBuilder 2.18_02 ExtUtils::ParseXS 0.44 Inline 1.08 IO::String 1.07 IO::Zlib 2.23 IP::Country missing Mail::ClamAV 3.002003 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.21 Math::BigRat 0.280801 Module::Build 0.20 Net::CIDR::Lite 0.62 Net::DNS v0.003 Net::DNS::Resolver::Programmable missing Net::LDAP 4.007 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 3.06 Test::Harness 1.22 Test::Manifest 2.0.0 Text::Balanced 1.35 URI 0.74 version 0.66 YAML And running MailScanner in debug mode shows: In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Can't use string ("/var/spool/exim.in") as an ARRAY ref while "strict refs" in use at /usr/sbin/MailScanner line 1385. An strace of MailScanner while in debug mode shows the error: "open("/root/.spamassassin/auto-whitelist.lock.mailscannerdevel.local.22409", O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0700) = 9 ioctl(9, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbff8cd58) = -1 ENOTTY (Inappropriate ioctl for device)" before it dies and writes out the error about line 1385, however I am not sure what this means or even if it is relevant, and the references I can find for "perl +'Inappropriate ioctl for device'" on the web don't really help. Locking method in the MailScanner.conf is set to posix, as Exim is in use. Perl was built to use perlio method for locks. I'm wondering whether the Filesys module is doing or expecting something which MailScanner can't/isn't handle/ing? Any hints would be greatly appreciated, but if the answer is "don't use perl 5.10.0 yet" or "you must have screwed up your compile of perl", that's fine I'll roll back, but I am keen to try and fix this problem, as the reason for the upgrade was to see whether the perl core improvements in 5.10.0 made much of a difference to MailScanner performance in comparison to our live boxes running 5.8.0. Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/11217075/attachment.html From MailScanner at ecs.soton.ac.uk Mon Jan 7 13:49:34 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 7 13:49:55 2008 Subject: Centos 5 with Perl 5.10.0 ConfigDefs.pl "strict refs" error In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2A35471F@commssrv01.computerservicecentre.com> References: <3D9C92F3075F5144B46AA2C590F48E2A35471F@commssrv01.computerservicecentre.com> Message-ID: <47822DEE.70801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To let you know the official answer, I haven't played with Perl 5.10 at all yet, so it is officially totally unsupported. Sorry. I'll have a go when I get time. Has anyone got any RPMs of Perl 5.10 out yet? Hostmaster wrote: > > Hi MailScanner users, > > I have a fresh-built Centos 5 box, on which I have compiled Perl > 5.10.0 from source, and MailScanner 4.66.5 installed from RPM. Perl > was upgraded after MailScanner was installed. I know RPM should be an > ?all or nothing? decision > > The problem I have is that I noticed that the processes MailScanner > was forking when starting where dying instantly, and when running > MailScanner --lint, it dies with the error: > > ?Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while > "strict refs" in use at /usr/sbin/MailScanner line 441.? > > ?/var/spool/mqueue.in? is not my incoming directory, > ?/var/spool/exim.in? is, and the mqueue.in directory does not exist. > The correct incoming directory is set in > /etc/MailScanner/MailScanner.conf. > > Using ?locate MailScanner |xargs grep ?mqueue.in? and some luck, I > managed to find that the mqueue reference was coming from > ?/usr/lib/MailScanner/MailScanner/ConfigDefs.pl?, so I hacked the > ?inqueuedir? variable to point at the correct directory, but it > doesn?t change the error, apart from the path within string(). > > My first thought was a missing perlmod dependency for MailScanner > after the upgrade of Perl, however MailScanner -v shows: > > This is CentOS release 5 (Final) > > This is Perl version 5.010000 (5.10.0) > > This is MailScanner version 4.66.5 > > Module versions are: > > 1.00 AnyDBM_File > > 1.23 Archive::Zip > > 1.08 Carp > > 1.119 Convert::BinHex > > 2.27 Date::Parse > > 1.01 DirHandle > > 1.06 Fcntl > > 2.76 File::Basename > > 2.11 File::Copy > > 2.01 FileHandle > > 2.04 File::Path > > 0.20 File::Temp > > 0.92 Filesys::Df > > 1.35 HTML::Entities > > 3.56 HTML::Parser > > 2.37 HTML::TokeParser > > 1.23_01 IO > > 1.14 IO::File > > 1.13 IO::Pipe > > 2.02 Mail::Header > > 1.88 Math::BigInt > > 3.07_01 MIME::Base64 > > 5.425 MIME::Decoder > > 5.425 MIME::Decoder::UU > > 5.425 MIME::Head > > 5.425 MIME::Parser > > 3.07 MIME::QuotedPrint > > 5.425 MIME::Tools > > 0.11 Net::CIDR > > 1.13 POSIX > > 1.19 Scalar::Util > > 1.80 Socket > > 1.4 Sys::Hostname::Long > > 0.24 Sys::Syslog > > 1.9711 Time::HiRes > > 1.02 Time::localtime > > Optional module versions are: > > 1.38 Archive::Tar > > 0.22 bignum > > 2.03 Business::ISBN > > 1.17 Business::ISBN::Data > > 0.17 Convert::TNEF > > 1.08 Data::Dump > > 1.816_1 DB_File > > 1.14 DBD::SQLite > > 1.601 DBI > > 1.15 Digest > > 1.01 Digest::HMAC > > 2.36_01 Digest::MD5 > > 2.11 Digest::SHA1 > > 1.00 Encode::Detect > > 0.17011 Error > > 0.21 ExtUtils::CBuilder > > 2.18_02 ExtUtils::ParseXS > > 0.44 Inline > > 1.08 IO::String > > 1.07 IO::Zlib > > 2.23 IP::Country > > missing Mail::ClamAV > > 3.002003 Mail::SpamAssassin > > v2.005 Mail::SPF > > 1.999001 Mail::SPF::Query > > 0.21 Math::BigRat > > 0.280801 Module::Build > > 0.20 Net::CIDR::Lite > > 0.62 Net::DNS > > v0.003 Net::DNS::Resolver::Programmable > > missing Net::LDAP > > 4.007 NetAddr::IP > > 1.94 Parse::RecDescent > > missing SAVI > > 3.06 Test::Harness > > 1.22 Test::Manifest > > 2.0.0 Text::Balanced > > 1.35 URI > > 0.74 version > > 0.66 YAML > > And running MailScanner in debug mode shows: > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Can't use string ("/var/spool/exim.in") as an ARRAY ref while "strict > refs" in use at /usr/sbin/MailScanner line 1385. > > An strace of MailScanner while in debug mode shows the error: > > ?open("/root/.spamassassin/auto-whitelist.lock.mailscannerdevel.local.22409", > O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0700) = 9 > > ioctl(9, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbff8cd58) = -1 ENOTTY > (Inappropriate ioctl for device)? > > before it dies and writes out the error about line 1385, however I am > not sure what this means or even if it is relevant, and the references > I can find for ?perl +?Inappropriate ioctl for device?? on the web > don?t really help. Locking method in the MailScanner.conf is set to > posix, as Exim is in use. Perl was built to use perlio method for > locks. I?m wondering whether the Filesys module is doing or expecting > something which MailScanner can?t/isn?t handle/ing? > > Any hints would be greatly appreciated, but if the answer is ?don?t > use perl 5.10.0 yet? or ?you must have screwed up your compile of > perl?, that?s fine I?ll roll back, but I am keen to try and fix this > problem, as the reason for the upgrade was to see whether the perl > core improvements in 5.10.0 made much of a difference to MailScanner > performance in comparison to our live boxes running 5.8.0. > > Best Regards, > > Richard Garner (A+, N+, AMBCS, MOS-O) > > All E-Mail communications are monitored in addition to being content > checked for malicious codes or viruses. The success of scanning > products is not guaranteed, therefore the recipient(s) should carry > out any checks that they believe to be appropriate in this respect. > This message (including any attachments and/or related materials) is > confidential to and is the property of Computer Service Centre, unless > otherwise noted. If you are not the intended recipient, you should > delete this message and are hereby notified that any disclosure, > copying, or distribution of this message, or the taking of any action > based on it, is strictly prohibited. > Any views or opinions presented are solely those of the author and do > not necessarily represent those of Computer Service Centre. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: windows-1252 wj8DBQFHgi3vEfZZRxQVtlQRAlXxAKCHB1KobDmZn1wmdRkW4TSmUaKhSwCcDVlL x9XqJilwHwfSzx2AVTelaLc= =/ehN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Mon Jan 7 13:56:31 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jan 7 13:56:43 2008 Subject: Outgoing Sendmail In-Reply-To: <478221CD.8040505@gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> Message-ID: <47822F8F.6020106@farrows.org> Hi There, I am running Mailscanner on Centos 4.6 and have several sendmail Milters installed, which are processed prior to MailScanner grabbing the mail, i.e. on the inbound sendmail daemon. These are configured in the usual wat in /etc/mail on Centos. The /etc/mail/mailertable is used by the outgoing daemon to forward on I note. However I would like to know if I can apply a milter just to the outgoing Sendmail daemon and what I might need to do to make this happen. Particular interest is in the SM-Archive milter which I want to apply on the outbound queue so I can archive emails that get processed out going... rather than taking archive copies before Mailscanner does its stuff which therefore means archiving spam and viruses as well! Regards Pete From alex at nkpanama.com Mon Jan 7 13:58:19 2008 From: alex at nkpanama.com (Alex Neuman) Date: Mon Jan 7 13:58:41 2008 Subject: cannot forward a contact from Outlook In-Reply-To: <02a501c85113$a03b52d0$0200a8c0@CharlieCompaq> References: <02a501c85113$a03b52d0$0200a8c0@CharlieCompaq> Message-ID: <49EA3959-90A1-4765-B26E-6AC3427CE574@nkpanama.com> What TNEF-related options do you have turned on? On Jan 7, 2008, at 4:56 AM, Charlie wrote: > I have a problem with Mailscanner (and so does one of my clients). > Whenever I try to forward a contact in Outlook 2003 through my SMTP > server with Mailscanner turned on, the recipient instead receives a > file called > 'Untitled Attachment.dat'. From peter at farrows.org Mon Jan 7 13:59:52 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jan 7 14:00:01 2008 Subject: Listen on different port In-Reply-To: <478221CD.8040505@gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> Message-ID: <47823058.1090708@farrows.org> Ronny T. Lampert wrote: >> My ISP (Comcast) has decided to start blocking port 25. I'm using >> easydns and it allows me to forward emails to ports other than port >> 25. How do I configure Mailscanner to listen on ports other/in >> addition to 25? > > Rightfully so! Dialups should NEVER EVER do SMTP directly. This is > just asking for trouble. > > Why not use the SMTP of your provider (either ISP or eMail provider) > as upsteam-SMTP-relay? > > Cheers, > Ronny > If you are using sendmail, in /etc/mail/sendmail.cf you will see a line like this: O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA Change the port (and ip if required) to suit your needs and restart MS (sendmail) The best way to do this is modify your sendmail.mc file and remake the sendmail.cf file with the make command (on RH and equivalent distros). You will see a line like this in sendmail.mc: DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl Modify as you need it... Regards Pete From devonharding at gmail.com Mon Jan 7 14:14:08 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jan 7 14:14:17 2008 Subject: Listen on different port In-Reply-To: <47823058.1090708@farrows.org> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> Message-ID: <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> If you are using sendmail, in /etc/mail/sendmail.cf you will see a line > like this: > > O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA > > Change the port (and ip if required) to suit your needs and restart MS > (sendmail) > > The best way to do this is modify your sendmail.mc file and remake the > sendmail.cf file with the make command (on RH and equivalent distros). > > You will see a line like this in sendmail.mc: > > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > > Modify as you need it... > I am using sendmail. Can I have this listen on multiple ports? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/c89d7653/attachment.html From peter at farrows.org Mon Jan 7 14:19:36 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jan 7 14:19:47 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> Message-ID: <478234F8.5090509@farrows.org> No, you'll have to run multiple daemons to do that... P. Devon Harding wrote: > > > If you are using sendmail, in /etc/mail/sendmail.cf you will see a > line > like this: > > O DaemonPortOptions=Port=smtp,Addr=*MailScanner warning: numerical > links are often malicious:* 127.0.0.1 , Name=MTA > > Change the port (and ip if required) to suit your needs and restart MS > (sendmail) > > The best way to do this is modify your sendmail.mc > file and remake the > sendmail.cf file with the make command (on RH > and equivalent distros). > > You will see a line like this in sendmail.mc : > > DAEMON_OPTIONS(`Port=smtp,Addr=*MailScanner warning: numerical > links are often malicious:* 127.0.0.1 , > Name=MTA')dnl > > Modify as you need it... > > > > I am using sendmail. Can I have this listen on multiple ports? > > -Devon > > -- > This message has been scanned for viruses and > dangerous content by the *Enhancion* > system scanner, > and is believed to be clean. From devonharding at gmail.com Mon Jan 7 14:37:01 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jan 7 14:37:09 2008 Subject: Listen on different port In-Reply-To: <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> Message-ID: <2baac6140801070637o7169fffcgb13e4daa1b9c75c0@mail.gmail.com> > > > > You will see a line like this in sendmail.mc: > > > > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl > > > > Modify as you need it... > > > > > I am using sendmail. Can I have this listen on multiple ports? Ok, I did get it to work by added the following to the end of my sendmail.mc then did a 'make sendmail.cf'. the issue I'm having now is the mail seems to go through unscanned by MailScanner. -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/d0035441/attachment.html From mi6 at orcon.net.nz Mon Jan 7 14:38:01 2008 From: mi6 at orcon.net.nz (Charlie) Date: Mon Jan 7 14:38:17 2008 Subject: cannot forward a contact from Outlook References: <02a501c85113$a03b52d0$0200a8c0@CharlieCompaq> <49EA3959-90A1-4765-B26E-6AC3427CE574@nkpanama.com> Message-ID: <031101c8513a$e9447570$0200a8c0@CharlieCompaq> Do you mean which TNEF-related options in MailScanner configuration? If so, these are the TNEF settings I see: Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 TNEF Timeout = 120 ----- Original Message ----- From: "Alex Neuman" To: "MailScanner discussion" Sent: Tuesday, January 08, 2008 12:58 AM Subject: Re: cannot forward a contact from Outlook > What TNEF-related options do you have turned on? > > On Jan 7, 2008, at 4:56 AM, Charlie wrote: > >> I have a problem with Mailscanner (and so does one of my clients). >> Whenever I try to forward a contact in Outlook 2003 through my SMTP >> server with Mailscanner turned on, the recipient instead receives a file >> called >> 'Untitled Attachment.dat'. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From peter at farrows.org Mon Jan 7 14:38:18 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Jan 7 14:38:31 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> Message-ID: <4782395A.3090909@farrows.org> Devon Harding wrote: > > > If you are using sendmail, in /etc/mail/sendmail.cf you will see a > line > like this: > > O DaemonPortOptions=Port=smtp,Addr=*MailScanner warning: numerical > links are often malicious:* 127.0.0.1 , Name=MTA > > Change the port (and ip if required) to suit your needs and restart MS > (sendmail) > > The best way to do this is modify your sendmail.mc > file and remake the > sendmail.cf file with the make command (on RH > and equivalent distros). > > You will see a line like this in sendmail.mc : > > DAEMON_OPTIONS(`Port=smtp,Addr=*MailScanner warning: numerical > links are often malicious:* 127.0.0.1 , > Name=MTA')dnl > > Modify as you need it... > > > > I am using sendmail. Can I have this listen on multiple ports? > > -Devon > > -- > This message has been scanned for viruses and > dangerous content by the *Enhancion* > system scanner, > and is believed to be clean. I take my last comment back, I reckon yu can listen on multiple ports, by adding more lines in sendmail.mc as above... I found this: http://news.umailcampaign.com/message/87252.aspx Regards Pete From alex at nkpanama.com Mon Jan 7 14:49:26 2008 From: alex at nkpanama.com (Alex Neuman) Date: Mon Jan 7 14:49:49 2008 Subject: cannot forward a contact from Outlook In-Reply-To: <031101c8513a$e9447570$0200a8c0@CharlieCompaq> References: <02a501c85113$a03b52d0$0200a8c0@CharlieCompaq> <49EA3959-90A1-4765-B26E-6AC3427CE574@nkpanama.com> <031101c8513a$e9447570$0200a8c0@CharlieCompaq> Message-ID: <4510D5D8-2B59-44D1-B616-83150304CBD3@nkpanama.com> If you put "expand tnef = no" or otherwise tell MailScanner not to do anything with TNEF, does it help? Do you use "rich text format" instead of HTML for your e-mails? Is Exchange set up to mangle stuff in any way? On Jan 7, 2008, at 9:38 AM, Charlie wrote: > Do you mean which TNEF-related options in MailScanner configuration? > If so, these are the TNEF settings I see: > > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = yes > TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 > TNEF Timeout = 120 From jnsmith at chaucergroup.com Mon Jan 7 14:52:39 2008 From: jnsmith at chaucergroup.com (James N. Smith) Date: Mon Jan 7 14:52:57 2008 Subject: cannot forward a contact from Outlook In-Reply-To: <031101c8513a$e9447570$0200a8c0@CharlieCompaq> Message-ID: <004601c8513c$f2cae550$6d32a8c0@leschwartz.net> Do you mean which TNEF-related options in MailScanner configuration? If so, these are the TNEF settings I see: Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = yes TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 TNEF Timeout = 120 I corrected the same problem you are having by changing the "replace" to "no". James N. Smith, MBA, MCSE Vice President / Information Systems Consultant Chaucer Group, Inc. jnsmith@chaucergroup.com From gerard at seibercom.net Mon Jan 7 14:55:21 2008 From: gerard at seibercom.net (Gerard) Date: Mon Jan 7 14:55:46 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <478234F8.5090509@farrows.org> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> Message-ID: <20080107095521.7631c27c@scorpio> On Mon, 07 Jan 2008 14:19:36 +0000 Peter Farrow wrote: [snip] > > I am using sendmail. Can I have this listen on multiple ports? > > > > -Devon > No, > > you'll have to run multiple daemons to do that... > > P. Hi, I don't use Sendmail since I prefer Postfix; however, I believe that the above is incorrect. Please check out this URL: http://www.sendmail.org/~gshapiro/8.10.Training/DaemonPortOptions.html I also attempted to reorganize this post so that it is easier to follow. "Top Posting" really makes following a thread a lot harder than necessary. -- Gerard gerard@seibercom.net Hand, n.: A singular instrument worn at the end of a human arm and commonly thrust into somebody's pocket. Ambrose Bierce, "The Devil's Dictionary" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/9505f859/signature.bin From hvdkooij at vanderkooij.org Mon Jan 7 15:18:23 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 7 15:19:01 2008 Subject: Listen on different port In-Reply-To: <478221CD.8040505@gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> Message-ID: <478242BF.6060800@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ronny T. Lampert wrote: |> My ISP (Comcast) has decided to start blocking port 25. I'm using |> easydns and it allows me to forward emails to ports other than port |> 25. How do I configure Mailscanner to listen on ports other/in |> addition to 25? | | Rightfully so! Dialups should NEVER EVER do SMTP directly. This is just | asking for trouble. | | Why not use the SMTP of your provider (either ISP or eMail provider) as | upsteam-SMTP-relay? Frankly. The major issue is not that they should not receive email with SMTP but that they should not have SMTP access to the rest of the world without restrictions. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHgkK7BvzDRVjxmYERApImAJ0VwM61a7MaMBVuk4O1OMs+lzrudwCdFksS R9cu6rDAHz63zcQiuORT6LE= =D9Dp -----END PGP SIGNATURE----- From telecaadmin at gmail.com Mon Jan 7 15:21:07 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jan 7 15:21:19 2008 Subject: Rules for Fraud detection Message-ID: <47824363.9000208@gmail.com> Hi, how exactly do the fules for the Fraud/Phishing work? Find Phishing Fraud = Also Find Numeric Phishing = 1) What kind of keywords are available, and on what part of the message do they operate? 2) Can they operate on the VALUE of the possible fraud? Thanks, Ronny From devonharding at gmail.com Mon Jan 7 15:24:59 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jan 7 15:25:07 2008 Subject: Listen on different port In-Reply-To: <478242BF.6060800@vanderkooij.org> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <478242BF.6060800@vanderkooij.org> Message-ID: <2baac6140801070724k37880df4wb5e9ff35e5d06590@mail.gmail.com> Hmm.... Some issue here. It seems that when I add both ports and restart sendmail, I can see both of them. But when sendmail is started through MailScanner, only port 25 is listening. Here is my sendmail.mc: DAEMON_OPTIONS(`name=MTA,port=25') DAEMON_OPTIONS(`name=smtp-2500,port=2500') Any Idea why MailScanner only starts one port? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/03937aff/attachment.html From devonharding at gmail.com Mon Jan 7 15:31:19 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jan 7 15:31:27 2008 Subject: Listen on different port In-Reply-To: <2baac6140801070724k37880df4wb5e9ff35e5d06590@mail.gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <478242BF.6060800@vanderkooij.org> <2baac6140801070724k37880df4wb5e9ff35e5d06590@mail.gmail.com> Message-ID: <2baac6140801070731y7da2dd03qeeca85325cfff3a5@mail.gmail.com> On Jan 7, 2008 10:24 AM, Devon Harding wrote: > Hmm.... Some issue here. It seems that when I add both ports and restart > sendmail, I can see both of them. But when sendmail is started through > MailScanner, only port 25 is listening. Here is my sendmail.mc: > > DAEMON_OPTIONS(`name=MTA,port=25') > DAEMON_OPTIONS(`name=smtp-2500,port=2500') > > Any Idea why MailScanner only starts one port? > > Also noticed this in the /var/log/maillog: Jan 7 10:28:40 mars MailScanner[5638]: Config: calling custom end function SQLWhitelist Jan 7 10:28:40 mars MailScanner[5638]: Closing down by-domain spam whitelist Jan 7 10:28:44 mars sendmail[5612]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use Jan 7 10:28:44 mars sendmail[5612]: daemon MTA: problem creating SMTP socket Jan 7 10:29:24 mars sendmail[5806]: alias database /etc/aliases rebuilt by root Jan 7 10:29:24 mars sendmail[5806]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/ac299f61/attachment.html From martinh at solidstatelogic.com Mon Jan 7 15:31:18 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jan 7 15:32:51 2008 Subject: Rules for Fraud detection In-Reply-To: <47824363.9000208@gmail.com> Message-ID: <760c0dbe1baefd4982abd098b89ac9c9@solidstatelogic.com> Ronny See http://www.phishingnet.info/ -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert > Sent: 07 January 2008 15:21 > To: MailScanner discussion > Subject: Rules for Fraud detection > > Hi, > > how exactly do the fules for the Fraud/Phishing work? > > Find Phishing Fraud = > Also Find Numeric Phishing = > > > 1) What kind of keywords are available, and on what part of the message > do they operate? > > 2) Can they operate on the VALUE of the possible fraud? > > > Thanks, > Ronny > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Jan 7 15:33:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 7 15:34:17 2008 Subject: Rules for Fraud detection In-Reply-To: <47824363.9000208@gmail.com> References: <47824363.9000208@gmail.com> Message-ID: <47824660.4030401@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ronny T. Lampert wrote: > Hi, > > how exactly do the fules for the Fraud/Phishing work? > > Find Phishing Fraud = > Also Find Numeric Phishing = They are "yes" or "no" settings, in which you can also use a ruleset so that they are applied to some messages but not others. > > > > 1) What kind of keywords are available, and on what part of the > message do they operate? > > 2) Can they operate on the VALUE of the possible fraud? See www.phishingnet.info for a brief description of basically how they work. > > > Thanks, > Ronny Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHgkZgEfZZRxQVtlQRAvZzAJ9dtEjvEC61hK+V9N/xzDwH2fS08QCg2NNU E7B0zpZd99PMsM7dGk7zlkg= =GdMX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Mon Jan 7 15:36:10 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Jan 7 15:36:34 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <20080107095521.7631c27c@scorpio> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> Message-ID: <200801071536.m07FaLGC017964@mxt.1bigthink.com> Hello, I use the following in my sendmail.mc. Port 587 is a standard use port defined in /etc/services and has really come in handy for roaming users. Many hotel Internet access points block port 25! I also do SMTPS with a self-signed cert. dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl At 09:55 AM 1/7/2008, you wrote: >On Mon, 07 Jan 2008 14:19:36 +0000 >Peter Farrow wrote: > >[snip] > > > > I am using sendmail. Can I have this listen on multiple ports? > > > > > > -Devon > > No, > > > > you'll have to run multiple daemons to do that... > > > > P. > >Hi, I don't use Sendmail since I prefer Postfix; however, I believe >that the above is incorrect. Please check out this URL: > >http://www.sendmail.org/~gshapiro/8.10.Training/DaemonPortOptions.html > >I also attempted to reorganize this post so that it is easier to follow. >"Top Posting" really makes following a thread a lot harder than >necessary. > >-- > >Gerard >gerard@seibercom.net > >Hand, n.: > > A singular instrument worn at the end of a human arm and > commonly thrust into somebody's pocket. > > Ambrose Bierce, "The Devil's Dictionary" > > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Mon Jan 7 15:48:00 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jan 7 15:48:09 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <200801071536.m07FaLGC017964@mxt.1bigthink.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> Message-ID: <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> On Jan 7, 2008 10:36 AM, dnsadmin 1bigthink.com wrote: > Hello, > > I use the following in my sendmail.mc. Port 587 is a standard use > port defined in /etc/services and has really come in handy for > roaming users. Many hotel Internet access points block port 25! > > I also do SMTPS with a self-signed cert. > > dnl # The following causes sendmail to only listen on the IPv4 loopback > address > dnl # 127.0.0.1 and not on any other network devices. Remove the loopback > dnl # address restriction to accept email from the internet or intranet. > dnl # > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > dnl # > dnl # The following causes sendmail to additionally listen to port 587 for > dnl # mail from MUAs that authenticate. Roaming users who can't reach > their > dnl # preferred sendmail daemon due to port 25 being blocked or redirected > find > dnl # this useful. > dnl # > DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl > dnl # > dnl # The following causes sendmail to additionally listen to port 465, > but > dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 > followed > dnl # by STARTTLS is preferred, but roaming clients using Outlook Express > can't > dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use > STARTTLS > dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses > smtps > dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1 > . > dnl # > dnl # For this to work your OpenSSL certificates must be configured. > dnl # > DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > > > At 09:55 AM 1/7/2008, you wrote: > > >On Mon, 07 Jan 2008 14:19:36 +0000 > >Peter Farrow wrote: > > > >[snip] > > > > > > I am using sendmail. Can I have this listen on multiple ports? > > > > > > > > -Devon > > > No, > > > > > > you'll have to run multiple daemons to do that... > > > > > > P. > > > >Hi, I don't use Sendmail since I prefer Postfix; however, I believe > >that the above is incorrect. Please check out this URL: > > > >http://www.sendmail.org/~gshapiro/8.10.Training/DaemonPortOptions.html > > > >I also attempted to reorganize this post so that it is easier to follow. > >"Top Posting" really makes following a thread a lot harder than > >necessary. > > > >-- > > > >Gerard > >gerard@seibercom.net > > > >Hand, n.: > > > > A singular instrument worn at the end of a human arm and > > commonly thrust into somebody's pocket. > > Will it also accept mail on port 587 or is it just for submission? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/25a1c2e4/attachment.html From Hostmaster at computerservicecentre.com Mon Jan 7 15:55:33 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Mon Jan 7 15:55:45 2008 Subject: Centos 5 with Perl 5.10.0 ConfigDefs.pl "strict refs" error Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A354728@commssrv01.computerservicecentre.com> Hi Jules, I had hoped you might reply J I searched high and low for a perl-5.10 rpm, and none of my usual packagers or package searchers (rpmforge, pbone) turned anything up. The only place I have come close is Openpkg (http://www.openpkg.org/product/packages/?package=perl), but this is an src and spec, so I resorted to a source compile. I guess 5.10 is just too new! I followed the recommendations of http://mailman.theapt.org/pipermail/openbsd-newbies/2003-October/002021.html for my source compile, and all I needed to do was change a few paths during the configure to keep the compile consistent with the paths for perl from the shipped copy from upstream. Richard -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To let you know the official answer, I haven't played with Perl 5.10 at all yet, so it is officially totally unsupported. Sorry. I'll have a go when I get time. Has anyone got any RPMs of Perl 5.10 out yet? Hostmaster wrote: > > Hi MailScanner users, > > I have a fresh-built Centos 5 box, on which I have compiled Perl > 5.10.0 from source, and MailScanner 4.66.5 installed from RPM. Perl > was upgraded after MailScanner was installed. I know RPM should be an > "all or nothing" decision > > The problem I have is that I noticed that the processes MailScanner > was forking when starting where dying instantly, and when running > MailScanner --lint, it dies with the error: > > "Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while > "strict refs" in use at /usr/sbin/MailScanner line 441." > > "/var/spool/mqueue.in" is not my incoming directory, > "/var/spool/exim.in" is, and the mqueue.in directory does not exist. > The correct incoming directory is set in > /etc/MailScanner/MailScanner.conf. > > Using "locate MailScanner |xargs grep "mqueue.in" and some luck, I > managed to find that the mqueue reference was coming from > "/usr/lib/MailScanner/MailScanner/ConfigDefs.pl", so I hacked the > "inqueuedir" variable to point at the correct directory, but it > doesn't change the error, apart from the path within string(). > > My first thought was a missing perlmod dependency for MailScanner > after the upgrade of Perl, however MailScanner -v shows: > > This is CentOS release 5 (Final) > > This is Perl version 5.010000 (5.10.0) > > This is MailScanner version 4.66.5 > > Module versions are: > > 1.00 AnyDBM_File > > 1.23 Archive::Zip > > 1.08 Carp > > 1.119 Convert::BinHex > > 2.27 Date::Parse > > 1.01 DirHandle > > 1.06 Fcntl > > 2.76 File::Basename > > 2.11 File::Copy > > 2.01 FileHandle > > 2.04 File::Path > > 0.20 File::Temp > > 0.92 Filesys::Df > > 1.35 HTML::Entities > > 3.56 HTML::Parser > > 2.37 HTML::TokeParser > > 1.23_01 IO > > 1.14 IO::File > > 1.13 IO::Pipe > > 2.02 Mail::Header > > 1.88 Math::BigInt > > 3.07_01 MIME::Base64 > > 5.425 MIME::Decoder > > 5.425 MIME::Decoder::UU > > 5.425 MIME::Head > > 5.425 MIME::Parser > > 3.07 MIME::QuotedPrint > > 5.425 MIME::Tools > > 0.11 Net::CIDR > > 1.13 POSIX > > 1.19 Scalar::Util > > 1.80 Socket > > 1.4 Sys::Hostname::Long > > 0.24 Sys::Syslog > > 1.9711 Time::HiRes > > 1.02 Time::localtime > > Optional module versions are: > > 1.38 Archive::Tar > > 0.22 bignum > > 2.03 Business::ISBN > > 1.17 Business::ISBN::Data > > 0.17 Convert::TNEF > > 1.08 Data::Dump > > 1.816_1 DB_File > > 1.14 DBD::SQLite > > 1.601 DBI > > 1.15 Digest > > 1.01 Digest::HMAC > > 2.36_01 Digest::MD5 > > 2.11 Digest::SHA1 > > 1.00 Encode::Detect > > 0.17011 Error > > 0.21 ExtUtils::CBuilder > > 2.18_02 ExtUtils::ParseXS > > 0.44 Inline > > 1.08 IO::String > > 1.07 IO::Zlib > > 2.23 IP::Country > > missing Mail::ClamAV > > 3.002003 Mail::SpamAssassin > > v2.005 Mail::SPF > > 1.999001 Mail::SPF::Query > > 0.21 Math::BigRat > > 0.280801 Module::Build > > 0.20 Net::CIDR::Lite > > 0.62 Net::DNS > > v0.003 Net::DNS::Resolver::Programmable > > missing Net::LDAP > > 4.007 NetAddr::IP > > 1.94 Parse::RecDescent > > missing SAVI > > 3.06 Test::Harness > > 1.22 Test::Manifest > > 2.0.0 Text::Balanced > > 1.35 URI > > 0.74 version > > 0.66 YAML > > And running MailScanner in debug mode shows: > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > Can't use string ("/var/spool/exim.in") as an ARRAY ref while "strict > refs" in use at /usr/sbin/MailScanner line 1385. > > An strace of MailScanner while in debug mode shows the error: > > "open("/root/.spamassassin/auto-whitelist.lock.mailscannerdevel.local.22409", > O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE, 0700) = 9 > > ioctl(9, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbff8cd58) = -1 ENOTTY > (Inappropriate ioctl for device)" > > before it dies and writes out the error about line 1385, however I am > not sure what this means or even if it is relevant, and the references > I can find for "perl +'Inappropriate ioctl for device'" on the web > don't really help. Locking method in the MailScanner.conf is set to > posix, as Exim is in use. Perl was built to use perlio method for > locks. I'm wondering whether the Filesys module is doing or expecting > something which MailScanner can't/isn't handle/ing? > > Any hints would be greatly appreciated, but if the answer is "don't > use perl 5.10.0 yet" or "you must have screwed up your compile of > perl", that's fine I'll roll back, but I am keen to try and fix this > problem, as the reason for the upgrade was to see whether the perl > core improvements in 5.10.0 made much of a difference to MailScanner > performance in comparison to our live boxes running 5.8.0. > > Best Regards, > > Richard Garner (A+, N+, AMBCS, MOS-O) > > All E-Mail communications are monitored in addition to being content > checked for malicious codes or viruses. The success of scanning > products is not guaranteed, therefore the recipient(s) should carry > out any checks that they believe to be appropriate in this respect. > This message (including any attachments and/or related materials) is > confidential to and is the property of Computer Service Centre, unless > otherwise noted. If you are not the intended recipient, you should > delete this message and are hereby notified that any disclosure, > copying, or distribution of this message, or the taking of any action > based on it, is strictly prohibited. > Any views or opinions presented are solely those of the author and do > not necessarily represent those of Computer Service Centre. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: windows-1252 wj8DBQFHgi3vEfZZRxQVtlQRAlXxAKCHB1KobDmZn1wmdRkW4TSmUaKhSwCcDVlL x9XqJilwHwfSzx2AVTelaLc= =/ehN -----END PGP SIGNATURE----- All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/2faf25cc/attachment.html From gmatt at nerc.ac.uk Mon Jan 7 16:17:52 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Jan 7 16:18:17 2008 Subject: Outgoing Sendmail In-Reply-To: <47822F8F.6020106@farrows.org> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47822F8F.6020106@farrows.org> Message-ID: <478250B0.6000307@nerc.ac.uk> Peter Farrow wrote: > Particular interest is in the SM-Archive milter which I want to apply on > the outbound queue so I can archive emails that get processed out > going... rather than taking archive copies before Mailscanner does its > stuff > > which therefore means archiving spam and viruses as well! why not get MS to do this for you - it has this functionality built in. > > Regards > > Pete > > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From ka at pacific.net Mon Jan 7 16:18:46 2008 From: ka at pacific.net (Ken Anderson) Date: Mon Jan 7 16:19:09 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> Message-ID: <478250E6.2030108@pacific.net> Devon Harding wrote: > On Jan 7, 2008 10:36 AM, dnsadmin 1bigthink.com > wrote: > >> Hello, >> >> I use the following in my sendmail.mc. Port 587 is a standard use >> port defined in /etc/services and has really come in handy for >> roaming users. Many hotel Internet access points block port 25! >> snip > Will it also accept mail on port 587 or is it just for submission? > > You really should relay out through your ISP's mailserver. Your ISP will not be blocking port 25 incoming, so your listening sendmail on port 25 should be able to receive mail from the Net just fine. Your ISP's block on port 25 outgoing will not be worked around by setting up your sendmail to listen on an additional port. You need to set smart host in your sendmail.mc and rebuild sendmail.cf. Ken Pacific.Net From dnsadmin at 1bigthink.com Mon Jan 7 16:37:58 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Jan 7 16:38:25 2008 Subject: People forget to install unrar In-Reply-To: <4780E619.8000304@ecs.soton.ac.uk> References: <477FC5E4.5010707@ecs.soton.ac.uk> <4780E619.8000304@ecs.soton.ac.uk> Message-ID: <200801071638.m07GcBnI024719@mxt.1bigthink.com> At 09:30 AM 1/6/2008, you wrote: NOTE: Snipping throughout.. > >> This is one problem I see time and again on other people's systems, they > >> never remember to install unrar, which means that MailScanner cannot > >> check filenames or filetypes in RAR archives. > >> > >> Anyone got any good practical ideas on how I might go about solving this > >> one? > >> > > FWIW, I occasionally *do* see rar files at my sight; I don't know why. > > Mailscanner deals with them nicely. > > > > Jeff Earickson > > Colby College FYI, I deal with a lot of .rar files at home, personally. I've never seen a *valid* .rar come over my mail server, though they are a good archival system, so I would imagine someone will use it someday and I would want to allow it; like a .zip file. However, I dealt with a great deal of them on the mail server early last year when a botnet started disbursing them with suspect code content. MailScanner was very adept at picking this trash out and quarantining it. Cheers, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Mon Jan 7 16:40:03 2008 From: devonharding at gmail.com (Devon Harding) Date: Mon Jan 7 16:40:13 2008 Subject: Listen on different port In-Reply-To: <2baac6140801070731y7da2dd03qeeca85325cfff3a5@mail.gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <478242BF.6060800@vanderkooij.org> <2baac6140801070724k37880df4wb5e9ff35e5d06590@mail.gmail.com> <2baac6140801070731y7da2dd03qeeca85325cfff3a5@mail.gmail.com> Message-ID: <2baac6140801070840u66c93f54if6088fdd6aeb61c0@mail.gmail.com> Ok, Got it working. It seems a long time ago, based on some old MailScanner wiki, I was using the file sendmail_in.mc & sendmail_in.cf instead. Thanks all, -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/456f3ddf/attachment.html From gerard at seibercom.net Mon Jan 7 16:46:54 2008 From: gerard at seibercom.net (Gerard) Date: Mon Jan 7 16:47:09 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <478250E6.2030108@pacific.net> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> <478250E6.2030108@pacific.net> Message-ID: <20080107114654.518f035e@scorpio> On Mon, 07 Jan 2008 10:18:46 -0600 Ken Anderson wrote: > You really should relay out through your ISP's mailserver. Your ISP > will not be blocking port 25 incoming, so your listening sendmail on > port 25 should be able to receive mail from the Net just fine. Your > ISP's block on port 25 outgoing will not be worked around by setting > up your sendmail to listen on an additional port. You need to set > smart host in your sendmail.mc and rebuild sendmail.cf. Comcast, at least in selected markets, has been blocking port 25 both in & out. In fact, they are enforcing TLS/SSL on port 587, again in selected markets. Actually, it is not such a bad idea if it stops 'bots' from sending SPAM. -- Gerard gerard@seibercom.net Trifles make perfection, and perfection is no trifle. Michelangelo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/bf26a8d2/signature.bin From dnsadmin at 1bigthink.com Mon Jan 7 16:54:34 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Jan 7 16:55:01 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <478250E6.2030108@pacific.net> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> <478250E6.2030108@pacific.net> Message-ID: <200801071654.m07Gsl94026578@mxt.1bigthink.com> At 11:18 AM 1/7/2008, you wrote: >Devon Harding wrote: >>On Jan 7, 2008 10:36 AM, dnsadmin 1bigthink.com >>wrote: >> >>>Hello, >>> >>>I use the following in my sendmail.mc. Port 587 is a standard use >>>port defined in /etc/services and has really come in handy for >>>roaming users. Many hotel Internet access points block port 25! >snip > >>Will it also accept mail on port 587 or is it just for submission? > >You really should relay out through your ISP's mailserver. Your ISP >will not be blocking port 25 incoming, so your listening sendmail on >port 25 should be able to receive mail from the Net just fine. Your >ISP's block on port 25 outgoing will not be worked around by setting >up your sendmail to listen on an additional port. You need to set >smart host in your sendmail.mc and rebuild sendmail.cf. >Ken >Pacific.Net Roaming users still want to be able to send as joesalesguy@hisdomain.com while out on the road. Hotel access points, 95% of the time, can't even tell you who their ISPs are. Yes, at home, you should send through your ISP and a good ISP will allow you to send as joesalesguy@hisdomain.com, once you've authenticated with their mail host. As far as smart host config, Even though I'm not a big ISP, I am my own ISP as far as mail and DNS are concerned. I don't need to or have to use my ISP to relay mail. I've been with my ISP for many years and have built trust and a relationship that gets me everything I want and need. Cheers, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ka at pacific.net Mon Jan 7 16:56:48 2008 From: ka at pacific.net (Ken Anderson) Date: Mon Jan 7 16:57:10 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <20080107114654.518f035e@scorpio> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> <478250E6.2030108@pacific.net> <20080107114654.518f035e@scorpio> Message-ID: <478259D0.4080607@pacific.net> Gerard wrote: > On Mon, 07 Jan 2008 10:18:46 -0600 > Ken Anderson wrote: > >> You really should relay out through your ISP's mailserver. Your ISP >> will not be blocking port 25 incoming, so your listening sendmail on >> port 25 should be able to receive mail from the Net just fine. Your >> ISP's block on port 25 outgoing will not be worked around by setting >> up your sendmail to listen on an additional port. You need to set >> smart host in your sendmail.mc and rebuild sendmail.cf. > > Comcast, at least in selected markets, has been blocking port 25 both > in & out. In fact, they are enforcing TLS/SSL on port 587, again in > selected markets. Actually, it is not such a bad idea if it stops > 'bots' from sending SPAM. > > Enforcing TLS on AUTH date makes sense, but why block port 25 incoming? There are no bots that deliver directly to end users. Is MS messenger now listening on port 25? :-) Ken Pacific.Net From doc at maddoc.net Mon Jan 7 17:33:23 2008 From: doc at maddoc.net (Doc Schneider) Date: Mon Jan 7 17:34:04 2008 Subject: ANNOUNCE: Apache SpamAssassin 3.2.4 available Message-ID: <47826263.5090905@maddoc.net> Apache SpamAssassin 3.2.4 is now available! This is a maintenance release of the 3.2.x branch. Downloads are available from: http://spamassassin.apache.org/downloads.cgi -- -Doc Lincoln, NE. http://www.fsl.com http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ian-list at securitypimp.com Mon Jan 7 17:43:16 2008 From: ian-list at securitypimp.com (Ian Lists) Date: Mon Jan 7 17:43:29 2008 Subject: dob.sibl.support-intelligence.net In-Reply-To: <220238.1651199727660503.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <4193639.1671199727796318.JavaMail.root@postal.insourcedsecurity.com> I'm trying to figure out what is causing my server to query dob.sibl.support-intelligence.net for DNSBL look-ups. I have only enabled spamhaus-ZEN and spamcop.net, so I'm not sure what is triggering this. It looks like my server is having to send a lot of retransmissions, so I think it is causing SpamAssassin to timeout. [TCP Retransmission] Standard query A papajohns.com.dob.sibl.support-intelligence.net Thanks, Ian From ms-list at alexb.ch Mon Jan 7 17:51:41 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Jan 7 17:51:55 2008 Subject: dob.sibl.support-intelligence.net In-Reply-To: <4193639.1671199727796318.JavaMail.root@postal.insourcedsecurity.com> References: <4193639.1671199727796318.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <478266AD.3050100@alexb.ch> On 1/7/2008 6:43 PM, Ian Lists wrote: > I'm trying to figure out what is causing my server to query dob.sibl.support-intelligence.net for DNSBL look-ups. I have only enabled spamhaus-ZEN and spamcop.net, so I'm not sure what is triggering this. It looks like my server is having to send a lot of retransmissions, so I think it is causing SpamAssassin to timeout. > > [TCP Retransmission] Standard query A papajohns.com.dob.sibl.support-intelligence.net > See: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5768 From ajcartmell at fonant.com Mon Jan 7 17:57:26 2008 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Mon Jan 7 17:57:40 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <478250E6.2030108@pacific.net> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> <478250E6.2030108@pacific.net> Message-ID: >> Will it also accept mail on port 587 or is it just for submission? Port 587 is for mail submission as per rfc2476. It's designed to allow for different handling of submitted mail (which may often be relayed to another domain) compared to relayed mail (which is often only accepted for local domains). > You really should relay out through your ISP's mailserver. IMHO it's perfectly OK to use another mailserver. I use Zen Internet as my ISP, but send all outgoing mail through my own mailserver (and MailScanner!). Using port 587 means that I can do this from anywhere, not only my home broadband connection, and even from ISPs that hijack port 25. On my servers I enable port 587 in sendmail simply by adding "dnl" to comment out the "no_default_msa" line in sendmail.mc, as below: dnl FEATURE(`no_default_msa', `dnl')dnl I require authentication for anyone wishing to relay to other domains, for connections on ports 25 and 587. Cheers! Anthony -- www.fonant.com - Quality web sites From mark at msapiro.net Mon Jan 7 17:47:32 2008 From: mark at msapiro.net (Mark Sapiro) Date: Mon Jan 7 18:12:52 2008 Subject: Mailscanner generated duplicate message. References: 476FD790.8040208@msapiro.net Message-ID: <478265B4.9020502@msapiro.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: | Alex Broens wrote: |> |> |> |> |> On 12/24/2007 3:23 PM, Mark Sapiro wrote: |>> Alex Broens wrote: |>>> probably totally irrelevant yet got a hunch... |>>> |>>> |>>> what are your settings in MailScanner.conf for |>>> |>>> Queue Scan Interval |>>> |>>> Max Unscanned Messages Per Scan |>>> |>>> Max Unsafe Messages Per Scan |>> |>> |>> Queue Scan Interval = 6 |>> |>> Max Unscanned Messages Per Scan = 30 |>> |>> Max Unsafe Messages Per Scan = 30 |>> |>> |>>> Could it be you're seeing a race condition between scanning threads? |>> |>> |>> This is exactly what the problem seems to be, but I don't know what to |>> do to prevent it or what I could have done or omitted to cause it. |>> |>> I suppose I could set |>> |>> Max Children = 1 |>> |>> but that seems extreme, and it seems if it were necessary, more than |>> just me would be seeing this problem. |> |> Single CPU: |> |> Max Children = 5 | | | This is what I currently have. | | |> Dual: |> |> Max Children = 8 |> |> (keep the box relaxed till you get the stuff to process) |> |> Pls try: |> |> Queue Scan Interval = 15 |> |> Max Unscanned Messages Per Scan = 5 |> Max Unsafe Messages Per Scan = 5 | | | I will try these. Note that I will be offline for the next week, so I | won't be able to report much until after the new year. I tried the above settings from Dec 24 through Jan 3. During that period, I see three more duplication incidents in my maillog. This is a lower rate than previous, but there are still dups. As of Jan 3, I have reverted the above settings to their default values, and set Max Children = 2 So far, there have been no more dups, but I think it's too early to tell. Given the load on my system, Max Children = 2 seems fine. If I do see more dups, I may even try setting it to 1 which I'm certain will eliminate the problem. |> You may need to tweek "Queue Scan Interval" to your box's perfomance |> |> my rule of thumb: |> |> Queue Scan Interval = thread_count + 3 |> |> keep us posted | | | OK. | | Note that logs indicate that this problem has only occurred on mail | which is not actually scanned because of a 'no' in scan.messages.rules. | I don't know why this would matter, but it may be significant. | | All but one of the occurrences were on outgoing mail from localhost. The | other one was an incoming message to postmaster. Logs indicate 4 copies | of this one were delivered and I undoubtedly saw all four but just | deleted them thinking they were multiple spams | | The nature of the server is that outgoing mail is virtually all Mailman | list posts or forwards of mail, all of which was scanned on the way in. | I would just as soon not have Postfix hold mail from localhost at all, | but I haven't figured out how to do that. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHgmW0VVuXXpU7hpMRAozCAJ9Ium7QULpRy/MZSc+v4SeHM7lfQgCgz2Vy GCXOXP8OCKA9jm9zrLbALJE= =QtlZ -----END PGP SIGNATURE----- From ian-list at securitypimp.com Mon Jan 7 19:20:35 2008 From: ian-list at securitypimp.com (Ian Lists) Date: Mon Jan 7 19:20:49 2008 Subject: dob.sibl.support-intelligence.net In-Reply-To: <478266AD.3050100@alexb.ch> Message-ID: <6885848.1701199733635493.JavaMail.root@postal.insourcedsecurity.com> THANKS!! ----- "Alex Broens" wrote: > On 1/7/2008 6:43 PM, Ian Lists wrote: > > I'm trying to figure out what is causing my server to query > dob.sibl.support-intelligence.net for DNSBL look-ups. I have only > enabled spamhaus-ZEN and spamcop.net, so I'm not sure what is > triggering this. It looks like my server is having to send a lot of > retransmissions, so I think it is causing SpamAssassin to timeout. > > > > [TCP Retransmission] Standard query A > papajohns.com.dob.sibl.support-intelligence.net > > > See: > > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5768 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From holger-lists at noefer.org Mon Jan 7 19:30:48 2008 From: holger-lists at noefer.org (=?ISO-8859-1?Q?Hoger_N=F6fer?=) Date: Mon Jan 7 19:30:48 2008 Subject: ANNOUNCE: Apache SpamAssassin 3.2.4 available In-Reply-To: <47826263.5090905@maddoc.net> References: <47826263.5090905@maddoc.net> Message-ID: <47827DE8.2090500@noefer.org> That's fine, bug 5589 with the async lookups has been fixed and completewhois.com has been removed. Very nice... Mail::SpamAssassin version in cpan database has the version 3.2.3, I think I will try the update tomorrow. Best regards, Holger Doc Schneider schrieb: > Apache SpamAssassin 3.2.4 is now available! This is a maintenance > release of the 3.2.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi > > > From jaearick at colby.edu Mon Jan 7 20:35:00 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Mon Jan 7 20:35:27 2008 Subject: MS 4.66.5-2, SA 3.2.4, core on debug? Message-ID: Gang, I just built and installed SpamAssassin 3.2.4, then ran MailScanner in debug mode. It did: [10345] dbg: check: tests=BAYES_00,DCC_CHECK,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,SPF_PASS [10345] dbg: check: subtests=[long string snipped] [10345] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.593, head-points=3.593, learned-points=-2.599 [10345] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam Segmentation Fault - core dumped Failed. The full debug output is attached. I reinstalled SA 3.2.3 and it did the same thing, so I returned to SA 3.2.4. Despite the failure, MailScanner is running fine, and I can't find a core file anyplace on the system. My OS: Solaris 10, perl 5.8.8, MS and SA and everything else built from tar files. My bayes files are huge, but otherwise look normal: -rw-rw-rw- 1 root root 30282 Jan 7 15:33 bayes.mutex -rw------- 1 root other 103584 Jan 7 15:33 bayes_journal -rw-r--r-- 1 root root 670294016 Jan 7 15:33 bayes_seen -rw------- 1 root other 8429568 Jan 7 15:33 bayes_toks Any ideas? Jeff Earickson Colby College -------------- next part -------------- Sun Microsystems Inc. SunOS 5.10 Generic January 2005 -n Starting MailScanner... In Debugging mode, not forking... Trying to setlogsock(udp) SpamAssassin temp dir = /tmp [10327] dbg: logger: adding facilities: all [10327] dbg: logger: logging level is DBG [10327] dbg: generic: SpamAssassin version 3.2.4 [10327] dbg: config: score set 0 chosen. [10327] dbg: util: running in taint mode? no [10327] dbg: dns: no ipv6 [10327] dbg: dns: is Net::DNS::Resolver available? yes [10327] dbg: dns: Net::DNS version: 0.62 [10327] dbg: ignore: test message to precompile patterns and load modules [10327] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [10327] dbg: config: read file /etc/mail/spamassassin/init.pre [10327] dbg: config: read file /etc/mail/spamassassin/v310.pre [10327] dbg: config: read file /etc/mail/spamassassin/v312.pre [10327] dbg: config: read file /etc/mail/spamassassin/v320.pre [10327] dbg: config: using "/opt/perl5/share/spamassassin" for sys rules pre files [10327] dbg: config: using "/opt/perl5/share/spamassassin" for default rules dir [10327] dbg: config: read file /opt/perl5/share/spamassassin/10_default_prefs.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_advance_fee.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_body_tests.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_compensate.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_dnsbl_tests.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_drugs.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_dynrdns.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_fake_helo_tests.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_head_tests.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_html_tests.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_imageinfo.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_meta_tests.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_net_tests.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_phrases.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_porn.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_ratware.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_uri_tests.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/20_vbounce.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/23_bayes.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_accessdb.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_antivirus.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_asn.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_dcc.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_dkim.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_domainkeys.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_hashcash.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_pyzor.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_razor2.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_replace.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_spf.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_textcat.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/25_uribl.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/30_text_de.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/30_text_fr.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/30_text_it.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/30_text_nl.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/30_text_pl.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/30_text_pt_br.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/50_scores.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/60_awl.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/60_shortcircuit.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist_dk.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist_dkim.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist_spf.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/60_whitelist_subject.cf [10327] dbg: config: read file /opt/perl5/share/spamassassin/72_active.cf [10327] dbg: config: using "/etc/mail/spamassassin" for site rules dir [10327] dbg: config: read file /etc/mail/spamassassin/local.cf [10327] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [10327] dbg: dcc: network tests on, registering DCC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [10327] dbg: pyzor: network tests on, attempting Pyzor [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [10327] dbg: razor2: razor2 is available, version 2.84 [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [10327] dbg: reporter: network tests on, attempting SpamCop [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::Shortcircuit from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [10327] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC [10327] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [10327] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [10327] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [10327] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [10327] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [10327] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [10327] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [10327] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [10327] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [10327] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [10327] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [10327] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [10327] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [10327] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [10327] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [10327] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [10327] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B [10327] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [10327] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [10327] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [10327] dbg: conf: finish parsing [10327] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x1cee2bc) implements 'finish_parsing_end', priority 0 [10327] dbg: replacetags: replacing tags [10327] dbg: replacetags: done replacing tags [10327] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks [10327] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen [10327] dbg: bayes: found bayes db version 3 [10327] dbg: bayes: DB journal sync: last sync: 1199736309 [10327] dbg: config: score set 3 chosen. [10327] dbg: message: main message type: text/plain [10327] dbg: message: ---- MIME PARSER START ---- [10327] dbg: message: parsing normal part [10327] dbg: message: ---- MIME PARSER END ---- [10327] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x1d814dc) implements 'check_start', priority 0 [10327] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x1d39a58) implements 'check_main', priority 0 [10327] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [10327] dbg: metadata: X-Spam-Relays-Trusted: [10327] dbg: metadata: X-Spam-Relays-Untrusted: [10327] dbg: metadata: X-Spam-Relays-Internal: [10327] dbg: metadata: X-Spam-Relays-External: [10327] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x1689534) implements 'extract_metadata', priority 0 [10327] dbg: metadata: X-Relay-Countries: [10327] dbg: message: no encoding detected [10327] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x1689534) implements 'parsed_metadata', priority 0 [10327] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x16ced3c) implements 'parsed_metadata', priority 0 [10327] dbg: plugin: Mail::SpamAssassin::Plugin::Shortcircuit=HASH(0x1d5410c) implements 'parsed_metadata', priority 0 [10327] dbg: dns: no ipv6 [10327] dbg: dns: is Net::DNS::Resolver available? yes [10327] dbg: dns: Net::DNS version: 0.62 [10327] dbg: dns: name server: 137.146.28.72, LocalAddr: 0.0.0.0 [10327] dbg: dns: dns_available set to yes in config file, skipping test [10327] dbg: uridnsbl: domains to query: [10327] dbg: plugin: Mail::SpamAssassin::Plugin::Shortcircuit=HASH(0x1d5410c) implements 'have_shortcircuited', priority 0 [10327] dbg: check: running tests for priority: -1000 [10327] dbg: rules: running head tests; score so far=0 [10327] dbg: rules: compiled head tests [10327] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [10327] dbg: eval: all '*To' addrs: [10327] dbg: rules: running body tests; score so far=0 [10327] dbg: rules: compiled body tests [10327] dbg: rules: running uri tests; score so far=0 [10327] dbg: rules: compiled uri tests [10327] dbg: rules: running rawbody tests; score so far=0 [10327] dbg: rules: compiled rawbody tests [10327] dbg: rules: running full tests; score so far=0 [10327] dbg: rules: compiled full tests [10327] dbg: rules: running meta tests; score so far=0 [10327] dbg: rules: compiled meta tests [10327] dbg: check: running tests for priority: -950 [10327] dbg: rules: running head tests; score so far=0 [10327] dbg: rules: compiled head tests [10327] dbg: rules: running body tests; score so far=0 [10327] dbg: rules: compiled body tests [10327] dbg: rules: running uri tests; score so far=0 [10327] dbg: rules: compiled uri tests [10327] dbg: rules: running rawbody tests; score so far=0 [10327] dbg: rules: compiled rawbody tests [10327] dbg: rules: running full tests; score so far=0 [10327] dbg: rules: compiled full tests [10327] dbg: rules: running meta tests; score so far=0 [10327] dbg: rules: compiled meta tests [10327] dbg: check: running tests for priority: -900 [10327] dbg: rules: running head tests; score so far=0 [10327] dbg: rules: compiled head tests [10327] dbg: rules: running body tests; score so far=0 [10327] dbg: rules: compiled body tests [10327] dbg: rules: running uri tests; score so far=0 [10327] dbg: rules: compiled uri tests [10327] dbg: rules: running rawbody tests; score so far=0 [10327] dbg: rules: compiled rawbody tests [10327] dbg: rules: running full tests; score so far=0 [10327] dbg: rules: compiled full tests [10327] dbg: rules: running meta tests; score so far=0 [10327] dbg: rules: compiled meta tests [10327] dbg: check: running tests for priority: -400 [10327] dbg: rules: running head tests; score so far=0 [10327] dbg: rules: compiled head tests [10327] dbg: rules: running body tests; score so far=0 [10327] dbg: rules: compiled body tests [10327] dbg: rules: running uri tests; score so far=0 [10327] dbg: rules: compiled uri tests [10327] dbg: rules: running rawbody tests; score so far=0 [10327] dbg: rules: compiled rawbody tests [10327] dbg: rules: running full tests; score so far=0 [10327] dbg: rules: compiled full tests [10327] dbg: rules: running meta tests; score so far=0 [10327] dbg: rules: compiled meta tests [10327] dbg: check: running tests for priority: 0 [10327] dbg: rules: running head tests; score so far=0 [10327] dbg: rules: compiled head tests [10327] dbg: plugin: Mail::SpamAssassin::Plugin::Shortcircuit=HASH(0x1d5410c) implements 'hit_rule', priority 0 [10327] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [10327] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@spamassassin_spamd_init>" [10327] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1199736655" [10327] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [10327] dbg: rules: Message-Id: " [10327] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [10327] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1199736655.02195@spamassassin_spamd_init> [10327] dbg: rules: " [10327] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [10327] dbg: spf: checking to see if the message has a Received-SPF header that we can use [10327] dbg: spf: using Mail::SPF for SPF checks [10327] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check [10327] dbg: dkim: no wl entries match author ignore@compiling.spamassassin.taint.org, no need to verify sigs [10327] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10327] dbg: spf: no suitable relay for spf use found, skipping SPF check [10327] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) [10327] dbg: dkim: performing public key lookup and signature verification [10327] dbg: dkim: signature verification result: none [10327] dbg: dkim: policy: performing lookup [10327] dbg: dkim: policy result neutral: o=~ [10327] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check [10327] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) [10327] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [10327] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check [10327] dbg: rules: running body tests; score so far=1.292 [10327] dbg: rules: compiled body tests [10327] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [10327] dbg: rules: running uri tests; score so far=1.292 [10327] dbg: rules: compiled uri tests [10327] dbg: eval: stock info total: 0 [10327] dbg: rules: running rawbody tests; score so far=1.292 [10327] dbg: rules: compiled rawbody tests [10327] dbg: rules: running full tests; score so far=1.292 [10327] dbg: rules: compiled full tests [10327] dbg: info: entering helper-app run mode [10327] dbg: info: leaving helper-app run mode [10327] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [10327] dbg: razor2: results: spam? 0 [10327] dbg: razor2: results: engine 8, highest cf score: 0 [10327] dbg: razor2: results: engine 4, highest cf score: 0 [10327] dbg: pyzor: use_pyzor option not enabled, disabling Pyzor [10327] dbg: dcc: dccifd is available: /opt/dcc/dccifd [10327] dbg: info: entering helper-app run mode [10327] dbg: dcc: dccifd got response: X-DCC-EATSERVER-Metrics: jasper 1166; Body=many Fuz1=many Fuz2=many [10327] dbg: info: leaving helper-app run mode [10327] dbg: dcc: listed: BODY=999999/999999 FUZ1=999999/999999 FUZ2=999999/999999 [10327] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1) [10327] dbg: rules: running meta tests; score so far=3.462 [10327] dbg: rules: compiled meta tests [10327] dbg: check: running tests for priority: 500 [10327] dbg: dns: harvest_dnsbl_queries [10327] dbg: rules: running head tests; score so far=3.462 [10327] dbg: rules: compiled head tests [10327] dbg: rules: running body tests; score so far=3.462 [10327] dbg: rules: compiled body tests [10327] dbg: rules: running uri tests; score so far=3.462 [10327] dbg: rules: compiled uri tests [10327] dbg: rules: running rawbody tests; score so far=3.462 [10327] dbg: rules: compiled rawbody tests [10327] dbg: rules: running full tests; score so far=3.462 [10327] dbg: rules: compiled full tests [10327] dbg: rules: running meta tests; score so far=3.462 [10327] dbg: rules: meta test FM_DDDD_TIMES_2 has undefined dependency 'FH_HOST_EQ_D_D_D_D' [10327] dbg: rules: meta test FM_SEX_HOSTDDDD has undefined dependency 'FH_HOST_EQ_D_D_D_D' [10327] dbg: rules: compiled meta tests [10327] dbg: check: running tests for priority: 1000 [10327] dbg: rules: running head tests; score so far=5.223 [10327] dbg: rules: compiled head tests [10327] dbg: rules: running body tests; score so far=5.223 [10327] dbg: rules: compiled body tests [10327] dbg: rules: running uri tests; score so far=5.223 [10327] dbg: rules: compiled uri tests [10327] dbg: rules: running rawbody tests; score so far=5.223 [10327] dbg: rules: compiled rawbody tests [10327] dbg: rules: running full tests; score so far=5.223 [10327] dbg: rules: compiled full tests [10327] dbg: rules: running meta tests; score so far=5.223 [10327] dbg: rules: compiled meta tests [10327] dbg: check: is spam? score=5.223 required=5 [10327] dbg: check: tests=DCC_CHECK,MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [10327] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [10327] dbg: bayes: untie-ing [10327] dbg: plugin: Mail::SpamAssassin::Plugin::Shortcircuit=HASH(0x1d5410c) implements 'compile_now_finish', priority 0 [10345] dbg: dns: name server: 137.146.28.72, LocalAddr: 0.0.0.0 [10345] dbg: message: main message type: text/html [10345] dbg: message: ---- MIME PARSER START ---- [10345] dbg: message: parsing normal part [10345] dbg: message: ---- MIME PARSER END ---- [10345] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [10345] dbg: received-header: parsed as [ ip=153.69.140.130 rdns=ibex.cae3.com helo=ibex.cae3.com by=jasper.colby.edu ident= envfrom= intl=0 id=m07K5XgP009255 auth= msa=0 ] [10345] dbg: received-header: do not trust any hosts from here on [10345] dbg: received-header: relay 153.69.140.130 trusted? no internal? no msa? no [10345] dbg: metadata: X-Spam-Relays-Trusted: [10345] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=153.69.140.130 rdns=ibex.cae3.com helo=ibex.cae3.com by=jasper.colby.edu ident= envfrom= intl=0 id=m07K5XgP009255 auth= msa=0 ] [10345] dbg: metadata: X-Spam-Relays-Internal: [10345] dbg: metadata: X-Spam-Relays-External: [ ip=153.69.140.130 rdns=ibex.cae3.com helo=ibex.cae3.com by=jasper.colby.edu ident= envfrom= intl=0 id=m07K5XgP009255 auth= msa=0 ] [10345] dbg: metadata: X-Relay-Countries: US [10345] dbg: message: decoding other encoding type (7bit), ignoring [10345] dbg: uridnsbl: domains to query: ibex.com ibexwear.com ncrpmreports.com [10345] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:ibex.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_GREY lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:bl.open-whois.org.:ibex.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: WHOIS_SECUREWHOIS lookup start [10345] dbg: dns: WHOIS_MYPRIVREG lookup start [10345] dbg: dns: WHOIS_NETSOLPR lookup start [10345] dbg: dns: WHOIS_AITPRIV lookup start [10345] dbg: dns: WHOIS_FINEXE lookup start [10345] dbg: dns: WHOIS_CONTACTPRIV lookup start [10345] dbg: dns: URIBL_BLACK lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:rhsbl.ahbl.org.:ibex.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_RHS_AHBL lookup start [10345] dbg: dns: WHOIS_REGISTER4LESS lookup start [10345] dbg: dns: WHOIS_NETID lookup start [10345] dbg: dns: WHOIS_DYNADOT lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:ibex.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_OB_SURBL lookup start [10345] dbg: dns: WHOIS_DMNBYPROXY lookup start [10345] dbg: dns: WHOIS_MONIKER_PRIV lookup start [10345] dbg: dns: WHOIS_PRIVDOMAIN lookup start [10345] dbg: dns: WHOIS_DREAMPRIV lookup start [10345] dbg: dns: URIBL_RED lookup start [10345] dbg: dns: URIBL_SC_SURBL lookup start [10345] dbg: dns: URIBL_AB_SURBL lookup start [10345] dbg: dns: WHOIS_WHOISGUARD lookup start [10345] dbg: dns: WHOIS_PRIVPROT lookup start [10345] dbg: dns: WHOIS_NAMEKING lookup start [10345] dbg: dns: URIBL_PH_SURBL lookup start [10345] dbg: dns: WHOIS_DOMPRIVCORP lookup start [10345] dbg: dns: WHOIS_PRIVACYPOST lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:ibex.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_RHS_DOB lookup start [10345] dbg: dns: WHOIS_DOMESCROW lookup start [10345] dbg: dns: WHOIS_WHOISPROT lookup start [10345] dbg: dns: URIBL_JP_SURBL lookup start [10345] dbg: dns: WHOIS_REGTEK lookup start [10345] dbg: dns: URIBL_WS_SURBL lookup start [10345] dbg: dns: WHOIS_SAFENAMES lookup start [10345] dbg: dns: WHOIS_NOMINET lookup start [10345] dbg: dns: WHOIS_REGISTERFLY lookup start [10345] dbg: dns: WHOIS_UNLISTED lookup start [10345] dbg: async: starting: URI-NS, NS:ibex.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_SBL lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:ibexwear.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_GREY lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:bl.open-whois.org.:ibexwear.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: WHOIS_SECUREWHOIS lookup start [10345] dbg: dns: WHOIS_MYPRIVREG lookup start [10345] dbg: dns: WHOIS_NETSOLPR lookup start [10345] dbg: dns: WHOIS_AITPRIV lookup start [10345] dbg: dns: WHOIS_FINEXE lookup start [10345] dbg: dns: WHOIS_CONTACTPRIV lookup start [10345] dbg: dns: URIBL_BLACK lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:rhsbl.ahbl.org.:ibexwear.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_RHS_AHBL lookup start [10345] dbg: dns: WHOIS_REGISTER4LESS lookup start [10345] dbg: dns: WHOIS_NETID lookup start [10345] dbg: dns: WHOIS_DYNADOT lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:ibexwear.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_OB_SURBL lookup start [10345] dbg: dns: WHOIS_DMNBYPROXY lookup start [10345] dbg: dns: WHOIS_MONIKER_PRIV lookup start [10345] dbg: dns: WHOIS_PRIVDOMAIN lookup start [10345] dbg: dns: WHOIS_DREAMPRIV lookup start [10345] dbg: dns: URIBL_RED lookup start [10345] dbg: dns: URIBL_SC_SURBL lookup start [10345] dbg: dns: URIBL_AB_SURBL lookup start [10345] dbg: dns: WHOIS_WHOISGUARD lookup start [10345] dbg: dns: WHOIS_PRIVPROT lookup start [10345] dbg: dns: WHOIS_NAMEKING lookup start [10345] dbg: dns: URIBL_PH_SURBL lookup start [10345] dbg: dns: WHOIS_DOMPRIVCORP lookup start [10345] dbg: dns: WHOIS_PRIVACYPOST lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:ibexwear.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_RHS_DOB lookup start [10345] dbg: dns: WHOIS_DOMESCROW lookup start [10345] dbg: dns: WHOIS_WHOISPROT lookup start [10345] dbg: dns: URIBL_JP_SURBL lookup start [10345] dbg: dns: WHOIS_REGTEK lookup start [10345] dbg: dns: URIBL_WS_SURBL lookup start [10345] dbg: dns: WHOIS_SAFENAMES lookup start [10345] dbg: dns: WHOIS_NOMINET lookup start [10345] dbg: dns: WHOIS_REGISTERFLY lookup start [10345] dbg: dns: WHOIS_UNLISTED lookup start [10345] dbg: async: starting: URI-NS, NS:ibexwear.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_SBL lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:ncrpmreports.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_GREY lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:bl.open-whois.org.:ncrpmreports.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: WHOIS_SECUREWHOIS lookup start [10345] dbg: dns: WHOIS_MYPRIVREG lookup start [10345] dbg: dns: WHOIS_NETSOLPR lookup start [10345] dbg: dns: WHOIS_AITPRIV lookup start [10345] dbg: dns: WHOIS_FINEXE lookup start [10345] dbg: dns: WHOIS_CONTACTPRIV lookup start [10345] dbg: dns: URIBL_BLACK lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:rhsbl.ahbl.org.:ncrpmreports.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_RHS_AHBL lookup start [10345] dbg: dns: WHOIS_REGISTER4LESS lookup start [10345] dbg: dns: WHOIS_NETID lookup start [10345] dbg: dns: WHOIS_DYNADOT lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:ncrpmreports.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_OB_SURBL lookup start [10345] dbg: dns: WHOIS_DMNBYPROXY lookup start [10345] dbg: dns: WHOIS_MONIKER_PRIV lookup start [10345] dbg: dns: WHOIS_PRIVDOMAIN lookup start [10345] dbg: dns: WHOIS_DREAMPRIV lookup start [10345] dbg: dns: URIBL_RED lookup start [10345] dbg: dns: URIBL_SC_SURBL lookup start [10345] dbg: dns: URIBL_AB_SURBL lookup start [10345] dbg: dns: WHOIS_WHOISGUARD lookup start [10345] dbg: dns: WHOIS_PRIVPROT lookup start [10345] dbg: dns: WHOIS_NAMEKING lookup start [10345] dbg: dns: URIBL_PH_SURBL lookup start [10345] dbg: dns: WHOIS_DOMPRIVCORP lookup start [10345] dbg: dns: WHOIS_PRIVACYPOST lookup start [10345] dbg: async: starting: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:ncrpmreports.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_RHS_DOB lookup start [10345] dbg: dns: WHOIS_DOMESCROW lookup start [10345] dbg: dns: WHOIS_WHOISPROT lookup start [10345] dbg: dns: URIBL_JP_SURBL lookup start [10345] dbg: dns: WHOIS_REGTEK lookup start [10345] dbg: dns: URIBL_WS_SURBL lookup start [10345] dbg: dns: WHOIS_SAFENAMES lookup start [10345] dbg: dns: WHOIS_NOMINET lookup start [10345] dbg: dns: WHOIS_REGISTERFLY lookup start [10345] dbg: dns: WHOIS_UNLISTED lookup start [10345] dbg: async: starting: URI-NS, NS:ncrpmreports.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: URIBL_SBL lookup start [10345] dbg: dns: checking A and MX for host cae3.com [10345] dbg: dns: launching DNS A query for cae3.com in background [10345] dbg: async: starting: NO_DNS_FOR_FROM, DNSBL-A, dns:A:cae3.com (timeout 15.0s, min 3.0s) [10345] dbg: dns: launching DNS MX query for cae3.com in background [10345] dbg: async: starting: NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:cae3.com (timeout 15.0s, min 3.0s) [10345] dbg: check: running tests for priority: -1000 [10345] dbg: dns: hit 153.69.128.173 [10345] dbg: dns: hit 20 mail3.cae3.com. [10345] dbg: async: select found 20 responses ready (t.o.=0.0) [10345] dbg: async: completed in 0.036 s: URI-DNSBL, DNSBL:bl.open-whois.org.:ibex.com [10345] dbg: async: completed in 0.034 s: URI-DNSBL, DNSBL:multi.surbl.org.:ibex.com [10345] dbg: async: completed in 0.017 s: NO_DNS_FOR_FROM, DNSBL-A, dns:A:cae3.com [10345] dbg: async: completed in 0.035 s: URI-DNSBL, DNSBL:rhsbl.ahbl.org.:ibex.com [10345] dbg: async: completed in 0.032 s: URI-DNSBL, DNSBL:multi.uribl.com.:ibexwear.com [10345] dbg: async: completed in 0.023 s: URI-DNSBL, DNSBL:multi.surbl.org.:ncrpmreports.com [10345] dbg: async: completed in 0.030 s: URI-NS, NS:ibex.com [10345] dbg: async: starting: URI-A, A:balder.vtweb.com. (timeout 15.0s, min 3.0s) [10345] dbg: async: starting: URI-A, A:odin.vtweb.com. (timeout 15.0s, min 3.0s) [10345] dbg: async: completed in 0.037 s: URI-DNSBL, DNSBL:multi.uribl.com.:ibex.com [10345] dbg: async: completed in 0.026 s: URI-NS, NS:ibexwear.com [10345] dbg: async: completed in 0.018 s: URI-NS, NS:ncrpmreports.com [10345] dbg: async: starting: URI-A, A:ns3.ncrwebhost.com. (timeout 15.0s, min 3.0s) [10345] dbg: async: starting: URI-A, A:ns1.ncrwebhost.com. (timeout 15.0s, min 3.0s) [10345] dbg: async: starting: URI-A, A:ns2.ncrwebhost.com. (timeout 15.0s, min 3.0s) [10345] dbg: async: completed in 0.030 s: URI-DNSBL, DNSBL:rhsbl.ahbl.org.:ibexwear.com [10345] dbg: async: completed in 0.030 s: URI-DNSBL, DNSBL:multi.surbl.org.:ibexwear.com [10345] dbg: async: completed in 0.032 s: URI-DNSBL, DNSBL:bl.open-whois.org.:ibexwear.com [10345] dbg: async: completed in 0.037 s: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:ibex.com [10345] dbg: async: completed in 0.024 s: URI-DNSBL, DNSBL:rhsbl.ahbl.org.:ncrpmreports.com [10345] dbg: async: completed in 0.022 s: NO_DNS_FOR_FROM, DNSBL-MX, dns:MX:cae3.com [10345] dbg: async: completed in 0.027 s: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:ncrpmreports.com [10345] dbg: async: completed in 0.030 s: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:ibexwear.com [10345] dbg: async: completed in 0.025 s: URI-DNSBL, DNSBL:multi.uribl.com.:ncrpmreports.com [10345] dbg: async: completed in 0.025 s: URI-DNSBL, DNSBL:bl.open-whois.org.:ncrpmreports.com [10345] dbg: async: queries completed: 20, started: 5 [10345] dbg: async: queries active: URI-A=5 at Mon Jan 7 15:10:59 2008 [10345] dbg: dns: harvested completed queries [10345] dbg: rules: running head tests; score so far=0 [10345] dbg: eval: all '*From' addrs: 10103+10000+10123+001+00000+00001+00+wccranne=colby.edu@cae3.com info@email.ibex.com [10345] dbg: eval: all '*To' addrs: wccranne@colby.edu [10345] dbg: rules: running body tests; score so far=0 [10345] dbg: rules: running uri tests; score so far=0 [10345] dbg: rules: running rawbody tests; score so far=0 [10345] dbg: rules: running full tests; score so far=0 [10345] dbg: rules: running meta tests; score so far=0 [10345] dbg: check: running tests for priority: -950 [10345] dbg: rules: running head tests; score so far=0 [10345] dbg: rules: running body tests; score so far=0 [10345] dbg: rules: running uri tests; score so far=0 [10345] dbg: rules: running rawbody tests; score so far=0 [10345] dbg: rules: running full tests; score so far=0 [10345] dbg: rules: running meta tests; score so far=0 [10345] dbg: check: running tests for priority: -900 [10345] dbg: rules: running head tests; score so far=0 [10345] dbg: rules: running body tests; score so far=0 [10345] dbg: rules: running uri tests; score so far=0 [10345] dbg: rules: running rawbody tests; score so far=0 [10345] dbg: rules: running full tests; score so far=0 [10345] dbg: rules: running meta tests; score so far=0 [10345] dbg: check: running tests for priority: -400 [10345] dbg: rules: running head tests; score so far=0 [10345] dbg: rules: running body tests; score so far=0 [10345] dbg: rules: running uri tests; score so far=0 [10345] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x1e49fcc) implements 'check_wb_list', priority 0 [10345] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_toks [10345] dbg: bayes: tie-ing to DB file R/O /var/spool/spamassassin/bayes_seen [10345] dbg: bayes: found bayes db version 3 [10345] dbg: bayes: DB journal sync: last sync: 1199736309 [10345] dbg: bayes: corpus size: nspam = 3283170, nham = 2211392 [10345] dbg: bayes: score = 0 [10345] dbg: bayes: DB journal sync: last sync: 1199736309 [10345] dbg: bayes: untie-ing [10345] dbg: rules: running rawbody tests; score so far=0 [10345] dbg: rules: running full tests; score so far=0 [10345] dbg: rules: running meta tests; score so far=0 [10345] dbg: check: running tests for priority: 0 [10345] dbg: rules: running head tests; score so far=0 [10345] dbg: rules: ran header rule __REPTO_QUOTE ======> got hit: ""Ibex Outdoor Clothing" <" [10345] dbg: rules: ran header rule __REPTO_OVERQUOTE ======> got hit: ""Ibex Outdoor Clothing" <" [10345] dbg: rules: ran header rule __CTYPE_HTML ======> got hit: "text/html" [10345] dbg: rules: ran header rule __CT ======> got hit: "t" [10345] dbg: rules: ran header rule __CTYPE_CHARSET_QUOTED ======> got hit: "charset="" [10345] dbg: rules: ran header rule __LAST_UNTRUSTED_RELAY_NO_AUTH ======> got hit: "[ ip=153.69.140.130 rdns=ibex.cae3.com helo=ibex.cae3.com by=jasper.colby.edu ident= envfrom= intl=0 id=m07K5XgP009255 auth= " [10345] dbg: rules: ran header rule __DOS_SINGLE_EXT_RELAY ======> got hit: "[ ip=153.69.140.130 rdns=ibex.cae3.com helo=ibex.cae3.com by=jasper.colby.edu ident= envfrom= intl=0 id=m07K5XgP009255 auth= msa=0 ]" [10345] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [10345] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1" [10345] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f" [10345] dbg: rules: ran header rule __DOS_RCVD_MON ======> got hit: " Mon, " [10345] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<" [10345] dbg: rules: ran header rule __MSGID_OK_HEX ======> got hit: "0ba137b0" [10345] dbg: rules: ran header rule __MIMEOLE_MS ======> got hit: "Produced By Microsoft MimeOLE" [10345] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [10345] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1dd101c85169$0ba137b0$642b14ac@NCR43100> [10345] dbg: rules: " [10345] dbg: rules: ran header rule __MSGID_DOLLARS_MAYBE ======> got hit: "<1dd101c85169$0ba137b0$642b14ac@NCR43100>" [10345] dbg: rules: ran header rule __MSGID_DOLLARS_OK ======> got hit: "<1dd101c85169$0ba137b0$642b14ac@NCR43100>" [10345] dbg: rules: ran header rule __OE_MSGID_2 ======> got hit: "<1dd101c85169$0ba137b0$642b14ac@NCR43100>" [10345] dbg: rules: ran header rule __CTE ======> got hit: "7" [10345] dbg: rules: ran header rule __EXCLAIM_SUBJ ======> got hit: "!" [10345] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "I" [10345] dbg: rules: ran header rule __XM_MS_IN_GENERAL ======> got hit: "Microsoft CDO" [10345] dbg: rules: ran header rule __HAS_X_MAILER ======> got hit: "M" [10345] dbg: rules: ran header rule __HAS_MIMEOLE ======> got hit: "P" [10345] dbg: spf: checking to see if the message has a Received-SPF header that we can use [10345] dbg: spf: checking HELO (helo=ibex.cae3.com, ip=153.69.140.130) [10345] dbg: spf: query for /153.69.140.130/ibex.cae3.com: result: none, comment: , text: No applicable sender policy available [10345] dbg: dkim: no wl entries match author info@email.ibex.com, no need to verify sigs [10345] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [10345] dbg: spf: checking EnvelopeFrom (helo=ibex.cae3.com, ip=153.69.140.130, envfrom=10103+10000+10123+001+00000+00001+00+wccranne=colby.edu@cae3.com) [10345] dbg: spf: query for 10103+10000+10123+001+00000+00001+00+wccranne=colby.edu@cae3.com/153.69.140.130/ibex.cae3.com: result: pass, comment: , text: Mechanism 'ip4:153.69.140.0/24' matched [10345] dbg: rules: ran eval rule SPF_PASS ======> got hit (1) [10345] dbg: dkim: performing public key lookup and signature verification [10345] dbg: dkim: signature verification result: none [10345] dbg: dkim: policy: performing lookup [10345] dbg: dkim: policy result neutral: o=~ [10345] dbg: spf: def_whitelist_from_spf: 10103+10000+10123+001+00000+00001+00+wccranne=colby.edu@cae3.com is not in DEF_WHITELIST_FROM_SPF [10345] dbg: spf: whitelist_from_spf: 10103+10000+10123+001+00000+00001+00+wccranne=colby.edu@cae3.com is not in user's WHITELIST_FROM_SPF [10345] dbg: rules: running body tests; score so far=-0.001 [10345] dbg: rules: ran body rule __FB_S_STOCK ======> got hit: "stock" [10345] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [10345] dbg: rules: running uri tests; score so far=-0.001 [10345] dbg: rules: ran uri rule __DOS_HAS_ANY_URI ======> got hit: "h" [10345] dbg: rules: ran eval rule __TAG_EXISTS_BODY ======> got hit (1) [10345] dbg: rules: ran eval rule HTML_IMAGE_RATIO_02 ======> got hit (1) [10345] dbg: rules: ran eval rule BAYES_00 ======> got hit (1) [10345] dbg: rules: ran eval rule __MIME_HTML ======> got hit (1) [10345] dbg: rules: ran eval rule HTML_MESSAGE ======> got hit (1) [10345] dbg: rules: ran eval rule __TAG_EXISTS_HTML ======> got hit (1) [10345] dbg: rules: ran eval rule __TAG_EXISTS_CENTER ======> got hit (1) [10345] dbg: rules: ran eval rule MIME_HTML_ONLY ======> got hit (1) [10345] dbg: rules: ran eval rule __HTML_LINK_IMAGE ======> got hit (1) [10345] dbg: rules: ran eval rule __TAG_EXISTS_HEAD ======> got hit (1) [10345] dbg: rules: ran eval rule __TAG_EXISTS_META ======> got hit (1) [10345] dbg: rules: running rawbody tests; score so far=-0.759 [10345] dbg: rules: running full tests; score so far=-0.759 [10345] dbg: info: entering helper-app run mode [10345] dbg: info: leaving helper-app run mode [10345] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [10345] dbg: razor2: part=0 engine=8 contested=1 confidence=0 [10345] dbg: razor2: part=0 engine=8 contested=1 confidence=0 [10345] dbg: razor2: part=0 engine=8 contested=0 confidence=0 [10345] dbg: razor2: part=0 engine=8 contested=0 confidence=0 [10345] dbg: razor2: results: spam? 0 [10345] dbg: razor2: results: engine 8, highest cf score: 0 [10345] dbg: razor2: results: engine 4, highest cf score: 0 [10345] dbg: pyzor: use_pyzor option not enabled, disabling Pyzor [10345] dbg: dcc: dccifd is available: /opt/dcc/dccifd [10345] dbg: info: entering helper-app run mode [10345] dbg: dcc: dccifd got response: X-DCC-EATSERVER-Metrics: jasper 1166; Body=4 Fuz1=many Fuz2=many [10345] dbg: info: leaving helper-app run mode [10345] dbg: dcc: listed: BODY=4/999999 FUZ1=999999/999999 FUZ2=999999/999999 [10345] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1) [10345] dbg: rules: running meta tests; score so far=1.411 [10345] dbg: check: running tests for priority: 500 [10345] dbg: dns: harvest_dnsbl_queries [10345] dbg: async: select found no responses ready (t.o.=0.0) [10345] dbg: async: completed in 0.138 s: URI-A, A:ns2.ncrwebhost.com. [10345] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:190.202.69.153 (timeout 15.0s, min 3.0s) [10345] dbg: async: completed in 0.140 s: URI-A, A:balder.vtweb.com. [10345] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:3.146.114.216 (timeout 15.0s, min 3.0s) [10345] dbg: async: completed in 0.140 s: URI-A, A:odin.vtweb.com. [10345] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:2.146.114.216 (timeout 15.0s, min 3.0s) [10345] dbg: async: completed in 0.138 s: URI-A, A:ns1.ncrwebhost.com. [10345] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:190.200.69.153 (timeout 15.0s, min 3.0s) [10345] dbg: async: completed in 0.138 s: URI-A, A:ns3.ncrwebhost.com. [10345] dbg: async: starting: URI-DNSBL, DNSBL:sbl.spamhaus.org.:210.203.69.153 (timeout 15.0s, min 3.0s) [10345] dbg: async: queries completed: 5, started: 5 [10345] dbg: async: queries active: URI-DNSBL=5 at Mon Jan 7 15:11:00 2008 [10345] dbg: dns: harvest_dnsbl_queries - check_tick [10345] dbg: async: select found 5 responses ready (t.o.=1.0) [10345] dbg: async: completed in 0.005 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:2.146.114.216 [10345] dbg: async: completed in 0.006 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:3.146.114.216 [10345] dbg: async: completed in 0.003 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:210.203.69.153 [10345] dbg: async: completed in 0.007 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:190.202.69.153 [10345] dbg: async: completed in 0.004 s: URI-DNSBL, DNSBL:sbl.spamhaus.org.:190.200.69.153 [10345] dbg: async: timing: 0.003 . DNSBL:sbl.spamhaus.org.:210.203.69.153 [10345] dbg: async: timing: 0.004 . DNSBL:sbl.spamhaus.org.:190.200.69.153 [10345] dbg: async: timing: 0.005 . DNSBL:sbl.spamhaus.org.:2.146.114.216 [10345] dbg: async: timing: 0.006 . DNSBL:sbl.spamhaus.org.:3.146.114.216 [10345] dbg: async: timing: 0.007 . DNSBL:sbl.spamhaus.org.:190.202.69.153 [10345] dbg: async: timing: 0.017 . dns:A:cae3.com [10345] dbg: async: timing: 0.018 . NS:ncrpmreports.com [10345] dbg: async: timing: 0.022 . dns:MX:cae3.com [10345] dbg: async: timing: 0.023 . DNSBL:multi.surbl.org.:ncrpmreports.com [10345] dbg: async: timing: 0.024 . DNSBL:rhsbl.ahbl.org.:ncrpmreports.com [10345] dbg: async: timing: 0.025 . DNSBL:bl.open-whois.org.:ncrpmreports.com [10345] dbg: async: timing: 0.025 . DNSBL:multi.uribl.com.:ncrpmreports.com [10345] dbg: async: timing: 0.026 . NS:ibexwear.com [10345] dbg: async: timing: 0.027 . DNSBL:dob.sibl.support-intelligence.net:ncrpmreports.com [10345] dbg: async: timing: 0.030 . DNSBL:dob.sibl.support-intelligence.net:ibexwear.com [10345] dbg: async: timing: 0.030 . NS:ibex.com [10345] dbg: async: timing: 0.030 . DNSBL:multi.surbl.org.:ibexwear.com [10345] dbg: async: timing: 0.030 . DNSBL:rhsbl.ahbl.org.:ibexwear.com [10345] dbg: async: timing: 0.032 . DNSBL:bl.open-whois.org.:ibexwear.com [10345] dbg: async: timing: 0.032 . DNSBL:multi.uribl.com.:ibexwear.com [10345] dbg: async: timing: 0.034 . DNSBL:multi.surbl.org.:ibex.com [10345] dbg: async: timing: 0.035 . DNSBL:rhsbl.ahbl.org.:ibex.com [10345] dbg: async: timing: 0.036 . DNSBL:bl.open-whois.org.:ibex.com [10345] dbg: async: timing: 0.037 . DNSBL:multi.uribl.com.:ibex.com [10345] dbg: async: timing: 0.037 . DNSBL:dob.sibl.support-intelligence.net:ibex.com [10345] dbg: async: timing: 0.138 . A:ns2.ncrwebhost.com. [10345] dbg: async: timing: 0.138 . A:ns1.ncrwebhost.com. [10345] dbg: async: timing: 0.138 . A:ns3.ncrwebhost.com. [10345] dbg: async: timing: 0.140 . A:odin.vtweb.com. [10345] dbg: async: timing: 0.140 . A:balder.vtweb.com. [10345] dbg: rules: running head tests; score so far=1.411 [10345] dbg: rules: running body tests; score so far=1.411 [10345] dbg: rules: running uri tests; score so far=1.411 [10345] dbg: rules: running rawbody tests; score so far=1.411 [10345] dbg: rules: running full tests; score so far=1.411 [10345] dbg: rules: running meta tests; score so far=1.411 [10345] dbg: check: running tests for priority: 1000 [10345] dbg: rules: running head tests; score so far=1.411 [10345] dbg: rules: running body tests; score so far=1.411 [10345] dbg: rules: running uri tests; score so far=1.411 [10345] dbg: rules: running rawbody tests; score so far=1.411 [10345] dbg: rules: running full tests; score so far=1.411 [10345] dbg: rules: running meta tests; score so far=1.411 [10345] dbg: plugin: Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x1cd713c) implements 'autolearn_discriminator', priority 0 [10345] dbg: learn: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1 [10345] dbg: learn: auto-learn: message score: 1.411, computed score for autolearn: 3.593 [10345] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.593, head-points=3.593, learned-points=-2.599 [10345] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam [10345] dbg: check: is spam? score=1.411 required=5 [10345] dbg: check: tests=BAYES_00,DCC_CHECK,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,SPF_PASS [10345] dbg: check: subtests=__CT,__CTE,__CTYPE_CHARSET_QUOTED,__CTYPE_HTML,__DOS_HAS_ANY_URI,__DOS_RCVD_MON,__DOS_SINGLE_EXT_RELAY,__EXCLAIM_SUBJ,__FB_S_STOCK,__HAS_ANY_URI,__HAS_MIMEOLE,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__HTML_LINK_IMAGE,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MIMEOLE_MS,__MIME_HTML,__MIME_VERSION,__MISSING_REF,__MSGID_DOLLARS_MAYBE,__MSGID_DOLLARS_OK,__MSGID_OK_HEX,__NONEMPTY_BODY,__OE_MSGID_2,__REPTO_OVERQUOTE,__REPTO_QUOTE,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_CENTER,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS,__XM_MS_IN_GENERAL [10345] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.593, head-points=3.593, learned-points=-2.599 [10345] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam Segmentation Fault - core dumped Failed. From naolson at gmail.com Mon Jan 7 20:37:01 2008 From: naolson at gmail.com (Nathan Olson) Date: Mon Jan 7 20:37:11 2008 Subject: Centos 5 with Perl 5.10.0 ConfigDefs.pl "strict refs" error In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2A35471F@commssrv01.computerservicecentre.com> References: <3D9C92F3075F5144B46AA2C590F48E2A35471F@commssrv01.computerservicecentre.com> Message-ID: <8f54b4330801071237t4a8c5d4u73e7404991890c7e@mail.gmail.com> The error is from the 'strict' pragma (use strict). The error is exactly what it says it is. Nate From naolson at gmail.com Mon Jan 7 20:48:57 2008 From: naolson at gmail.com (Nathan Olson) Date: Mon Jan 7 20:49:05 2008 Subject: Centos 5 with Perl 5.10.0 ConfigDefs.pl "strict refs" error In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2A35471F@commssrv01.computerservicecentre.com> References: <3D9C92F3075F5144B46AA2C590F48E2A35471F@commssrv01.computerservicecentre.com> Message-ID: <8f54b4330801071248j6a94e033te88a436b20305d23@mail.gmail.com> Perhaps related to this change from 5.10. strictures and dereferencing in defined() use strict 'refs' was ignoring taking a hard reference in an argument to defined(), as in : use strict 'refs'; my $x = 'foo'; if (defined $$x) {...} This now correctly produces the run-time error Can't use string as a SCALAR ref while "strict refs" in use. defined @$foo and defined %$bar are now also subject to strict 'refs' (that is, $foo and $bar shall be proper references there.) (defined(@foo) and defined(%bar) are discouraged constructs anyway.) (Nicholas Clark) From holger-lists at noefer.org Mon Jan 7 20:50:58 2008 From: holger-lists at noefer.org (=?ISO-8859-1?Q?Hoger_N=F6fer?=) Date: Mon Jan 7 20:51:02 2008 Subject: MS 4.66.5-2, SA 3.2.4, core on debug? In-Reply-To: References: Message-ID: <478290B2.8040607@noefer.org> Hi, did you try to move the bayes files and create new files with the same permissions? After that you should do something like /usr/bin/sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --sync --force-expire Best regards, Holger Jeff A. Earickson schrieb: > Gang, > > I just built and installed SpamAssassin 3.2.4, then ran MailScanner > in debug mode. It did: > > [10345] dbg: check: > tests=BAYES_00,DCC_CHECK,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,SPF_PASS > > [10345] dbg: check: subtests=[long string snipped] > [10345] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.593, > head-points=3.593, learned-points=-2.599 > [10345] dbg: learn: auto-learn? no: inside auto-learn thresholds, not > considered ham or spam > Segmentation Fault - core dumped > Failed. > > The full debug output is attached. I reinstalled SA 3.2.3 and it > did the same thing, so I returned to SA 3.2.4. Despite the failure, > MailScanner is running fine, and I can't find a core file anyplace > on the system. My OS: Solaris 10, perl 5.8.8, MS and SA and everything > else built from tar files. > > My bayes files are huge, but otherwise look normal: > > -rw-rw-rw- 1 root root 30282 Jan 7 15:33 bayes.mutex > -rw------- 1 root other 103584 Jan 7 15:33 bayes_journal > -rw-r--r-- 1 root root 670294016 Jan 7 15:33 bayes_seen > -rw------- 1 root other 8429568 Jan 7 15:33 bayes_toks > > Any ideas? > > Jeff Earickson > Colby College From ms-list at alexb.ch Mon Jan 7 21:07:13 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Jan 7 21:07:25 2008 Subject: MS 4.66.5-2, SA 3.2.4, core on debug? In-Reply-To: <478290B2.8040607@noefer.org> References: <478290B2.8040607@noefer.org> Message-ID: <47829481.1030008@alexb.ch> No need to be so radical and there's no point in expiring a new DB :-) you can safely remove the bayes_seen file, this is only used to "forget msgs" if you detect a false positive The rest of the sizes are ok and are probably ok. sa-learn -C /etc/MailScanner/spam.assassin.prefs.conf / --dump magic should give you more info. always make sure you're Mailscanner user rwx permissions on the Bayes_* files h2h Alex On 1/7/2008 9:50 PM, Hoger N?fer wrote: > Hi, > > did you try to move the bayes files and create new files with the same > permissions? > After that you should do something like > /usr/bin/sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --sync > --force-expire > > Best regards, > Holger > > Jeff A. Earickson schrieb: >> Gang, >> >> I just built and installed SpamAssassin 3.2.4, then ran MailScanner >> in debug mode. It did: >> >> [10345] dbg: check: >> tests=BAYES_00,DCC_CHECK,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_HTML_ONLY,SPF_PASS >> >> [10345] dbg: check: subtests=[long string snipped] >> [10345] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=3.593, >> head-points=3.593, learned-points=-2.599 >> [10345] dbg: learn: auto-learn? no: inside auto-learn thresholds, not >> considered ham or spam >> Segmentation Fault - core dumped >> Failed. >> >> The full debug output is attached. I reinstalled SA 3.2.3 and it >> did the same thing, so I returned to SA 3.2.4. Despite the failure, >> MailScanner is running fine, and I can't find a core file anyplace >> on the system. My OS: Solaris 10, perl 5.8.8, MS and SA and everything >> else built from tar files. >> >> My bayes files are huge, but otherwise look normal: >> >> -rw-rw-rw- 1 root root 30282 Jan 7 15:33 bayes.mutex >> -rw------- 1 root other 103584 Jan 7 15:33 bayes_journal >> -rw-r--r-- 1 root root 670294016 Jan 7 15:33 bayes_seen >> -rw------- 1 root other 8429568 Jan 7 15:33 bayes_toks >> >> Any ideas? >> >> Jeff Earickson >> Colby College > From gerard at seibercom.net Mon Jan 7 22:11:14 2008 From: gerard at seibercom.net (Gerard) Date: Mon Jan 7 22:11:37 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <478259D0.4080607@pacific.net> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> <478250E6.2030108@pacific.net> <20080107114654.518f035e@scorpio> <478259D0.4080607@pacific.net> Message-ID: <20080107171114.5a444142@scorpio> On Mon, 07 Jan 2008 10:56:48 -0600 Ken Anderson wrote: > Gerard wrote: > > On Mon, 07 Jan 2008 10:18:46 -0600 > > Ken Anderson wrote: > > > >> You really should relay out through your ISP's mailserver. Your ISP > >> will not be blocking port 25 incoming, so your listening sendmail > >> on port 25 should be able to receive mail from the Net just fine. > >> Your ISP's block on port 25 outgoing will not be worked around by > >> setting up your sendmail to listen on an additional port. You need > >> to set smart host in your sendmail.mc and rebuild sendmail.cf. > > > > Comcast, at least in selected markets, has been blocking port 25 > > both in & out. In fact, they are enforcing TLS/SSL on port 587, > > again in selected markets. Actually, it is not such a bad idea if > > it stops 'bots' from sending SPAM. > > > Enforcing TLS on AUTH date makes sense, but why block port 25 > incoming? There are no bots that deliver directly to end users. Is MS > messenger now listening on port 25? :-) From what little I have been able to gleam from Comcast themselves, it appears that they are attempting to stop their non-business customers; i.e., users willing to pay $100 or more per month for static IP, from running mail servers. For the record, that is one more reason why I am investigating FIOS as a replacement for Comcast cable. -- Gerard gerard@seibercom.net MARRIAGE: Convertible bonds. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080107/3feffd7e/signature.bin From miguelk at konsultex.com.br Mon Jan 7 22:33:36 2008 From: miguelk at konsultex.com.br (Miguel Koren O Brien de Lacy) Date: Mon Jan 7 22:34:07 2008 Subject: Deliver {Spam?} to spam-mail Message-ID: <20080107221305.M52861@konsultex.com.br> I have been using Mail Scanner for a pretty long time but I only used the virus scanning aspect of it. I now have a server (fedora Core 7 with sendmail, procmail and dovecot) where spam is the big problem and all those users don't mind if it just gets delivered to the "~mail/spam-mail" folder to be looked at sometime. This is almost like a personal quarantine. I got Span Assassin working fine with Mail Scanner and saw that the header gets the required "ssssss" characters. I didn't see a way in MailScanner.conf to say that I want spam delivered to a place other than the inbox. I have the feeling that the "forward" option may do what I want. For example something like: Spam Actions = deliver forward ~mail/spam-mail Or would this fail because Mail Scanner does not know what user is involved? If not, perhaps the "custom" option does it? I want to keep experimentation to a minimum because this is a production machine. If I can do this with MailScanner, what option should I use and with what parameter? If I have to do it outside MailScanner, what is recommended? Thanks. -- Konsultex Informatica (http://www.konsultex.com.br) -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. From ssilva at sgvwater.com Mon Jan 7 23:26:21 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 7 23:25:09 2008 Subject: Listen on different port In-Reply-To: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> Message-ID: on 1/7/2008 4:43 AM Devon Harding spake the following: > My ISP (Comcast) has decided to start blocking port 25. I'm using > easydns and it allows me to forward emails to ports other than port 25. > How do I configure Mailscanner to listen on ports other/in addition to 25? > About time Comcast started doing something to stop the deluge of spam flowing from within their borders! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From alex at nkpanama.com Mon Jan 7 17:10:04 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Jan 8 01:00:51 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <478259D0.4080607@pacific.net> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> <478250E6.2030108@pacific.net> <20080107114654.518f035e@scorpio> <478259D0.4080607@pacific.net> Message-ID: On Jan 7, 2008, at 11:56 AM, Ken Anderson wrote: > Enforcing TLS on AUTH date makes sense, but why block port 25 > incoming? Could be that there's a lot of needless traffic coming from bots sweeping through entire netblocks looking for open smtp servers. If I were an ISP I'd try to ask my users before doing this or state it in the contract though. From mi6 at orcon.net.nz Tue Jan 8 06:59:16 2008 From: mi6 at orcon.net.nz (Charlie) Date: Tue Jan 8 06:59:32 2008 Subject: cannot forward a contact from Outlook References: <02a501c85113$a03b52d0$0200a8c0@CharlieCompaq><49EA3959-90A1-4765-B26E-6AC3427CE574@nkpanama.com><031101c8513a$e9447570$0200a8c0@CharlieCompaq> <4510D5D8-2B59-44D1-B616-83150304CBD3@nkpanama.com> Message-ID: <012c01c851c3$fdd18b20$0200a8c0@CharlieCompaq> Hi Alex, I have fixed the problem thanks to your help. :) I actually had the following setting: Deliver Unparsable TNEF = no which I have now changed to Deliver Unparsable TNEF = yes This fixed the problem! (I was originally looking at the wrong configuration file when reporting the values of these variables so sorry about that). ----- Original Message ----- From: "Alex Neuman" To: "MailScanner discussion" Sent: Tuesday, January 08, 2008 1:49 AM Subject: Re: cannot forward a contact from Outlook > If you put "expand tnef = no" or otherwise tell MailScanner not to do > anything with TNEF, does it help? > > Do you use "rich text format" instead of HTML for your e-mails? > > Is Exchange set up to mangle stuff in any way? > > > On Jan 7, 2008, at 9:38 AM, Charlie wrote: > >> Do you mean which TNEF-related options in MailScanner configuration? If >> so, these are the TNEF settings I see: >> >> Expand TNEF = yes >> Use TNEF Contents = replace >> Deliver Unparsable TNEF = yes >> TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000 >> TNEF Timeout = 120 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Tue Jan 8 07:02:24 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 8 07:03:03 2008 Subject: Deliver {Spam?} to spam-mail In-Reply-To: <20080107221305.M52861@konsultex.com.br> References: <20080107221305.M52861@konsultex.com.br> Message-ID: <47832000.2070801@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Miguel Koren O Brien de Lacy wrote: | I have been using Mail Scanner for a pretty long time but I only used the virus | scanning aspect of it. I now have a server (fedora Core 7 with sendmail, procmail and | dovecot) where spam is the big problem and all those users don't mind if it just gets | delivered to the "~mail/spam-mail" folder to be looked at sometime. This is almost | like a personal quarantine. I got Span Assassin working fine with Mail Scanner and saw | that the header gets the required "ssssss" characters. I didn't see a way in | MailScanner.conf to say that I want spam delivered to a place other than the inbox. I | have the feeling that the "forward" option may do what I want. For example something like: | | Spam Actions = deliver forward ~mail/spam-mail | | Or would this fail because Mail Scanner does not know what user is involved? If not, | perhaps the "custom" option does it? I want to keep experimentation to a minimum | because this is a production machine. | | If I can do this with MailScanner, what option should I use and with what parameter? | If I have to do it outside MailScanner, what is recommended? You should enlighten your users in the good use of sorting out the crap with a simple .procmailrc file. Asuming your MTA actually uses procmail from local delivery. (If it does not do so now I suggest you add it straight away.) As everything is run as the same user while MailScanner is working on it ~ ~ tends to be the MailScanner user for all users email. Regardless wether or not the receiver is John or Paul or George or .... Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHgx/+BvzDRVjxmYERAl8aAKCxwaydQWHM7rfGPSQBabHqi13xBQCeN0Rl oyP3/bbSwRcLebocjA8HSys= =dwvx -----END PGP SIGNATURE----- From telecaadmin at gmail.com Tue Jan 8 10:22:18 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Jan 8 10:22:28 2008 Subject: Rules for Fraud detection In-Reply-To: <47824660.4030401@ecs.soton.ac.uk> References: <47824363.9000208@gmail.com> <47824660.4030401@ecs.soton.ac.uk> Message-ID: <47834EDA.5010600@gmail.com> >> 2) Can they operate on the VALUE of the possible fraud? > See www.phishingnet.info for a brief description of basically how they work. Ah, sorry, that's not what I meant. I was looking for a detailed description about how the From: etc keywords work and if there are more keywords available. I found in the docs that there are "only" the well-known From: etc keywords. Okay, next problem: MailScanner marks mails a fraud if there is a link with differing text. But it does that regardless if the text looks like an URL or not, e.g. (a href=http://erp.system/action?123) [APPROVE] (/a) Wouldn't it be good to not do it for those kind of links where the text does not resemble an URL? Cheers, Ronny From ms-list at alexb.ch Tue Jan 8 10:58:29 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Jan 8 10:58:41 2008 Subject: Uribl.com & googlepages sites Message-ID: <47835755.4070504@alexb.ch> Guys For those who don't read the SA list and using SA > 3.2.3 AND querying URIBL.COM. add to your SA preference files util_rb_2tld googlepages.com that will allow SA to see the *.googlepages sites. Pls note that this ONLY works with URIBL.COM - SURBL does not list these sites. enjoy Alex From MailScanner at ecs.soton.ac.uk Tue Jan 8 11:38:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 8 11:38:48 2008 Subject: ANNOUNCE: Apache SpamAssassin 3.2.4 available In-Reply-To: <47826263.5090905@maddoc.net> References: <47826263.5090905@maddoc.net> Message-ID: <478360B1.9050104@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just updated my easy-to-install ClamAV+SpamAssassin package to contain this new version. Doc Schneider wrote: > Apache SpamAssassin 3.2.4 is now available! This is a maintenance > release of the 3.2.x branch. > > Downloads are available from: > http://spamassassin.apache.org/downloads.cgi > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHg2CxEfZZRxQVtlQRAnm3AJ9rua2edQs7xZsvlXN5ayv071j8egCgpxUb 7gEPheyKW5Srsvkt8qv9CIg= =qS2X -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Timo.Jacobs at partners.de Tue Jan 8 11:53:20 2008 From: Timo.Jacobs at partners.de (Timo.Jacobs@partners.de) Date: Tue Jan 8 11:53:12 2008 Subject: Timo Jacobs is out of the office. Message-ID: I will be out of the office starting 07.01.2008 and will not return until 11.01.2008. I will respond to your message when I return. In urgent cases please contact Mr. Timo A. Schmidt (timo.schmidt@partners.de) From gerard at seibercom.net Tue Jan 8 12:36:28 2008 From: gerard at seibercom.net (Gerard) Date: Tue Jan 8 12:36:46 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: <20080108073628.28faea70@scorpio> On Tue, 8 Jan 2008 12:53:20 +0100 Timo.Jacobs@partners.de wrote: > > I will be out of the office starting 07.01.2008 and will not return > until 11.01.2008. > > I will respond to your message when I return. > In urgent cases please contact Mr. Timo A. Schmidt > (timo.schmidt@partners.de) Cool! Lets all send Mr. Schmidt a message commenting on Mr. Jacobs improperly configured 'Vacation' message! -- Gerard gerard@seibercom.net " ... I told my doctor I got all the exercise I needed being a pallbearer for all my friends who run and do exercises!" Winston Churchill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080108/3121372a/signature.bin From telecaadmin at gmail.com Tue Jan 8 13:34:44 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Jan 8 13:34:54 2008 Subject: Quarantine has stopped working Message-ID: <47837BF4.4070802@gmail.com> Hi, somehow my quarantine mechanism has stopped working. It DID work, and stopped some days ago, and I cannot tell you why, I don't even have the faintest idea. Any hints, how to debug it... ? Config: Run As User = postfix Run As Group = postfix Quarantine Dir = /var/spool/MailScanner/quarantine Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = no Quarantine Whole Messages As Queue Files = yes #> ls -ld /var/spool/MailScanner/quarantine/ drwxr-x--- 2 postfix postfix 48 Jan 7 18:24 /var/spool/MailScanner/quarantine// /var/log/maillog: Jan 8 14:16:37 filter MailScanner[26546]: Virus and Content Scanning: Starting Jan 8 14:16:37 filter MailScanner[26546]: ::INFECTED:: Eicar-Test-Signature: : ./62222E5.E92AC/eicar.txt Jan 8 14:16:37 filter MailScanner[26546]: ::INFECTED:: Eicar-Test-Signature: : ./62222E5.E92AC/test.zip Jan 8 14:16:37 filter MailScanner[26546]: Virus Scanning: ClamAVModule found 2 infections Jan 8 14:16:37 filter MailScanner[26546]: Virus Scanning: Found 2 viruses Jan 8 14:16:37 filter MailScanner[26546]: Requeue: 62222E5.E92AC to A1C34148 It used to have something like Jan 3 14:11:43 filter MailScanner[31198]: Saved entire message to /var/spool/MailScanner/quarantine/20080103/69AA31B3.97AD0 in the log. From martinh at solidstatelogic.com Tue Jan 8 13:47:46 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jan 8 13:47:54 2008 Subject: Quarantine has stopped working In-Reply-To: <47837BF4.4070802@gmail.com> Message-ID: Ronny So how is the "Quarantine" user and group related to the postfix group? Looks like to got permissions mismatch to me.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ronny T. Lampert > Sent: 08 January 2008 13:35 > To: MailScanner discussion > Subject: Quarantine has stopped working > > Hi, > > somehow my quarantine mechanism has stopped working. It DID work, and > stopped some days ago, and I cannot tell you why, I don't even have the > faintest idea. > > Any hints, how to debug it... ? > > > > Config: > > Run As User = postfix > Run As Group = postfix > > Quarantine Dir = /var/spool/MailScanner/quarantine > Quarantine User = > Quarantine Group = > Quarantine Permissions = 0600 > Quarantine Infections = yes > Quarantine Silent Viruses = no > Quarantine Modified Body = no > Quarantine Whole Message = no > Quarantine Whole Messages As Queue Files = yes > > > #> ls -ld /var/spool/MailScanner/quarantine/ > > drwxr-x--- 2 postfix postfix 48 Jan 7 18:24 > /var/spool/MailScanner/quarantine// > > > /var/log/maillog: > > Jan 8 14:16:37 filter MailScanner[26546]: Virus and Content Scanning: > Starting > Jan 8 14:16:37 filter MailScanner[26546]: ::INFECTED:: > Eicar-Test-Signature: > : ./62222E5.E92AC/eicar.txt > Jan 8 14:16:37 filter MailScanner[26546]: ::INFECTED:: > Eicar-Test-Signature: > : ./62222E5.E92AC/test.zip > Jan 8 14:16:37 filter MailScanner[26546]: Virus Scanning: ClamAVModule > found 2 infections > Jan 8 14:16:37 filter MailScanner[26546]: Virus Scanning: Found 2 viruses > Jan 8 14:16:37 filter MailScanner[26546]: Requeue: 62222E5.E92AC to > A1C34148 > > > It used to have something like > > Jan 3 14:11:43 filter MailScanner[31198]: Saved entire message to > /var/spool/MailScanner/quarantine/20080103/69AA31B3.97AD0 > > in the log. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From telecaadmin at gmail.com Tue Jan 8 13:52:32 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Jan 8 13:52:43 2008 Subject: Quarantine has stopped working In-Reply-To: References: Message-ID: <47838020.1000906@gmail.com> > So how is the "Quarantine" user and group related to the postfix group? Looks like to got permissions mismatch to me.. MailScanner is running as the "postfix" user, so everything it works with needs to be rw-able by the postfix user, doesn't it? From steve.freegard at fsl.com Tue Jan 8 14:13:34 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Jan 8 14:10:48 2008 Subject: Quarantine has stopped working In-Reply-To: <47837BF4.4070802@gmail.com> References: <47837BF4.4070802@gmail.com> Message-ID: <4783850E.4040408@fsl.com> Ronny T. Lampert wrote: > Hi, > > somehow my quarantine mechanism has stopped working. It DID work, and > stopped some days ago, and I cannot tell you why, I don't even have the > faintest idea. > > Any hints, how to debug it... ? > > Quarantine Silent Viruses = no ^^^^^ What is your setting for 'Silent Viruses'? If you have All-Viruses here, then Eicar won't be quarantined unless you set it as a 'Noisy Virus' non-forging virus. Also - check your 'Spam Actions' and make sure you have 'store' as part of them. Cheers, Steve. From telecaadmin at gmail.com Tue Jan 8 14:51:26 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Jan 8 14:51:37 2008 Subject: Quarantine has stopped working In-Reply-To: <4783850E.4040408@fsl.com> References: <47837BF4.4070802@gmail.com> <4783850E.4040408@fsl.com> Message-ID: <47838DEE.4020300@gmail.com> >> somehow my quarantine mechanism has stopped working. It DID work, and >> stopped some days ago, and I cannot tell you why, I don't even have >> the faintest idea. >> >> Any hints, how to debug it... ? >> >> Quarantine Silent Viruses = no > > ^^^^^ What is your setting for 'Silent Viruses'? If you have > All-Viruses here, then Eicar won't be quarantined unless you set it as a > 'Noisy Virus' non-forging virus. Thanks a lot Steve! The hint with "Silent Viruses" was the kicker. Now with the following the Eicar is correctly treated as a virus, cleaned and quarantined, and the message being delivered: Silent Viruses = HTML-IFrame Quarantine Silent Viruses = yes Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = yes > Also - check your 'Spam Actions' and make sure you have 'store' as part > of them. That doesn't seem have ANY consequences on the quarantining. I have Spam Checks = no Spam Actions = deliver header "X-Spam-Status: Yes" and the Virus quarantining works as expected. Cheers, Ronny From clacroix at cegep-ste-foy.qc.ca Tue Jan 8 14:55:13 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Tue Jan 8 14:55:26 2008 Subject: Uribl.com & googlepages sites In-Reply-To: <47835755.4070504@alexb.ch> References: <47835755.4070504@alexb.ch> Message-ID: <47838ED1.1040204@cegep-ste-foy.qc.ca> Alex Broens a ?crit : > Guys > > For those who don't read the SA list and using SA > 3.2.3 AND querying > URIBL.COM. > > add to your SA preference files > > util_rb_2tld googlepages.com > > that will allow SA to see the *.googlepages sites. > > Pls note that this ONLY works with URIBL.COM - SURBL does not list > these sites. > > enjoy > > Alex > > Thanks for the info, i had trouble with googlepages.com spam sites scoring 2.x and my spamscore is 3. Basicly now they score over 3 and it makes my users happy :) From mailscanner at yeticomputers.com Tue Jan 8 15:13:29 2008 From: mailscanner at yeticomputers.com (Rick Chadderdon) Date: Tue Jan 8 15:13:47 2008 Subject: Rules for Fraud detection In-Reply-To: <47834EDA.5010600@gmail.com> References: <47824363.9000208@gmail.com> <47824660.4030401@ecs.soton.ac.uk> <47834EDA.5010600@gmail.com> Message-ID: <47839319.8010200@yeticomputers.com> Ronny T. Lampert wrote: > MailScanner marks mails a fraud if there is a link with differing text. > But it does that regardless if the text looks like an URL or not, e.g. > > (a href=http://erp.system/action?123) [APPROVE] (/a) > > Wouldn't it be good to not do it for those kind of links where the > text does not resemble an URL? I can understand why you might think so, but I personally prefer that people don't even use clickable links in email. For my userbase, it's best that anything that would be clickable that does not display its URL gets broken out as "fraud" by the phishing net. Otherwise, things like: To collect your one million dollars click (a href="http://www.infectyourmachine.com/")here!(/a) would have a much greater chance of, well, infecting their machines. Perhaps it would be okay as an optional switch, but I certainly like it the way it is. I tell my clients not to open file attachments directly from their email client and to never click on embedded links in email, but... they're users. What more can I say? Rick From steve.freegard at fsl.com Tue Jan 8 15:18:54 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Jan 8 15:16:10 2008 Subject: Quarantine has stopped working In-Reply-To: <47838DEE.4020300@gmail.com> References: <47837BF4.4070802@gmail.com> <4783850E.4040408@fsl.com> <47838DEE.4020300@gmail.com> Message-ID: <4783945E.6060702@fsl.com> Ronny T. Lampert wrote: > Thanks a lot Steve! The hint with "Silent Viruses" was the kicker. Now > with the following the Eicar is correctly treated as a virus, cleaned > and quarantined, and the message being delivered: > > Silent Viruses = HTML-IFrame No problem - glad you got it working. You probably should set 'Silent Viruses = All-Viruses HTML-IFrame' and add Eicar to the list of Non-forging viruses instead to bypass it. It's a waste of space to quarantine viruses usually unless you need them for some reason, also depending on your 'Notify' settings, your users will get notified (and potentially the sender) which wouldn't be good. Cheers, Steve. From ssilva at sgvwater.com Tue Jan 8 17:12:03 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 8 17:11:00 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: <478259D0.4080607@pacific.net> References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> <478250E6.2030108@pacific.net> <20080107114654.518f035e@scorpio> <478259D0.4080607@pacific.net> Message-ID: on 1/7/2008 8:56 AM Ken Anderson spake the following: > Gerard wrote: >> On Mon, 07 Jan 2008 10:18:46 -0600 >> Ken Anderson wrote: >> >>> You really should relay out through your ISP's mailserver. Your ISP >>> will not be blocking port 25 incoming, so your listening sendmail on >>> port 25 should be able to receive mail from the Net just fine. Your >>> ISP's block on port 25 outgoing will not be worked around by setting >>> up your sendmail to listen on an additional port. You need to set >>> smart host in your sendmail.mc and rebuild sendmail.cf. >> >> Comcast, at least in selected markets, has been blocking port 25 both >> in & out. In fact, they are enforcing TLS/SSL on port 587, again in >> selected markets. Actually, it is not such a bad idea if it stops >> 'bots' from sending SPAM. >> >> > > Enforcing TLS on AUTH date makes sense, but why block port 25 incoming? > There are no bots that deliver directly to end users. Is MS messenger > now listening on port 25? :-) > Ken > Pacific.Net Because these ISP's sell "business" accounts that cost more. They consider anyone who runs any outside reachable service in violation of their use contracts unless you pay 3 to 5 times more for one of these business contracts. And it is a lot easier to stop all traffic on a port across your system then to selectively track down the offenders. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gstory at pccctx.com Tue Jan 8 20:09:01 2008 From: gstory at pccctx.com (Guy Story KC5GOI) Date: Tue Jan 8 20:09:24 2008 Subject: Uribl.com & googlepages sites In-Reply-To: <47835755.4070504@alexb.ch> References: <47835755.4070504@alexb.ch> Message-ID: <4783D85D.2020101@pccctx.com> Alex, I hate to do this to you. I do not follow the SA list. Can I add this at any point to my /etc/MailScanner/spam.assassin.prefs.conf file and restart MS? I do not see any other lines in it that start with util_rb. Thanks. Guy Alex Broens wrote: > Guys > > For those who don't read the SA list and using SA > 3.2.3 AND querying > URIBL.COM. > > add to your SA preference files > > util_rb_2tld googlepages.com > > that will allow SA to see the *.googlepages sites. > > Pls note that this ONLY works with URIBL.COM - SURBL does not list > these sites. > > enjoy > > Alex > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: gstory.vcf Type: text/x-vcard Size: 291 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080108/0a5272b8/gstory.vcf From ricky.boone at gmail.com Tue Jan 8 20:21:20 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Tue Jan 8 20:21:30 2008 Subject: Uribl.com & googlepages sites In-Reply-To: <4783D85D.2020101@pccctx.com> References: <47835755.4070504@alexb.ch> <4783D85D.2020101@pccctx.com> Message-ID: <7d9a8b360801081221x43f986f4g97e6ec4e6a5c6174@mail.gmail.com> On Jan 8, 2008 3:09 PM, Guy Story KC5GOI wrote: > Alex, I hate to do this to you. I do not follow the SA list. Can I add > this at any point to my /etc/MailScanner/spam.assassin.prefs.conf file > and restart MS? I do not see any other lines in it that start with > util_rb. You should only need to add it somewhere in the spam.assassin.prefs.conf file and restart SpamAssassin, though you may want to perform a lint check against the config before hand. From ka at pacific.net Tue Jan 8 21:43:20 2008 From: ka at pacific.net (Ken A) Date: Tue Jan 8 21:43:31 2008 Subject: {Disarmed} Re: Listen on different port In-Reply-To: References: <2baac6140801070443k5e006c6et5f6ac5f5cd35a4f1@mail.gmail.com> <478221CD.8040505@gmail.com> <47823058.1090708@farrows.org> <2baac6140801070614u6630fee0g308d53711909de2d@mail.gmail.com> <478234F8.5090509@farrows.org> <20080107095521.7631c27c@scorpio> <200801071536.m07FaLGC017964@mxt.1bigthink.com> <2baac6140801070748i172d7436s9748fdfe5b84377c@mail.gmail.com> <478250E6.2030108@pacific.net> <20080107114654.518f035e@scorpio> <478259D0.4080607@pacific.net> Message-ID: <4783EE78.4070009@pacific.net> Scott Silva wrote: > on 1/7/2008 8:56 AM Ken Anderson spake the following: >> Gerard wrote: >>> On Mon, 07 Jan 2008 10:18:46 -0600 >>> Ken Anderson wrote: >>> >>>> You really should relay out through your ISP's mailserver. Your ISP >>>> will not be blocking port 25 incoming, so your listening sendmail on >>>> port 25 should be able to receive mail from the Net just fine. Your >>>> ISP's block on port 25 outgoing will not be worked around by setting >>>> up your sendmail to listen on an additional port. You need to set >>>> smart host in your sendmail.mc and rebuild sendmail.cf. >>> >>> Comcast, at least in selected markets, has been blocking port 25 both >>> in & out. In fact, they are enforcing TLS/SSL on port 587, again in >>> selected markets. Actually, it is not such a bad idea if it stops >>> 'bots' from sending SPAM. >>> >>> >> >> Enforcing TLS on AUTH date makes sense, but why block port 25 >> incoming? There are no bots that deliver directly to end users. Is MS >> messenger now listening on port 25? :-) >> Ken >> Pacific.Net > Because these ISP's sell "business" accounts that cost more. They > consider anyone who runs any outside reachable service in violation of > their use contracts unless you pay 3 to 5 times more for one of these > business contracts. And it is a lot easier to stop all traffic on a port > across your system then to selectively track down the offenders. > Ah, giving small ISPs another advantage by mistreating their customers again! Now if we could only get access to that cable. Ken -- Ken Anderson Pacific.Net From ssilva at sgvwater.com Tue Jan 8 23:23:12 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 8 23:21:58 2008 Subject: ANNOUNCE: Apache SpamAssassin 3.2.4 available In-Reply-To: <47827DE8.2090500@noefer.org> References: <47826263.5090905@maddoc.net> <47827DE8.2090500@noefer.org> Message-ID: on 1/7/2008 11:30 AM Hoger N?fer spake the following: > That's fine, bug 5589 with the async lookups has been fixed and > completewhois.com has > been removed. > Very nice... > Seems noticeably faster, even than the patched 3.2.3. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From martinh at solidstatelogic.com Wed Jan 9 08:34:01 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jan 9 08:34:19 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER Message-ID: <99874cd41efba942bd396246f31676c1@solidstatelogic.com> Guys (well Jules prob ;-) Sophos are changing the way updates happen. I guess changes needed at MS end somehow???? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: Sophos Alert System [mailto:notification-return@lists.sophos.com] > Sent: 07 January 2008 11:43 > To: notification@lists.sophos.com > Subject: IMPORTANT - Termination of this subscription - REMINDER > > > Dear Subscriber, > > The number of new malware samples seen on a daily basis by SophosLabs > continues to grow exponentially. Following a review of the use of > this Sophos Alert System mailing list and the updating mechanisms used > by our customers, Sophos will be making several changes to the mailing > lists and downloads available to customers over the next few months. > As a result of these changes Sophos will be able to increase the > number of virus updates released every day substantially, thereby > providing even faster and better protection against malware. > > The changes are as follows: > > - Individual IDE files will not be available for download from > www.sophos.com from March 2008. > > Customers are encouraged to use one of the automated update mechanisms > available from Sophos to receive their updates (see > > www.sophos.com/support/knowledgebase/article/12663.html for further > information). Alternatively users can download the ides.zip file from > www.sophos.com. This zip archive contains all the ide updates > released since the last monthly engine update. Other zip archives are > available for customers using older engines although users are > encouraged to stay up to date and should not use an engine more than 3 > months old. > > - Three new subscription lists have been created to provide more > targeted satisfaction of customer needs. > > Further information on these services and how to subscribe is below. > > - The format of emails from the existing alert service, Sophos Alert > System, will change in January 2008 in line with the new alert > service, Sophos Update Alert. > > - The existing alert service, Sophos Alert System, will then cease to > send update alerts from March 2008. > > Subscribers are encouraged to sign up to one of the three new mailing > lists above should they wish to continue to receive this information. > > On subscribing to one or more of the above mailing lists, you will > automatically be removed from the current update alert service. > > The new email services are: > > Sophos Update Alert > ------------------- > Subscription to this service will continue to provide an alert > following the release of a new virus update. As the number of virus > updates increases, so will the number of update alerts received > increase. This new alert email will not contain information about > the update itself, only announcing that an update has taken place. > > To subscribe to this service please send an email to: > updatealert-subscribe@lists.sophos.com > > Sophos Daily Update Digest > -------------------------- > This email is for those customers wanting basic information about > recent identity updates. Initially this subscription will simply > provide a link to www.sophos.com/downloads/ide. > From March, this email will provide subscribers with a daily digest > about the updates released in the previous 24 hours. This > information can also be viewed by subscribing to our RSS feeds > (www.sophos.com/feeds). > > To subscribe to this service please send an email to: > updatedigest-subscribe@lists.sophos.com > > Sophos Protection News > ---------------------- > This newsletter will be a regular review of the updates released over > the previous month, providing some statistics and analysis of these > releases. This information will also be found on the SophosLabs blog > which provides an easy way of keeping abreast of the very latest > information about malware seen by our global network of analysts. > This mailing list will also be used by SophosLabs to send out any > urgent notifications about malware outbreaks where significant action > should be taken. > > To subscribe to this service please send an email to: > protection-subscribe@lists.sophos.com > > Should you have any questions about these changes, please contact your > technical support representative. > > Regards, > > Sophos > > > ---- > To unsubscribe, email: notification-unsubscribe@lists.sophos.com > For additional commands, email: notification-faq@lists.sophos.com ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From serhan at medianova.tv Wed Jan 9 16:47:20 2008 From: serhan at medianova.tv (Serhan Sevim) Date: Wed Jan 9 09:47:45 2008 Subject: SA scores Message-ID: <001901c852df$51e8e020$f5baa060$@tv> Hello guys, I'm trying to bump up the SA scores in the spam.assassin.prefs.conf file as seen below. I make the modifications,restart MailScanner, receive few spam and still see BAYES_99 score as 3.5, any ideas? Thanks. Serhan. score BAYES_00 -6.0 score BAYES_05 -3.0 score BAYES_95 5.0 score BAYES_99 6.0 score RCVD_IN_BL_SPAMCOP_NET 4 From walter.muellner at noevers.at Wed Jan 9 11:21:44 2008 From: walter.muellner at noevers.at (Muellner, Walter) Date: Wed Jan 9 11:21:53 2008 Subject: Rules for Send Notices Message-ID: <95761973A0D5414BAAD5339E80D16CC52D456A@dc3.noe.vers> > Hey all, > > first of all i'd like to thank you for this great piece of software. We are using it > since a while now and never had bigger problems. > > But since the release of clamav with enabled anti-phishing features I encountered > a small problem with my config: Before the newer clamav releases "Send Notices" > was set to yes and I only got messages about viruses, dangerous content, blocked > attachments an so on, but then I got a notice for all mails seen as spam by > clamav (many, many mails a day). > > > I searched the net and the list archive and tried to create a rules file for not getting > virus notices any more - this is the content of this rules file: > ---------------------------------------------- > Virus: default no > Filename: default yes > Dangerous Content: default yes > FromOrTo: default yes > ---------------------------------------------- > > > But when I start MailScanner the following log entries show off: > > Jan 8 12:26:12 mail MailScanner[10810]: Syntax error in first field in line 2 of ruleset /etc/MailScanner/sendnotices.rules.conf > Jan 8 12:26:12 mail MailScanner[10810]: Syntax error in first field in line 3 of ruleset /etc/MailScanner/sendnotices.rules.conf > > > I also tried a few modifications but with no luck, when I just used a file like > ---------------------------------------------- > Virus: default no > FromOrTo: default yes > ---------------------------------------------- > I still get virus notices. > > > My MailScanner version is 4.65.3 - clamav is at 0.92 > > > Could someone please help me with that configuration problem? > > Walter M?llner From martinh at solidstatelogic.com Wed Jan 9 12:38:08 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jan 9 12:38:25 2008 Subject: SA scores In-Reply-To: <001901c852df$51e8e020$f5baa060$@tv> Message-ID: <556d1564ed6b06489fe1e777b231379b@solidstatelogic.com> Check the symbolic link from /etc/mail/spamassassin/mailscanner.cf points at the spam.assassin.prefs.conf file. Make sure you're not running calling SA outside of MS (not that that should make any difference if the above is true. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > Sent: 09 January 2008 16:47 > To: mailscanner@lists.mailscanner.info > Subject: SA scores > > Hello guys, > I'm trying to bump up the SA scores in the spam.assassin.prefs.conf file > as > seen below. > I make the modifications,restart MailScanner, receive few spam and still > see > BAYES_99 score as 3.5, any ideas? > Thanks. > Serhan. > > score BAYES_00 -6.0 > score BAYES_05 -3.0 > score BAYES_95 5.0 > score BAYES_99 6.0 > score RCVD_IN_BL_SPAMCOP_NET 4 > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From serhan at medianova.tv Wed Jan 9 20:07:01 2008 From: serhan at medianova.tv (Serhan Sevim) Date: Wed Jan 9 13:07:21 2008 Subject: SA scores In-Reply-To: <556d1564ed6b06489fe1e777b231379b@solidstatelogic.com> References: <001901c852df$51e8e020$f5baa060$@tv> <556d1564ed6b06489fe1e777b231379b@solidstatelogic.com> Message-ID: <000901c852fb$34c93690$9e5ba3b0$@tv> Alright, I think I do have a bigger problem here. My MailScanner installation doesn't seem to include mailscanner.cf anywhere in the server. How come? Serhan. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: Wednesday, January 09, 2008 7:38 AM > To: MailScanner discussion > Subject: RE: SA scores > > > > Check the symbolic link from /etc/mail/spamassassin/mailscanner.cf > points at the spam.assassin.prefs.conf file. > > Make sure you're not running calling SA outside of MS (not that that > should make any difference if the above is true. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > > Sent: 09 January 2008 16:47 > > To: mailscanner@lists.mailscanner.info > > Subject: SA scores > > > > Hello guys, > > I'm trying to bump up the SA scores in the spam.assassin.prefs.conf > file > > as > > seen below. > > I make the modifications,restart MailScanner, receive few spam and > still > > see > > BAYES_99 score as 3.5, any ideas? > > Thanks. > > Serhan. > > > > score BAYES_00 -6.0 > > score BAYES_05 -3.0 > > score BAYES_95 5.0 > > score BAYES_99 6.0 > > score RCVD_IN_BL_SPAMCOP_NET 4 > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Wed Jan 9 13:14:08 2008 From: uxbod at splatnix.net (UxBoD) Date: Wed Jan 9 13:14:31 2008 Subject: SA scores In-Reply-To: <000901c852fb$34c93690$9e5ba3b0$@tv> Message-ID: <25820485.3101199884448541.JavaMail.root@office.splatnix.net> if you have a default SA installation you should have something like this in /etc/mail/spamassassin :- lrwxrwxrwx 1 root root 41 Oct 3 04:36 mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf if not then just do the following :- (cd /etc/mail/spamassassin; ln -s /etc/MailScanner/spam.assassin.prefs.conf mailscanner.cf) Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Serhan Sevim" To: "MailScanner discussion" Sent: 09 January 2008 20:07:01 o'clock (GMT) Europe/London Subject: RE: SA scores Alright, I think I do have a bigger problem here. My MailScanner installation doesn't seem to include mailscanner.cf anywhere in the server. How come? Serhan. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: Wednesday, January 09, 2008 7:38 AM > To: MailScanner discussion > Subject: RE: SA scores > > > > Check the symbolic link from /etc/mail/spamassassin/mailscanner.cf > points at the spam.assassin.prefs.conf file. > > Make sure you're not running calling SA outside of MS (not that that > should make any difference if the above is true. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > > Sent: 09 January 2008 16:47 > > To: mailscanner@lists.mailscanner.info > > Subject: SA scores > > > > Hello guys, > > I'm trying to bump up the SA scores in the spam.assassin.prefs.conf > file > > as > > seen below. > > I make the modifications,restart MailScanner, receive few spam and > still > > see > > BAYES_99 score as 3.5, any ideas? > > Thanks. > > Serhan. > > > > score BAYES_00 -6.0 > > score BAYES_05 -3.0 > > score BAYES_95 5.0 > > score BAYES_99 6.0 > > score RCVD_IN_BL_SPAMCOP_NET 4 > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Wed Jan 9 13:34:41 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jan 9 13:39:20 2008 Subject: MailScanner on yum repository In-Reply-To: <477FDE32.7030509@vanderkooij.org> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local>, <477FDE32.7030509@vanderkooij.org> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D16@server02.bhl.local> From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij [hvdkooij@vanderkooij.org] Sent: 05 January 2008 19:44 To: MailScanner discussion Subject: Re: MailScanner on yum repository -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Ede wrote: > Hugo, > > > > When do you plan to put 4.66 onto the yum respository? Who knows. I am still not clear on what works best. But I would say it is rather obvious I would prefer to have a yum repository on the MailSanner site if none of the regular repositories are willing to pick it up. I allready forwarded the manual to create a repository to Jules. And it is small enough to fit on one of those annoying yellow sticky pieces of papers some people will stick to their monitor. But there is the problem of dependencies. So far I have come up with the following scenarios: 1. Forget about it. Not realy what I wish for but it is an option that must be listed just for arguments sake. 2. Use a minimal set of packages in the repository and rely on other repositories. That might break things every now and again untill it is fixed in a new beta and official release in due time. A partial fix is to be more strict on which packages are acceptable by adding more version checks. Something like: Requires: perl-MailTools >= 1.7, perl-MailTools < 2.0 (This should forbid one to install a 2.x version.) Or use a very strict list of tested version. So in this case it would read: Requires: perl-MailTools = 1.77 3. Use a big repository and add tested package that are working well with RHEL/Centos for example and just use that repository next to RHEL/Centos itself. No more need to add another repository. At this point both options 2 and 3 have their own merits and challenges. I tend to lean towards option 2 as it is propably much less work in the long run. - I personally prefer option 2 and I think specifying min and max versions of libraries would be a good idea as it would solve most of the I've just updated and MailScanner doesn't work issues. As you've set one up already how much work is it to update the repository with a new release once it comes out? I'm guessing as long as the requirements don't change too much that its a relatively trivial task that can be automated to some extent? Jason From martinh at solidstatelogic.com Wed Jan 9 13:44:36 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jan 9 13:44:50 2008 Subject: SA scores In-Reply-To: <000901c852fb$34c93690$9e5ba3b0$@tv> Message-ID: What version of mailscanner??? This came in quite along time ago.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > Sent: 09 January 2008 20:07 > To: MailScanner discussion > Subject: RE: SA scores > > Alright, I think I do have a bigger problem here. My MailScanner > installation doesn't seem to include mailscanner.cf anywhere in the > server. > How come? > Serhan. > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > > Sent: Wednesday, January 09, 2008 7:38 AM > > To: MailScanner discussion > > Subject: RE: SA scores > > > > > > > > Check the symbolic link from /etc/mail/spamassassin/mailscanner.cf > > points at the spam.assassin.prefs.conf file. > > > > Make sure you're not running calling SA outside of MS (not that that > > should make any difference if the above is true. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > > > Sent: 09 January 2008 16:47 > > > To: mailscanner@lists.mailscanner.info > > > Subject: SA scores > > > > > > Hello guys, > > > I'm trying to bump up the SA scores in the spam.assassin.prefs.conf > > file > > > as > > > seen below. > > > I make the modifications,restart MailScanner, receive few spam and > > still > > > see > > > BAYES_99 score as 3.5, any ideas? > > > Thanks. > > > Serhan. > > > > > > score BAYES_00 -6.0 > > > score BAYES_05 -3.0 > > > score BAYES_95 5.0 > > > score BAYES_99 6.0 > > > score RCVD_IN_BL_SPAMCOP_NET 4 > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From serhan at medianova.tv Wed Jan 9 21:36:30 2008 From: serhan at medianova.tv (Serhan Sevim) Date: Wed Jan 9 14:36:49 2008 Subject: SA scores In-Reply-To: References: <000901c852fb$34c93690$9e5ba3b0$@tv> Message-ID: <001d01c85307$b527a590$1f76f0b0$@tv> Version 4.65.3 Symlink tip solved the problem. Thanks! Serhan. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: Wednesday, January 09, 2008 8:45 AM > To: MailScanner discussion > Subject: RE: SA scores > > What version of mailscanner??? > > This came in quite along time ago.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > > Sent: 09 January 2008 20:07 > > To: MailScanner discussion > > Subject: RE: SA scores > > > > Alright, I think I do have a bigger problem here. My MailScanner > > installation doesn't seem to include mailscanner.cf anywhere in the > > server. > > How come? > > Serhan. > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > > > Sent: Wednesday, January 09, 2008 7:38 AM > > > To: MailScanner discussion > > > Subject: RE: SA scores > > > > > > > > > > > > Check the symbolic link from /etc/mail/spamassassin/mailscanner.cf > > > points at the spam.assassin.prefs.conf file. > > > > > > Make sure you're not running calling SA outside of MS (not that > that > > > should make any difference if the above is true. > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > > > bounces@lists.mailscanner.info] On Behalf Of Serhan Sevim > > > > Sent: 09 January 2008 16:47 > > > > To: mailscanner@lists.mailscanner.info > > > > Subject: SA scores > > > > > > > > Hello guys, > > > > I'm trying to bump up the SA scores in the > spam.assassin.prefs.conf > > > file > > > > as > > > > seen below. > > > > I make the modifications,restart MailScanner, receive few spam > and > > > still > > > > see > > > > BAYES_99 score as 3.5, any ideas? > > > > Thanks. > > > > Serhan. > > > > > > > > score BAYES_00 -6.0 > > > > score BAYES_05 -3.0 > > > > score BAYES_95 5.0 > > > > score BAYES_99 6.0 > > > > score RCVD_IN_BL_SPAMCOP_NET 4 > > > > > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > ********************************************************************** > > > Confidentiality : This e-mail and any attachments are intended for > the > > > addressee only and may be confidential. If they come to you in > error > > > you must take no action based on them, nor must you copy or show > them > > > to anyone. Please advise the sender by replying to this e-mail > > > immediately and then delete the original from your computer. > > > Opinion : Any opinions expressed in this e-mail are entirely those > of > > > the author and unless specifically stated to the contrary, are not > > > necessarily those of the author's employer. > > > Security Warning : Internet e-mail is not necessarily a secure > > > communications medium and can be subject to data corruption. We > advise > > > that you consider this fact when e-mailing us. > > > Viruses : We have taken steps to ensure that this e-mail and any > > > attachments are free from known viruses but in keeping with good > > > computing practice, you should ensure that they are virus free. > > > > > > Red Lion 49 Ltd T/A Solid State Logic > > > Registered as a limited company in England and Wales > > > (Company No:5362730) > > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > > United Kingdom > > > > ********************************************************************** > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Wed Jan 9 14:45:09 2008 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 9 14:45:35 2008 Subject: MailScanner on yum repository In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D16@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local>, <477FDE32.7030509@vanderkooij.org> <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D16@server02.bhl.local> Message-ID: <4784DDF5.1070601@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo, I have to admit I can't find the instructions you sent me, sorry. We need to solve the dependency problem; if I set up a repo, people are going to use it, and they are going to assume that it works perfectly. So we need these problems solved first. Any thoughts? Jules. Jason Ede wrote: > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij [hvdkooij@vanderkooij.org] > Sent: 05 January 2008 19:44 > To: MailScanner discussion > Subject: Re: MailScanner on yum repository > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jason Ede wrote: > >> Hugo, >> >> >> >> When do you plan to put 4.66 onto the yum respository? >> > > Who knows. I am still not clear on what works best. But I would say it > is rather obvious I would prefer to have a yum repository on the > MailSanner site if none of the regular repositories are willing to pick > it up. > > I allready forwarded the manual to create a repository to Jules. And it > is small enough to fit on one of those annoying yellow sticky pieces of > papers some people will stick to their monitor. > > But there is the problem of dependencies. So far I have come up with the > following scenarios: > > > 1. Forget about it. Not realy what I wish for but it is an option that > must be listed just for arguments sake. > > > 2. Use a minimal set of packages in the repository and rely on other > repositories. That might break things every now and again untill it is > fixed in a new beta and official release in due time. > > A partial fix is to be more strict on which packages are acceptable by > adding more version checks. Something like: > Requires: perl-MailTools >= 1.7, perl-MailTools < 2.0 > (This should forbid one to install a 2.x version.) > > Or use a very strict list of tested version. So in this case it would read: > Requires: perl-MailTools = 1.77 > > > 3. Use a big repository and add tested package that are working well > with RHEL/Centos for example and just use that repository next to > RHEL/Centos itself. No more need to add another repository. > > > At this point both options 2 and 3 have their own merits and challenges. > I tend to lean towards option 2 as it is propably much less work in the > long run. > > - > > I personally prefer option 2 and I think specifying min and max versions of libraries would be a good idea as it would solve most of the I've just updated and MailScanner doesn't work issues. > > As you've set one up already how much work is it to update the repository with a new release once it comes out? I'm guessing as long as the requirements don't change too much that its a relatively trivial task that can be automated to some extent? > > Jason > Jules - -- Julian Field MBCS CITP CEng jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHhN32EfZZRxQVtlQRAogEAKDdroiyeNtx6gRTrVXrT6FNA/WjqwCggs5y PnJQ/2r0c33PAavYUQcBdCQ= =BFqa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 9 14:46:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 9 14:46:41 2008 Subject: MailScanner on yum repository In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D16@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local>, <477FDE32.7030509@vanderkooij.org> <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D16@server02.bhl.local> Message-ID: <4784DE3B.7070408@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo, I have to admit I can't find the instructions you sent me, sorry. We need to solve the dependency problem; if I set up a repo, people are going to use it, and they are going to assume that it works perfectly. So we need these problems solved first. Any thoughts? Jules. Jason Ede wrote: > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij [hvdkooij@vanderkooij.org] > Sent: 05 January 2008 19:44 > To: MailScanner discussion > Subject: Re: MailScanner on yum repository > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jason Ede wrote: > >> Hugo, >> >> >> >> When do you plan to put 4.66 onto the yum respository? >> > > Who knows. I am still not clear on what works best. But I would say it > is rather obvious I would prefer to have a yum repository on the > MailSanner site if none of the regular repositories are willing to pick > it up. > > I allready forwarded the manual to create a repository to Jules. And it > is small enough to fit on one of those annoying yellow sticky pieces of > papers some people will stick to their monitor. > > But there is the problem of dependencies. So far I have come up with the > following scenarios: > > > 1. Forget about it. Not realy what I wish for but it is an option that > must be listed just for arguments sake. > > > 2. Use a minimal set of packages in the repository and rely on other > repositories. That might break things every now and again untill it is > fixed in a new beta and official release in due time. > > A partial fix is to be more strict on which packages are acceptable by > adding more version checks. Something like: > Requires: perl-MailTools >= 1.7, perl-MailTools < 2.0 > (This should forbid one to install a 2.x version.) > > Or use a very strict list of tested version. So in this case it would read: > Requires: perl-MailTools = 1.77 > > > 3. Use a big repository and add tested package that are working well > with RHEL/Centos for example and just use that repository next to > RHEL/Centos itself. No more need to add another repository. > > > At this point both options 2 and 3 have their own merits and challenges. > I tend to lean towards option 2 as it is propably much less work in the > long run. > > - > > I personally prefer option 2 and I think specifying min and max versions of libraries would be a good idea as it would solve most of the I've just updated and MailScanner doesn't work issues. > > As you've set one up already how much work is it to update the repository with a new release once it comes out? I'm guessing as long as the requirements don't change too much that its a relatively trivial task that can be automated to some extent? > > Jason > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHhN48EfZZRxQVtlQRAmiCAKDRfN1S2RNF0weCuZ1t7g8K56Z3MwCgi5+o b+X4PJemQnUiKG23oJybJ/o= =6vBh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From clacroix at cegep-ste-foy.qc.ca Wed Jan 9 15:31:29 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Jan 9 15:31:38 2008 Subject: MailScanner on yum repository In-Reply-To: <4784DE3B.7070408@ecs.soton.ac.uk> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561B22@server02.bhl.local>, <477FDE32.7030509@vanderkooij.org> <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D16@server02.bhl.local> <4784DE3B.7070408@ecs.soton.ac.uk> Message-ID: <4784E8D1.9070107@cegep-ste-foy.qc.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hugo, > > I have to admit I can't find the instructions you sent me, sorry. > We need to solve the dependency problem; if I set up a repo, people are > going to use it, and they are going to assume that it works perfectly. > So we need these problems solved first. > Any thoughts? > > Jules. > > > Jason Ede wrote: > >> From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij [hvdkooij@vanderkooij.org] >> Sent: 05 January 2008 19:44 >> To: MailScanner discussion >> Subject: Re: MailScanner on yum repository >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Jason Ede wrote: >> >> >>> Hugo, >>> >>> >>> >>> When do you plan to put 4.66 onto the yum respository? >>> >>> >> Who knows. I am still not clear on what works best. But I would say it >> is rather obvious I would prefer to have a yum repository on the >> MailSanner site if none of the regular repositories are willing to pick >> it up. >> >> I allready forwarded the manual to create a repository to Jules. And it >> is small enough to fit on one of those annoying yellow sticky pieces of >> papers some people will stick to their monitor. >> >> But there is the problem of dependencies. So far I have come up with the >> following scenarios: >> >> >> 1. Forget about it. Not realy what I wish for but it is an option that >> must be listed just for arguments sake. >> >> >> 2. Use a minimal set of packages in the repository and rely on other >> repositories. That might break things every now and again untill it is >> fixed in a new beta and official release in due time. >> >> A partial fix is to be more strict on which packages are acceptable by >> adding more version checks. Something like: >> Requires: perl-MailTools >= 1.7, perl-MailTools < 2.0 >> (This should forbid one to install a 2.x version.) >> >> Or use a very strict list of tested version. So in this case it would read: >> Requires: perl-MailTools = 1.77 >> >> >> 3. Use a big repository and add tested package that are working well >> with RHEL/Centos for example and just use that repository next to >> RHEL/Centos itself. No more need to add another repository. >> >> >> At this point both options 2 and 3 have their own merits and challenges. >> I tend to lean towards option 2 as it is propably much less work in the >> long run. >> >> - >> >> I personally prefer option 2 and I think specifying min and max versions of libraries would be a good idea as it would solve most of the I've just updated and MailScanner doesn't work issues. >> >> As you've set one up already how much work is it to update the repository with a new release once it comes out? I'm guessing as long as the requirements don't change too much that its a relatively trivial task that can be automated to some extent? >> >> Jason >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHhN48EfZZRxQVtlQRAmiCAKDRfN1S2RNF0weCuZ1t7g8K56Z3MwCgi5+o > b+X4PJemQnUiKG23oJybJ/o= > =6vBh > -----END PGP SIGNATURE----- > > I have an extra server i can trash/reinstall/do whatever if we need to test dependencies, i really like the idea of installing mailscanner as a bundle of rpm's so i can put in some time trying this out. later, charles From ka at pacific.net Wed Jan 9 17:08:53 2008 From: ka at pacific.net (Ken Anderson) Date: Wed Jan 9 17:09:08 2008 Subject: sanesecurity 403s ? Message-ID: <4784FFA5.1000300@pacific.net> Anyone else seeing 403s on sanesecurity clamav sigs or have any info about this? I can't get to the site either (403 also). Thanks, Ken Anderson Pacific.Net From ssilva at sgvwater.com Wed Jan 9 17:42:55 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 9 17:41:44 2008 Subject: sanesecurity 403s ? In-Reply-To: <4784FFA5.1000300@pacific.net> References: <4784FFA5.1000300@pacific.net> Message-ID: on 1/9/2008 9:08 AM Ken Anderson spake the following: > Anyone else seeing 403s on sanesecurity clamav sigs or have any info > about this? I can't get to the site either (403 also). > Thanks, > Ken Anderson > Pacific.Net I can get to the site, but get a 403 if I click on a download link. But my scripts seem to be working. So rsync downloads still work. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ricky.boone at gmail.com Wed Jan 9 18:07:00 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Wed Jan 9 18:07:10 2008 Subject: sanesecurity 403s ? In-Reply-To: <4784FFA5.1000300@pacific.net> References: <4784FFA5.1000300@pacific.net> Message-ID: <7d9a8b360801091007o6d44519fv73a6677cb714a0ef@mail.gmail.com> On Jan 9, 2008 12:08 PM, Ken Anderson wrote: > Anyone else seeing 403s on sanesecurity clamav sigs or have any info > about this? I can't get to the site either (403 also). I'm getting HTTP 403 errors when hitting http://sanesecurity.com/, however the other site at http://sanesecurity.co.uk/ is still working. I guess if your scripts pull from the .com address, you should be able to change them to .co.uk... they seem to be synonymous. From uxbod at splatnix.net Wed Jan 9 18:21:48 2008 From: uxbod at splatnix.net (UxBoD) Date: Wed Jan 9 18:21:59 2008 Subject: sanesecurity 403s ? In-Reply-To: <7d9a8b360801091007o6d44519fv73a6677cb714a0ef@mail.gmail.com> Message-ID: <22603708.3611199902908016.JavaMail.root@office.splatnix.net> looks like a problem with the virtual host as http://91.103.216.238/ does respond okay. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Ricky Boone" To: "MailScanner discussion" Sent: 09 January 2008 18:07:00 o'clock (GMT) Europe/London Subject: Re: sanesecurity 403s ? On Jan 9, 2008 12:08 PM, Ken Anderson wrote: > Anyone else seeing 403s on sanesecurity clamav sigs or have any info > about this? I can't get to the site either (403 also). I'm getting HTTP 403 errors when hitting http://sanesecurity.com/, however the other site at http://sanesecurity.co.uk/ is still working. I guess if your scripts pull from the .com address, you should be able to change them to .co.uk... they seem to be synonymous. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From axisml at gmail.com Wed Jan 9 18:24:07 2008 From: axisml at gmail.com (AxisInternet) Date: Wed Jan 9 18:24:18 2008 Subject: sanesecurity 403s ? In-Reply-To: <7d9a8b360801091007o6d44519fv73a6677cb714a0ef@mail.gmail.com> References: <4784FFA5.1000300@pacific.net> <7d9a8b360801091007o6d44519fv73a6677cb714a0ef@mail.gmail.com> Message-ID: <47851147.9090608@gmail.com> Ricky Boone wrote: > On Jan 9, 2008 12:08 PM, Ken Anderson wrote: >> Anyone else seeing 403s on sanesecurity clamav sigs or have any info >> about this? I can't get to the site either (403 also). > > I'm getting HTTP 403 errors when hitting http://sanesecurity.com/, > however the other site at http://sanesecurity.co.uk/ is still working. > I guess if your scripts pull from the .com address, you should be > able to change them to .co.uk... they seem to be synonymous. I just changed my script to use the co.uk in the URL and it does still fail with the 403 error. They are returning: 403 Forbidden

Forbidden

You don't have permission to access /clamav/mirrors/phish.ndb.gz on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. From ricky.boone at gmail.com Wed Jan 9 18:51:03 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Wed Jan 9 18:51:14 2008 Subject: sanesecurity 403s ? In-Reply-To: <47851147.9090608@gmail.com> References: <4784FFA5.1000300@pacific.net> <7d9a8b360801091007o6d44519fv73a6677cb714a0ef@mail.gmail.com> <47851147.9090608@gmail.com> Message-ID: <7d9a8b360801091051y15984144k40698f09d63c4b73@mail.gmail.com> On Jan 9, 2008 1:24 PM, AxisInternet wrote: > I just changed my script to use the co.uk in the URL and it does still fail > with the 403 error. They are returning: > > ... You don't have permission to access /clamav/mirrors/phish.ndb.gz > on this server ... When I do an HTTP GET against the URL listed on the working site, with a modified TLD to .co.uk (http://www.sanesecurity.co.uk/clamav/phishsigs/phish.ndb.gz), it works. It does appear that they are performing an HTTP 302 redirect on that URL to other servers, however. Here is an example: $ curl -v http://www.sanesecurity.co.uk/clamav/phishsigs/phish.ndb.gz > /dev/null * About to connect() to www.sanesecurity.co.uk port 80 (#0) * Trying 91.103.216.86... connected * Connected to www.sanesecurity.co.uk (91.103.216.86) port 80 (#0) > GET /clamav/phishsigs/phish.ndb.gz HTTP/1.1 > User-Agent: curl/7.17.1 (x86_64-redhat-linux-gnu) libcurl/7.17.1 NSS/3.11.7.1 zlib/1.2.3 libidn/0.6.14 > Host: www.sanesecurity.co.uk > Accept: */* > < HTTP/1.1 302 < Date: Wed, 09 Jan 2008 18:49:05 GMT < Server: Apache 3 - HOSTMerit < X-Powered-By: PHP/4.4.7 < Location: http://mirror.is.co.za/mirror/sanesecurity.com/clamav/phish.ndb.gz < Transfer-Encoding: chunked < Content-Type: text/html From ka at pacific.net Wed Jan 9 18:55:35 2008 From: ka at pacific.net (Ken A) Date: Wed Jan 9 18:55:48 2008 Subject: sanesecurity 403s ? In-Reply-To: References: <4784FFA5.1000300@pacific.net> Message-ID: <478518A7.8000504@pacific.net> Scott Silva wrote: > on 1/9/2008 9:08 AM Ken Anderson spake the following: >> Anyone else seeing 403s on sanesecurity clamav sigs or have any info >> about this? I can't get to the site either (403 also). >> Thanks, >> Ken Anderson >> Pacific.Net > I can get to the site, but get a 403 if I click on a download link. > But my scripts seem to be working. So rsync downloads still work. > Working now, using the .co.uk tld, which redirects to a mirror. Didn't know there was an rsync url. Thanks, Ken -- Ken Anderson Pacific.Net From uxbod at splatnix.net Wed Jan 9 18:55:52 2008 From: uxbod at splatnix.net (UxBoD) Date: Wed Jan 9 18:56:16 2008 Subject: Fwd: Website In-Reply-To: <4785184A.6020203@sanesecurity.co.uk> Message-ID: <18183387.3701199904952035.JavaMail.root@office.splatnix.net> FYI Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Forwarded Message ----- From: "Steve Basford" To: uxbod@splatnix.net Sent: 09 January 2008 18:54:02 o'clock (GMT) Europe/London Subject: Re: Website UxBoD wrote: > Hi Steve, > > Appears to be a problem with your .com website at the moment ? It is being reported a lot on different mailing lists at the moment. > > Best Regards and a Happy New Year. Keep up the excellent work you are doing. > > > Hi, Seems like a problem with the server; waiting to chat with the server support people online now.... Mirror site working at the moment: http://www.sanesecurity.co.uk/clamav/ Download Urls: http://www.sanesecurity.co.uk/clamav/phishsigs/phish.ndb.gz http://www.sanesecurity.co.uk/clamav/scamsigs/scam.ndb.gz Thanks for the report. Steve -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From axisml at gmail.com Wed Jan 9 19:06:52 2008 From: axisml at gmail.com (AxisInternet) Date: Wed Jan 9 19:07:04 2008 Subject: sanesecurity 403s ? In-Reply-To: <478518A7.8000504@pacific.net> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> Message-ID: <47851B4C.80001@gmail.com> Ken A wrote: >> I can get to the site, but get a 403 if I click on a download link. >> But my scripts seem to be working. So rsync downloads still work. >> > > Working now, using the .co.uk tld, which redirects to a mirror. > Didn't know there was an rsync url. Still seeing it fail here - both using .com and .co.uk.... Chris From ricky.boone at gmail.com Wed Jan 9 19:11:57 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Wed Jan 9 19:12:13 2008 Subject: sanesecurity 403s ? In-Reply-To: <47851B4C.80001@gmail.com> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> Message-ID: <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> On Jan 9, 2008 2:06 PM, AxisInternet wrote: > Still seeing it fail here - both using .com and .co.uk.... Check your URL... The one that is working is . Your's appears to have an invalid path: /clamav/mirrors/phish.ndb.gz ... should be ... /clamav/phishsigs/phish.ndb.gz From axisml at gmail.com Wed Jan 9 19:20:34 2008 From: axisml at gmail.com (AxisInternet) Date: Wed Jan 9 19:20:46 2008 Subject: sanesecurity 403s ? In-Reply-To: <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> Message-ID: <47851E82.3080700@gmail.com> Ricky Boone wrote: > On Jan 9, 2008 2:06 PM, AxisInternet wrote: >> Still seeing it fail here - both using .com and .co.uk.... > > Check your URL... The one that is working is > . Your's > appears to have an invalid path: > > /clamav/mirrors/phish.ndb.gz > > ... should be ... > > /clamav/phishsigs/phish.ndb.gz Here's what I have in the scamp.sh script: http://www.sanesecurity.co.uk/clamav/phishsigs/phish.ndb.gz http://www.sanesecurity.co.uk/clamav/scamsigs/scam.ndb.gz which is changed only from: http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz Chris From axisml at gmail.com Wed Jan 9 19:26:08 2008 From: axisml at gmail.com (AxisInternet) Date: Wed Jan 9 19:26:20 2008 Subject: sanesecurity 403s ? In-Reply-To: <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> Message-ID: <47851FD0.9010508@gmail.com> Ricky Boone wrote: > On Jan 9, 2008 2:06 PM, AxisInternet wrote: >> Still seeing it fail here - both using .com and .co.uk.... > > Check your URL... The one that is working is > . Your's > appears to have an invalid path: > > /clamav/mirrors/phish.ndb.gz > > ... should be ... > > /clamav/phishsigs/phish.ndb.gz It's all OK now with the .co.uk TLD - had to blow away the files in the tmp directory and then the script worked and retrieved the files correctly. Chris From ka at pacific.net Wed Jan 9 19:27:33 2008 From: ka at pacific.net (Ken A) Date: Wed Jan 9 19:27:44 2008 Subject: sanesecurity 403s ? In-Reply-To: <47851E82.3080700@gmail.com> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> <47851E82.3080700@gmail.com> Message-ID: <47852025.6020502@pacific.net> AxisInternet wrote: > Ricky Boone wrote: >> On Jan 9, 2008 2:06 PM, AxisInternet wrote: >>> Still seeing it fail here - both using .com and .co.uk.... >> Check your URL... The one that is working is >> . Your's >> appears to have an invalid path: >> >> /clamav/mirrors/phish.ndb.gz >> >> ... should be ... >> >> /clamav/phishsigs/phish.ndb.gz > > Here's what I have in the scamp.sh script: > > http://www.sanesecurity.co.uk/clamav/phishsigs/phish.ndb.gz > http://www.sanesecurity.co.uk/clamav/scamsigs/scam.ndb.gz > > which is changed only from: > > http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz > http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz > > > Chris > I found that scamp.sh was failing due to the way it was using curl. I commented out the 'which curl' part of the script so it would prefer wget and all works well - after the change to the .co.uk tld. Ken -- Ken Anderson Pacific.Net From ssilva at sgvwater.com Wed Jan 9 19:37:07 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 9 19:37:25 2008 Subject: sanesecurity 403s ? In-Reply-To: <47851FD0.9010508@gmail.com> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> <47851FD0.9010508@gmail.com> Message-ID: on 1/9/2008 11:26 AM AxisInternet spake the following: > Ricky Boone wrote: >> On Jan 9, 2008 2:06 PM, AxisInternet wrote: >>> Still seeing it fail here - both using .com and .co.uk.... >> Check your URL... The one that is working is >> . Your's >> appears to have an invalid path: >> >> /clamav/mirrors/phish.ndb.gz >> >> ... should be ... >> >> /clamav/phishsigs/phish.ndb.gz > > It's all OK now with the .co.uk TLD - had to blow away the files in the tmp > directory and then the script worked and retrieved the files correctly. > > > Chris > Keep the original script, as they wanted people to download from the round-robin http servers only. It should get fixed soon since they have been notified. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gerard at seibercom.net Wed Jan 9 19:43:54 2008 From: gerard at seibercom.net (Gerard) Date: Wed Jan 9 19:44:08 2008 Subject: sanesecurity 403s ? In-Reply-To: <47852025.6020502@pacific.net> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> <47851E82.3080700@gmail.com> <47852025.6020502@pacific.net> Message-ID: <20080109144354.49000bf4@scorpio> On Wed, 09 Jan 2008 13:27:33 -0600 Ken A wrote: > I found that scamp.sh was failing due to the way it was using curl. > I commented out the 'which curl' part of the script so it would > prefer wget and all works well - after the change to the .co.uk tld. Which version of 'scamp.sh' were you using? It shouldn't be causing a problem; however, if it is, I will fix it. Do you have any logging information that I could view? -- Gerard gerard@seibercom.net This screen intentionally left blank. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080109/10a1478c/signature.bin From ka at pacific.net Wed Jan 9 19:53:27 2008 From: ka at pacific.net (Ken A) Date: Wed Jan 9 19:53:37 2008 Subject: sanesecurity 403s ? In-Reply-To: <20080109144354.49000bf4@scorpio> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> <47851E82.3080700@gmail.com> <47852025.6020502@pacific.net> <20080109144354.49000bf4@scorpio> Message-ID: <47852637.2090404@pacific.net> Gerard wrote: > On Wed, 09 Jan 2008 13:27:33 -0600 > Ken A wrote: > >> I found that scamp.sh was failing due to the way it was using curl. >> I commented out the 'which curl' part of the script so it would >> prefer wget and all works well - after the change to the .co.uk tld. > > Which version of 'scamp.sh' were you using? It shouldn't be causing a > problem; however, if it is, I will fix it. Do you have any logging > information that I could view? > > Someone else was able to fix it by removing temp files, it may be related to that and not curl, but I didn't investigate. Perhaps if the script removes temp files that fail to install it wouldn't fail on subsequent runs? Ken -- Ken Anderson Pacific.Net From gerard at seibercom.net Wed Jan 9 20:22:07 2008 From: gerard at seibercom.net (Gerard) Date: Wed Jan 9 20:22:24 2008 Subject: sanesecurity 403s ? In-Reply-To: <47852637.2090404@pacific.net> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> <47851E82.3080700@gmail.com> <47852025.6020502@pacific.net> <20080109144354.49000bf4@scorpio> <47852637.2090404@pacific.net> Message-ID: <20080109152207.3da5a6ae@scorpio> On Wed, 09 Jan 2008 13:53:27 -0600 Ken A wrote: > Someone else was able to fix it by removing temp files, it may be > related to that and not curl, but I didn't investigate. Perhaps if > the script removes temp files that fail to install it wouldn't fail > on subsequent runs? I should probably take this off list. The script does, or at least it is suppose to, delete any failed installations. I have not witnessed any remnants from failed installation on my system. If someone has more information regarding this, I would appreciate seeing it. Presently, I cannot confirm this problem myself. -- Gerard gerard@seibercom.net Let your conscience be your guide. Pope -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080109/28322cd8/signature.bin From uxbod at splatnix.net Wed Jan 9 20:33:09 2008 From: uxbod at splatnix.net (UxBoD) Date: Wed Jan 9 20:33:47 2008 Subject: Fwd: Website In-Reply-To: <47852AA0.7000108@sanesecurity.co.uk> Message-ID: <19492082.3761199910789938.JavaMail.root@office.splatnix.net> FYI Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Forwarded Message ----- From: "Steve Basford" To: uxbod@splatnix.net Sent: 09 January 2008 20:12:16 o'clock (GMT) Europe/London Subject: Re: Website UxBoD wrote: > Hi Steve, > > Wow what a fast response :) Dont work to hard! I have forwarded your reply to the MailScanner list. Many thanks. > FYI, it's now working.... been onto support since my last reply ! :O Cheers, Steve -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Wed Jan 9 20:47:23 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jan 9 20:47:41 2008 Subject: sanesecurity 403s ? In-Reply-To: <20080109152207.3da5a6ae@scorpio> References: <4784FFA5.1000300@pacific.net> <47852637.2090404@pacific.net> <20080109152207.3da5a6ae@scorpio> Message-ID: <200801091547.24000.dyioulos@firstbhph.com> On Wednesday 09 January 2008 3:22 pm, Gerard wrote: > On Wed, 09 Jan 2008 13:53:27 -0600 > > Ken A wrote: > > Someone else was able to fix it by removing temp files, it may be > > related to that and not curl, but I didn't investigate. Perhaps if > > the script removes temp files that fail to install it wouldn't fail > > on subsequent runs? > > I should probably take this off list. > > The script does, or at least it is suppose to, delete any failed > installations. I have not witnessed any remnants from failed > installation on my system. If someone has more information regarding > this, I would appreciate seeing it. Presently, I cannot confirm this > problem myself. Gerard, The script works fine here, without any modification. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Wed Jan 9 21:21:52 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jan 9 21:22:20 2008 Subject: SA scores In-Reply-To: <001901c852df$51e8e020$f5baa060$@tv> References: <001901c852df$51e8e020$f5baa060$@tv> Message-ID: <47853AF0.8080701@evi-inc.com> Serhan Sevim wrote: > Hello guys, > I'm trying to bump up the SA scores in the spam.assassin.prefs.conf file as > seen below. > I make the modifications,restart MailScanner, receive few spam and still see > BAYES_99 score as 3.5, any ideas? Is your spam.assassin.prefs.conf a symlink to /etc/mail/spamassassin/mailscanner.cf? If not, it's probably not being used at all. > score BAYES_00 -6.0 > score BAYES_05 -3.0 > score BAYES_95 5.0 > score BAYES_99 6.0 Side note: I'd recommend against such dramatic scores for the bayes rules. Bayes_99, by definition, can have up to a 1% false positive rate. In practice it's generally a lot better.. but.. From r.berber at computer.org Wed Jan 9 22:37:19 2008 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Wed Jan 9 22:37:47 2008 Subject: sanesecurity 403s ? In-Reply-To: <20080109152207.3da5a6ae@scorpio> References: <4784FFA5.1000300@pacific.net> <478518A7.8000504@pacific.net> <47851B4C.80001@gmail.com> <7d9a8b360801091111k13102b36ha4080a808cdae749@mail.gmail.com> <47851E82.3080700@gmail.com> <47852025.6020502@pacific.net> <20080109144354.49000bf4@scorpio> <47852637.2090404@pacific.net> <20080109152207.3da5a6ae@scorpio> Message-ID: Gerard wrote: > On Wed, 09 Jan 2008 13:53:27 -0600 > Ken A wrote: > >> Someone else was able to fix it by removing temp files, it may be >> related to that and not curl, but I didn't investigate. Perhaps if >> the script removes temp files that fail to install it wouldn't fail >> on subsequent runs? > > I should probably take this off list. > > The script does, or at least it is suppose to, delete any failed > installations. I have not witnessed any remnants from failed > installation on my system. If someone has more information regarding > this, I would appreciate seeing it. Presently, I cannot confirm this > problem myself. The script works fine when Sanesecurity's site/mirror returns a 403 html error message. This was recently, some time ago I saw a download problem message, and the script had no problem with it, I'm not sure if the older problem was also a html message instead of the signatures file. Somebody on this thread mentioned that the problem was the way curl was used, and that using wget was his solution... perhaps he can expand on what is the exact problem with curl, what version of curl, etc. Regards. -- Ren? Berber From gmane at tippingmar.com Thu Jan 10 01:51:46 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Thu Jan 10 01:52:04 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <99874cd41efba942bd396246f31676c1@solidstatelogic.com> References: <99874cd41efba942bd396246f31676c1@solidstatelogic.com> Message-ID: Martin.Hepworth wrote: > Sophos are changing the way updates happen. I guess changes needed at MS end somehow???? Version 5 and 6 of sophos have built-in updating (that MailScanner's sophos-autoupdate triggers), so they should continue working. Version 4 may be a problem, since sophos-autoupdate does download IDE files for that, but surely no one is still using version 4 are they? Mark From martinh at solidstatelogic.com Thu Jan 10 08:40:58 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jan 10 08:41:12 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: Message-ID: Mark Yes - those still running Unix (freebsd etc). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Mark Nienberg > Sent: 10 January 2008 01:52 > To: mailscanner@lists.mailscanner.info > Subject: Re: FW: IMPORTANT - Termination of this subscription - REMINDER > > Martin.Hepworth wrote: > > > Sophos are changing the way updates happen. I guess changes needed at MS > end somehow???? > > > Version 5 and 6 of sophos have built-in updating (that MailScanner's > sophos-autoupdate triggers), so they should continue working. Version 4 > may be a problem, since sophos-autoupdate does download IDE files for > that, but surely no one is still using version 4 are they? > > Mark > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Thu Jan 10 08:50:23 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jan 10 08:50:34 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: Message-ID: Hmm looks there's a whole new thing to learn - the eminstaller.... ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: 10 January 2008 08:41 > To: MailScanner discussion > Subject: RE: FW: IMPORTANT - Termination of this subscription - REMINDER > > Mark > > Yes - those still running Unix (freebsd etc). > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Mark Nienberg > > Sent: 10 January 2008 01:52 > > To: mailscanner@lists.mailscanner.info > > Subject: Re: FW: IMPORTANT - Termination of this subscription - REMINDER > > > > Martin.Hepworth wrote: > > > > > Sophos are changing the way updates happen. I guess changes needed at > MS > > end somehow???? > > > > > > Version 5 and 6 of sophos have built-in updating (that MailScanner's > > sophos-autoupdate triggers), so they should continue working. Version 4 > > may be a problem, since sophos-autoupdate does download IDE files for > > that, but surely no one is still using version 4 are they? > > > > Mark > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From Denis.Beauchemin at USherbrooke.ca Thu Jan 10 14:49:45 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 10 14:51:41 2008 Subject: ANNOUNCE: Apache SpamAssassin 3.2.4 available In-Reply-To: <478360B1.9050104@ecs.soton.ac.uk> References: <47826263.5090905@maddoc.net> <478360B1.9050104@ecs.soton.ac.uk> Message-ID: <47863089.4060508@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just updated my easy-to-install ClamAV+SpamAssassin package to > contain this new version. > Julian, There is a small error in your install.sh script: you do not cd to $SADIR before attempting to create a backup copy of *.pre files... Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Thu Jan 10 15:10:31 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 10 15:10:51 2008 Subject: ANNOUNCE: Apache SpamAssassin 3.2.4 available In-Reply-To: <47863089.4060508@USherbrooke.ca> References: <47826263.5090905@maddoc.net> <478360B1.9050104@ecs.soton.ac.uk> <47863089.4060508@USherbrooke.ca> Message-ID: <47863567.6070104@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis Beauchemin wrote: > Julian Field a ?crit : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just updated my easy-to-install ClamAV+SpamAssassin package to >> contain this new version. >> > > Julian, > > There is a small error in your install.sh script: you do not cd to > $SADIR before attempting to create a backup copy of *.pre files... Thanks for that. Fixed. > > Denis > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHhjVnEfZZRxQVtlQRApgAAJ47RMvJ6V1fIzymUZuF+N+/1yx6nQCg/t3h nz5m4tDMu8NOtD3IjbOfEiw= =CHA4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From stef at aoc-uk.com Thu Jan 10 15:57:11 2008 From: stef at aoc-uk.com (Stef Morrell) Date: Thu Jan 10 15:58:35 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: References: <99874cd41efba942bd396246f31676c1@solidstatelogic.com> Message-ID: <200801101558.m0AFwRXQ030220@safir.blacknight.ie> Mark wrote: > surely no one is still using version 4 are they? Sure, why not? V4 has the same engine and definition levels as V5, but without the surplus to (at least my) requirements management stuff. Stef Stefan Morrell | Operations Director Tel: 0845 3452820 | Alpha Omega Computers Ltd Fax: 0845 3452830 | Incorporating Level 5 Internet stef@aoc-uk.com | stef@l5net.net Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. Registered in England No. 3867142. VAT No. GB734421454 From publicforum at myjaring.net Thu Jan 10 15:58:19 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 15:58:39 2008 Subject: MailScanner not scanning emails. Message-ID: <005401c853a1$9ea20f00$dbe62d00$@net> Problem 1: ============================= Latest version of ClamAV and MailScanner installed OK but MailScanner is not scanning emails. This happens for both my RH9 and RHEL5 servers (both with WHM/cPanel). I have been searching Google for days but could not solve the problem. I believe the solution is something very simple. Can somebody please show me the way? Problem 2: ============================= At the end of MailScanner installation, it said I should do these: service sendmail stop chkconfig sendmail off chkconfig MailScanner on service MailScanner start But for all the 4 commands, all I got was "Command not found". I am using RHEL5. What to do? Thanks. Regards, Lawrence Lam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080110/01eb39e4/attachment.html From bpirie at rma.edu Thu Jan 10 16:16:13 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Thu Jan 10 16:12:30 2008 Subject: MailScanner not scanning emails. In-Reply-To: <005401c853a1$9ea20f00$dbe62d00$@net> References: <005401c853a1$9ea20f00$dbe62d00$@net> Message-ID: <478644CD.9040208@rma.edu> As for problem 2, you must be logged in as root with root's ENV loaded for those commands to work. If you became root using "su" they will not work. use "su -" instead, or include the full path to the commands (e.g. /sbin/service sendmail stop). Brendan Lawrence Lam wrote: > Problem 1: > > ============================= > > Latest version of ClamAV and MailScanner installed OK but MailScanner is > not scanning emails. > > > > This happens for both my RH9 and RHEL5 servers (both with WHM/cPanel). > I have been searching Google for days but could not solve the problem. > I believe the solution is something very simple. Can somebody please > show me the way? > > > > Problem 2: > > ============================= > > At the end of MailScanner installation, it said I should do these: > > > > service sendmail stop > > chkconfig sendmail off > > chkconfig MailScanner on > > service MailScanner start > > > > But for all the 4 commands, all I got was "Command not found". I am > using RHEL5. What to do? > > > > Thanks. > > > > Regards, > > Lawrence Lam > > > > > > > From MailScanner at ecs.soton.ac.uk Thu Jan 10 16:18:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 10 16:18:21 2008 Subject: MailScanner not scanning emails. In-Reply-To: <005401c853a1$9ea20f00$dbe62d00$@net> References: <005401c853a1$9ea20f00$dbe62d00$@net> Message-ID: <4786453A.3010009@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lawrence Lam wrote: > > Problem 1: > > ============================= > > Latest version of ClamAV and MailScanner installed OK but MailScanner > is not scanning emails. > > > > This happens for both my RH9 and RHEL5 servers (both with WHM/cPanel). > I have been searching Google for days but could not solve the > problem. I believe the solution is something very simple. Can somebody > please show me the way? > You say it is not scanning. Is mail getting through? If so, you need to do the 4 commands listed in your Problem 2. > > > > Problem 2: > > ============================= > > At the end of MailScanner installation, it said I should do these: > > > > service sendmail stop > > chkconfig sendmail off > > chkconfig MailScanner on > > service MailScanner start > > > > But for all the 4 commands, all I got was "Command not found". I am > using RHEL5. What to do? > Never use "su" on its own, as this will not set up the root environment ($PATH and others) correctly. *Always* type "su -" as this will set up the $PATH correctly. Then you will find service and chkconfig on your path. > > > Thanks. > > > > Regards, > > Lawrence Lam > > > > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHhkU7EfZZRxQVtlQRAo7sAJ0V/ELroM0jY2Pl6FWXiEWVYMECHQCfYlpE WE23MemnALXlciNmxOUep2E= =m88Y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Thu Jan 10 16:30:12 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 10 16:30:38 2008 Subject: mailscanner on coolthreads server Message-ID: <47864814.2050704@nerc.ac.uk> Anyone here running a busy MailScanner server on Solaris? Have you tried the cooltst utility to check its appropriateness for a coolthreads server? I've tried it on my linux servers and it says it is a good candidate altho there isnt much detail. I think if you run it on solaris you get more detail... The new T2 processor has a FP unit for each core so would probably be a good match for MailScanner. It looks like a great processor but it may be too late to stop the tide of SPARC to x86 migration... tool is downloadable via this link: http://cooltools.sunsource.net/cooltst/index.html thoughts/opinions welcomed... GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From shuttlebox at gmail.com Thu Jan 10 16:44:35 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jan 10 16:44:44 2008 Subject: mailscanner on coolthreads server In-Reply-To: <47864814.2050704@nerc.ac.uk> References: <47864814.2050704@nerc.ac.uk> Message-ID: <625385e30801100844v4a4a85c1w5c6b4f9a24238317@mail.gmail.com> On Jan 10, 2008 5:30 PM, Greg Matthews wrote: > Anyone here running a busy MailScanner server on Solaris? Have you tried > the cooltst utility to check its appropriateness for a coolthreads server? > > I've tried it on my linux servers and it says it is a good candidate > altho there isnt much detail. I think if you run it on solaris you get > more detail... > > The new T2 processor has a FP unit for each core so would probably be a > good match for MailScanner. It looks like a great processor but it may > be too late to stop the tide of SPARC to x86 migration... Since everything is the same to run I don't know why one would migrate off one arch to another, just pick what's suitable for the task. I run both sparc and x86 and it's good to have a choice. :-) Have you looked at this? http://www.sun.com/tryandbuy/index.jsp -- /peter From dstraka at caspercollege.edu Thu Jan 10 16:57:45 2008 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Jan 10 16:58:14 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <99874cd41efba942bd396246f31676c1@solidstatelogic.com> References: <99874cd41efba942bd396246f31676c1@solidstatelogic.com> Message-ID: <4785EC19.61A4.0000.0@caspercollege.edu> Fellow MailScanner'ers I'm running MailScanner with the following Sophos: Installer for Sophos Anti-Virus for Linux, versions 4.x (on-demand scanning only) Platform: Linux on Intel using libc6 (glibc2.2) Current version: 4.25.0 This automatically updates the IDE files periodically. Can anyone tell me if my installation will be broken by the changes Sophos is planning to make? Thanks, -- Dan Straka Systems Coordinator Casper College 307.268.2399 www.caspercollege.edu >>> On 1/9/2008 at 1:34 AM, in message <99874cd41efba942bd396246f31676c1@solidstatelogic.com>, "Martin.Hepworth" wrote: > Guys > (well Jules prob ;-) > > Sophos are changing the way updates happen. I guess changes needed at MS end > somehow???? > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: Sophos Alert System [mailto:notification-return@lists.sophos.com] >> Sent: 07 January 2008 11:43 >> To: notification@lists.sophos.com >> Subject: IMPORTANT - Termination of this subscription - REMINDER >> >> >> Dear Subscriber, >> >> The number of new malware samples seen on a daily basis by SophosLabs >> continues to grow exponentially. Following a review of the use of >> this Sophos Alert System mailing list and the updating mechanisms used >> by our customers, Sophos will be making several changes to the mailing >> lists and downloads available to customers over the next few months. >> As a result of these changes Sophos will be able to increase the >> number of virus updates released every day substantially, thereby >> providing even faster and better protection against malware. >> >> The changes are as follows: >> >> - Individual IDE files will not be available for download from >> www.sophos.com from March 2008. >> >> Customers are encouraged to use one of the automated update mechanisms >> available from Sophos to receive their updates (see >> >> www.sophos.com/support/knowledgebase/article/12663.html for further >> information). Alternatively users can download the ides.zip file from >> www.sophos.com. This zip archive contains all the ide updates >> released since the last monthly engine update. Other zip archives are >> available for customers using older engines although users are >> encouraged to stay up to date and should not use an engine more than 3 >> months old. >> >> - Three new subscription lists have been created to provide more >> targeted satisfaction of customer needs. >> >> Further information on these services and how to subscribe is below. >> >> - The format of emails from the existing alert service, Sophos Alert >> System, will change in January 2008 in line with the new alert >> service, Sophos Update Alert. >> >> - The existing alert service, Sophos Alert System, will then cease to >> send update alerts from March 2008. >> >> Subscribers are encouraged to sign up to one of the three new mailing >> lists above should they wish to continue to receive this information. >> >> On subscribing to one or more of the above mailing lists, you will >> automatically be removed from the current update alert service. >> >> The new email services are: >> >> Sophos Update Alert >> ------------------- >> Subscription to this service will continue to provide an alert >> following the release of a new virus update. As the number of virus >> updates increases, so will the number of update alerts received >> increase. This new alert email will not contain information about >> the update itself, only announcing that an update has taken place. >> >> To subscribe to this service please send an email to: >> updatealert-subscribe@lists.sophos.com >> >> Sophos Daily Update Digest >> -------------------------- >> This email is for those customers wanting basic information about >> recent identity updates. Initially this subscription will simply >> provide a link to www.sophos.com/downloads/ide. >> From March, this email will provide subscribers with a daily digest >> about the updates released in the previous 24 hours. This >> information can also be viewed by subscribing to our RSS feeds >> (www.sophos.com/feeds). >> >> To subscribe to this service please send an email to: >> updatedigest-subscribe@lists.sophos.com >> >> Sophos Protection News >> ---------------------- >> This newsletter will be a regular review of the updates released over >> the previous month, providing some statistics and analysis of these >> releases. This information will also be found on the SophosLabs blog >> which provides an easy way of keeping abreast of the very latest >> information about malware seen by our global network of analysts. >> This mailing list will also be used by SophosLabs to send out any >> urgent notifications about malware outbreaks where significant action >> should be taken. >> >> To subscribe to this service please send an email to: >> protection-subscribe@lists.sophos.com >> >> Should you have any questions about these changes, please contact your >> technical support representative. >> >> Regards, >> >> Sophos >> >> >> ---- >> To unsubscribe, email: notification-unsubscribe@lists.sophos.com >> For additional commands, email: notification-faq@lists.sophos.com > > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Thu Jan 10 17:00:08 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 10 17:01:03 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <200801101558.m0AFwRXQ030220@safir.blacknight.ie> References: <99874cd41efba942bd396246f31676c1@solidstatelogic.com> <200801101558.m0AFwRXQ030220@safir.blacknight.ie> Message-ID: <47864F18.6010003@nerc.ac.uk> Stef Morrell wrote: > Mark wrote: >> surely no one is still using version 4 are they? > > Sure, why not? V4 has the same engine and definition levels as V5, but > without the surplus to (at least my) requirements management stuff. indeed. v4 here too. have you seen the size difference? When I first looked at v5 I found it was actually an older version of v4 than I was currently running plus a whole heap of stuff I didnt need. seen no need to change so far. perhaps that will change soon tho... G > > Stef > Stefan Morrell | Operations Director > Tel: 0845 3452820 | Alpha Omega Computers Ltd > Fax: 0845 3452830 | Incorporating Level 5 Internet > stef@aoc-uk.com | stef@l5net.net > > Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER. > Registered in England No. 3867142. VAT No. GB734421454 -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Thu Jan 10 17:05:21 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Jan 10 17:05:51 2008 Subject: mailscanner on coolthreads server In-Reply-To: <625385e30801100844v4a4a85c1w5c6b4f9a24238317@mail.gmail.com> References: <47864814.2050704@nerc.ac.uk> <625385e30801100844v4a4a85c1w5c6b4f9a24238317@mail.gmail.com> Message-ID: <47865051.4000501@nerc.ac.uk> shuttlebox wrote: > Since everything is the same to run I don't know why one would migrate > off one arch to another, just pick what's suitable for the task. I run > both sparc and x86 and it's good to have a choice. :-) 8 cores, 32 threads... need I say more? > > Have you looked at this? > > http://www.sun.com/tryandbuy/index.jsp yup, thats been running for a while now (18 months?). The old T1 only had one FP processor per chip but the T2 has 1 FP processor per core which should make it much more generally applicable. Given that SA (and MS to an extent) spends a lot of CPU cycles waiting for DNS and IO I'd have thought SMT processors were an ideal match but I've yet to talk to anyone who is actually using one for such an application. GREG > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From publicforum at myjaring.net Thu Jan 10 17:06:29 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 17:06:50 2008 Subject: MailScanner not scanning emails. In-Reply-To: <4786453A.3010009@ecs.soton.ac.uk> References: <005401c853a1$9ea20f00$dbe62d00$@net> <4786453A.3010009@ecs.soton.ac.uk> Message-ID: <006501c853ab$250cad80$6f260880$@net> None is working after following suggestion from different parties: $ su - Password: # service sendmail stop sendmail: unrecognized service # /etc/rc.d/init.d/service sendmail stop -bash: /etc/rc.d/init.d/service: No such file or directory # /sbin/service sendmail stop sendmail: unrecognized service # /sbin/service sendmail start sendmail: unrecognized service # /etc/rc.d/init.d/service sendmail start -bash: /etc/rc.d/init.d/service: No such file or directory # service sendmail start sendmail: unrecognized service # chkconfig sendmail off error reading information on service sendmail: No such file or directory -----Original Message----- Lawrence Lam wrote: > > Problem 1: > > ============================= > > Latest version of ClamAV and MailScanner installed OK but MailScanner > is not scanning emails. > > > > This happens for both my RH9 and RHEL5 servers (both with WHM/cPanel). > I have been searching Google for days but could not solve the > problem. I believe the solution is something very simple. Can somebody > please show me the way? > You say it is not scanning. Is mail getting through? If so, you need to do the 4 commands listed in your Problem 2. > > > > Problem 2: > > ============================= > > At the end of MailScanner installation, it said I should do these: > > > > service sendmail stop > > chkconfig sendmail off > > chkconfig MailScanner on > > service MailScanner start > > > > But for all the 4 commands, all I got was "Command not found". I am > using RHEL5. What to do? > Never use "su" on its own, as this will not set up the root environment ($PATH and others) correctly. *Always* type "su -" as this will set up the $PATH correctly. Then you will find service and chkconfig on your path. > > > Thanks. > > > > Regards, > > Lawrence Lam > > > > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHhkU7EfZZRxQVtlQRAo7sAJ0V/ELroM0jY2Pl6FWXiEWVYMECHQCfYlpE WE23MemnALXlciNmxOUep2E= =m88Y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Thu Jan 10 17:10:43 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jan 10 17:10:54 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <4785EC19.61A4.0000.0@caspercollege.edu> Message-ID: <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com> Looks like it - you need the emconsole (windows) running somewhere to handle the updates by the looks of it. Fortunately I just started putting in windows/AD etc here today so I've now got something to put in on ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Daniel Straka > Sent: 10 January 2008 16:58 > To: MailScanner discussion > Subject: Re: FW: IMPORTANT - Termination of this subscription - REMINDER > > Fellow MailScanner'ers > > I'm running MailScanner with the following Sophos: > Installer for Sophos Anti-Virus for Linux, versions 4.x (on-demand > scanning only) > Platform: Linux on Intel using libc6 (glibc2.2) > Current version: 4.25.0 > > This automatically updates the IDE files periodically. Can anyone tell me > if my installation will be broken by the changes Sophos is planning to > make? > > Thanks, > > -- > > Dan Straka > Systems Coordinator > Casper College > 307.268.2399 > www.caspercollege.edu > > > >>> On 1/9/2008 at 1:34 AM, in message > <99874cd41efba942bd396246f31676c1@solidstatelogic.com>, "Martin.Hepworth" > wrote: > > Guys > > (well Jules prob ;-) > > > > Sophos are changing the way updates happen. I guess changes needed at MS > end > > somehow???? > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: Sophos Alert System [mailto:notification-return@lists.sophos.com] > >> Sent: 07 January 2008 11:43 > >> To: notification@lists.sophos.com > >> Subject: IMPORTANT - Termination of this subscription - REMINDER > >> > >> > >> Dear Subscriber, > >> > >> The number of new malware samples seen on a daily basis by SophosLabs > >> continues to grow exponentially. Following a review of the use of > >> this Sophos Alert System mailing list and the updating mechanisms used > >> by our customers, Sophos will be making several changes to the mailing > >> lists and downloads available to customers over the next few months. > >> As a result of these changes Sophos will be able to increase the > >> number of virus updates released every day substantially, thereby > >> providing even faster and better protection against malware. > >> > >> The changes are as follows: > >> > >> - Individual IDE files will not be available for download from > >> www.sophos.com from March 2008. > >> > >> Customers are encouraged to use one of the automated update mechanisms > >> available from Sophos to receive their updates (see > >> > >> www.sophos.com/support/knowledgebase/article/12663.html for further > >> information). Alternatively users can download the ides.zip file from > >> www.sophos.com. This zip archive contains all the ide updates > >> released since the last monthly engine update. Other zip archives are > >> available for customers using older engines although users are > >> encouraged to stay up to date and should not use an engine more than 3 > >> months old. > >> > >> - Three new subscription lists have been created to provide more > >> targeted satisfaction of customer needs. > >> > >> Further information on these services and how to subscribe is below. > >> > >> - The format of emails from the existing alert service, Sophos Alert > >> System, will change in January 2008 in line with the new alert > >> service, Sophos Update Alert. > >> > >> - The existing alert service, Sophos Alert System, will then cease to > >> send update alerts from March 2008. > >> > >> Subscribers are encouraged to sign up to one of the three new mailing > >> lists above should they wish to continue to receive this information. > >> > >> On subscribing to one or more of the above mailing lists, you will > >> automatically be removed from the current update alert service. > >> > >> The new email services are: > >> > >> Sophos Update Alert > >> ------------------- > >> Subscription to this service will continue to provide an alert > >> following the release of a new virus update. As the number of virus > >> updates increases, so will the number of update alerts received > >> increase. This new alert email will not contain information about > >> the update itself, only announcing that an update has taken place. > >> > >> To subscribe to this service please send an email to: > >> updatealert-subscribe@lists.sophos.com > >> > >> Sophos Daily Update Digest > >> -------------------------- > >> This email is for those customers wanting basic information about > >> recent identity updates. Initially this subscription will simply > >> provide a link to www.sophos.com/downloads/ide. > >> From March, this email will provide subscribers with a daily digest > >> about the updates released in the previous 24 hours. This > >> information can also be viewed by subscribing to our RSS feeds > >> (www.sophos.com/feeds). > >> > >> To subscribe to this service please send an email to: > >> updatedigest-subscribe@lists.sophos.com > >> > >> Sophos Protection News > >> ---------------------- > >> This newsletter will be a regular review of the updates released over > >> the previous month, providing some statistics and analysis of these > >> releases. This information will also be found on the SophosLabs blog > >> which provides an easy way of keeping abreast of the very latest > >> information about malware seen by our global network of analysts. > >> This mailing list will also be used by SophosLabs to send out any > >> urgent notifications about malware outbreaks where significant action > >> should be taken. > >> > >> To subscribe to this service please send an email to: > >> protection-subscribe@lists.sophos.com > >> > >> Should you have any questions about these changes, please contact your > >> technical support representative. > >> > >> Regards, > >> > >> Sophos > >> > >> > >> ---- > >> To unsubscribe, email: notification-unsubscribe@lists.sophos.com > >> For additional commands, email: notification-faq@lists.sophos.com > > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jaearick at colby.edu Thu Jan 10 17:18:05 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Jan 10 17:18:32 2008 Subject: mailscanner on coolthreads server In-Reply-To: <47865051.4000501@nerc.ac.uk> References: <47864814.2050704@nerc.ac.uk> <625385e30801100844v4a4a85c1w5c6b4f9a24238317@mail.gmail.com> <47865051.4000501@nerc.ac.uk> Message-ID: On Thu, 10 Jan 2008, Greg Matthews wrote: > Date: Thu, 10 Jan 2008 17:05:21 +0000 > From: Greg Matthews > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: mailscanner on coolthreads server > > shuttlebox wrote: >> Since everything is the same to run I don't know why one would migrate >> off one arch to another, just pick what's suitable for the task. I run >> both sparc and x86 and it's good to have a choice. :-) > > 8 cores, 32 threads... need I say more? > >> >> Have you looked at this? >> >> http://www.sun.com/tryandbuy/index.jsp > > yup, thats been running for a while now (18 months?). The old T1 only had one > FP processor per chip but the T2 has 1 FP processor per core which should > make it much more generally applicable. > > Given that SA (and MS to an extent) spends a lot of CPU cycles waiting for > DNS and IO I'd have thought SMT processors were an ideal match but I've yet > to talk to anyone who is actually using one for such an application. > > GREG I have mailscanner running on a 4-cpu V490, Solaris 10. It has been the mailscanner box for a while. I have three T1000's (two of them out of service), and two T2000's (one web server and one general purpose, used to be our IMAP server). The T2000 handled dovecot IMAP very well, and mailscanner might benefit from moving to a T2000. That said, I'm starting the migration of my Sun systems to Redhat 5 running either in Intel Vmware or on real Intel boxes. The mailscanner system migration will be down the road for me, but that's where I plan to go. I've soured on Solaris; their OS patching has driven me insane. Jeff Earickson Colby College From shuttlebox at gmail.com Thu Jan 10 17:33:01 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Jan 10 17:33:10 2008 Subject: mailscanner on coolthreads server In-Reply-To: References: <47864814.2050704@nerc.ac.uk> <625385e30801100844v4a4a85c1w5c6b4f9a24238317@mail.gmail.com> <47865051.4000501@nerc.ac.uk> Message-ID: <625385e30801100933p5c64aa2dwfbfacf9e36e6eda9@mail.gmail.com> On Jan 10, 2008 6:18 PM, Jeff A. Earickson wrote: > I've soured on Solaris; their OS patching has driven me insane. Have you looked at this: http://www.par.univie.ac.at/solaris/pca/ Very simple, very good. Nothing like all the confused so called solutions Sun has released over the years. -- /peter From bpirie at rma.edu Thu Jan 10 17:50:40 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Thu Jan 10 17:47:01 2008 Subject: MailScanner not scanning emails. In-Reply-To: <006501c853ab$250cad80$6f260880$@net> References: <005401c853a1$9ea20f00$dbe62d00$@net> <4786453A.3010009@ecs.soton.ac.uk> <006501c853ab$250cad80$6f260880$@net> Message-ID: <47865AF0.1060203@rma.edu> "rpm -q sendmail" will tell you if sendmail is installed. If you're using postfix, exim or any MTA other than sendmail, the commands will obviously not work. If sendmail was installed from source/tarball instead of the RHL/RHEL packages, the commands will likely fail as well. Brendan Lawrence Lam wrote: > None is working after following suggestion from different parties: > > $ su - > Password: > > # service sendmail stop > sendmail: unrecognized service > > # /etc/rc.d/init.d/service sendmail stop > -bash: /etc/rc.d/init.d/service: No such file or directory > > # /sbin/service sendmail stop > sendmail: unrecognized service > > # /sbin/service sendmail start > sendmail: unrecognized service > > # /etc/rc.d/init.d/service sendmail start > -bash: /etc/rc.d/init.d/service: No such file or directory > > # service sendmail start > sendmail: unrecognized service > > # chkconfig sendmail off > error reading information on service sendmail: No such file or directory > > > > -----Original Message----- > Lawrence Lam wrote: >> Problem 1: >> >> ============================= >> >> Latest version of ClamAV and MailScanner installed OK but MailScanner >> is not scanning emails. >> >> >> >> This happens for both my RH9 and RHEL5 servers (both with WHM/cPanel). >> I have been searching Google for days but could not solve the >> problem. I believe the solution is something very simple. Can somebody >> please show me the way? >> > You say it is not scanning. Is mail getting through? If so, you need to > do the 4 commands listed in your Problem 2. >> >> >> Problem 2: >> >> ============================= >> >> At the end of MailScanner installation, it said I should do these: >> >> >> >> service sendmail stop >> >> chkconfig sendmail off >> >> chkconfig MailScanner on >> >> service MailScanner start >> >> >> >> But for all the 4 commands, all I got was "Command not found". I am >> using RHEL5. What to do? >> > Never use "su" on its own, as this will not set up the root environment > ($PATH and others) correctly. *Always* type "su -" as this will set up > the $PATH correctly. Then you will find service and chkconfig on your path. > >> >> >> Thanks. >> >> >> >> Regards, >> >> Lawrence Lam >> >> >> >> >> >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHhkU7EfZZRxQVtlQRAo7sAJ0V/ELroM0jY2Pl6FWXiEWVYMECHQCfYlpE > WE23MemnALXlciNmxOUep2E= > =m88Y > -----END PGP SIGNATURE----- > From J.Ede at birchenallhowden.co.uk Thu Jan 10 17:59:03 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Jan 10 17:59:26 2008 Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561C7B@server02.bhl.local> I've installed clamav and setup clamd (latest 0.92) onto a fresh install of CentOS 5 and set it up exactly the way I've always done it on other machines, but it seems that MailScanner seems unable to detect it (see below) [root@smtp MailScanner]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /tmp/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@smtp MailScanner]# clamdscan -V ClamAV 0.92/5470/Thu Jan 10 14:49:37 2008 [root@smtp MailScanner]# I've the socket set to 3310, the same as before and clamdscan seems to work, but just MailScanner seems unable to find it... Any ideas? Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080110/7a7def44/attachment.html From uxbod at splatnix.net Thu Jan 10 18:16:17 2008 From: uxbod at splatnix.net (UxBoD) Date: Thu Jan 10 18:16:57 2008 Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561C7B@server02.bhl.local> Message-ID: <13944241.5251199988977084.JavaMail.root@office.splatnix.net> Hmmm. Are the permissions on your MS work directories okay? The lint creates a sample batch and uses the normal scanning process to check the eicar file. Just give them a glance over. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jason Ede" To: "MailScanner discussion" Sent: 10 January 2008 17:59:03 o'clock (GMT) Europe/London Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 I?ve installed clamav and setup clamd (latest 0.92) onto a fresh install of CentOS 5 and set it up exactly the way I?ve always done it on other machines, but it seems that MailScanner seems unable to detect it (see below) [root@smtp MailScanner]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /tmp/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@smtp MailScanner]# clamdscan -V ClamAV 0.92/5470/Thu Jan 10 14:49:37 2008 [root@smtp MailScanner]# I?ve the socket set to 3310, the same as before and clamdscan seems to work, but just MailScanner seems unable to find it... Any ideas? Jason -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From publicforum at myjaring.net Thu Jan 10 18:18:48 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 18:19:06 2008 Subject: MailScanner not scanning emails. In-Reply-To: <478644CD.9040208@rma.edu> References: <005401c853a1$9ea20f00$dbe62d00$@net> <478644CD.9040208@rma.edu> Message-ID: <008401c853b5$3f2c8f50$bd85adf0$@net> I have problems at these steps: service sendmail stop chkconfig sendmail off chkconfig MailScanner on service MailScanner start I ran a check on MailScanner and ClamAV and it showed no error. But MailScanner is still NOT scanning emails: -------------------------------- [root@server02 MailScanner-4.66.5-3]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav ================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@server02 MailScanner-4.66.5-3]# From ian-list at securitypimp.com Thu Jan 10 18:36:11 2008 From: ian-list at securitypimp.com (Ian Lists) Date: Thu Jan 10 18:36:26 2008 Subject: MailScanner not scanning emails. In-Reply-To: <008401c853b5$3f2c8f50$bd85adf0$@net> Message-ID: <28179646.2151199990171874.JavaMail.root@postal.insourcedsecurity.com> Did you set the header_check file up? I believe it needs to have an entry like this in it. /^Received:/ HOLD Ian ----- "Lawrence Lam" wrote: > I have problems at these steps: > > service sendmail stop > chkconfig sendmail off > chkconfig MailScanner on > service MailScanner start > > I ran a check on MailScanner and ClamAV and it showed no error. But > MailScanner is still NOT scanning emails: > > -------------------------------- > [root@server02 MailScanner-4.66.5-3]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.66.5) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > ================== > Virus Scanner test reports: > ClamAV said "eicar.com contains Eicar-Test-Signature" > > If any of your virus scanners (clamav) > are not listed there, you should check that they are installed > correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > [root@server02 MailScanner-4.66.5-3]# > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USherbrooke.ca Thu Jan 10 18:42:38 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 10 18:45:04 2008 Subject: MailScanner not scanning emails. In-Reply-To: <008401c853b5$3f2c8f50$bd85adf0$@net> References: <005401c853a1$9ea20f00$dbe62d00$@net> <478644CD.9040208@rma.edu> <008401c853b5$3f2c8f50$bd85adf0$@net> Message-ID: <4786671E.1060403@USherbrooke.ca> Lawrence Lam a ?crit : > I have problems at these steps: > > service sendmail stop > chkconfig sendmail off > chkconfig MailScanner on > service MailScanner start > > I ran a check on MailScanner and ClamAV and it showed no error. But > MailScanner is still NOT scanning emails: > > -------------------------------- > [root@server02 MailScanner-4.66.5-3]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.66.5) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > ================== > Virus Scanner test reports: > ClamAV said "eicar.com contains Eicar-Test-Signature" > > If any of your virus scanners (clamav) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > [root@server02 MailScanner-4.66.5-3]# > > > According to the output you provided you do not have the sendmail service installed on your cPanel server. Could you send us the output of "ls /etc/rc.d/init.d/". There must be some service in there that processes mail and should be shut down for MS to do its job. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From publicforum at myjaring.net Thu Jan 10 18:46:39 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 18:47:00 2008 Subject: MailScanner not scanning emails. In-Reply-To: <28179646.2151199990171874.JavaMail.root@postal.insourcedsecurity.com> References: <008401c853b5$3f2c8f50$bd85adf0$@net> <28179646.2151199990171874.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <008501c853b9$232d5dd0$69881970$@net> Can you explain more? What file is this? -----Original Message----- Did you set the header_check file up? I believe it needs to have an entry like this in it. /^Received:/ HOLD Ian From publicforum at myjaring.net Thu Jan 10 18:53:49 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 18:54:08 2008 Subject: MailScanner not scanning emails. In-Reply-To: <4786671E.1060403@USherbrooke.ca> References: <005401c853a1$9ea20f00$dbe62d00$@net> <478644CD.9040208@rma.edu> <008401c853b5$3f2c8f50$bd85adf0$@net> <4786671E.1060403@USherbrooke.ca> Message-ID: <008601c853ba$232b6c90$698245b0$@net> My pleasure. Here you go: acpid courier-authlib haldaemon krb524 netplugd rdisc spamassassin anacron courier-imap halt kudzu network readahead_early sshd antirelayd cpanel hidd lvm2-monitor NetworkManager readahead_later syslog apf cpuspeed httpd MailScanner NetworkManagerDispatcher restorecond sysstat apmd crond httpd.tmpeditlib mcstrans nfs rhnsd vsftpd atd cups ip6tables mdmonitor nfslock rpcgssd winbind auditd dhcdbd ipalert_unix.sh mdmpd nscd rpcidmapd wpa_supplicant autofs dovecot ipaliases messagebus ntpd rpcsvcgssd xfs avahi-daemon dund ipmi microcode_ctl pand saslauthd ypbind avahi-dnsconfd exim iptables multipathd pcscd securetmp yum-updatesd bandmin filelimits irda mysql portmap setroubleshoot bluetooth firstboot irqbalance named portsentry single chkservd functions kdump netconsole psacct smartd conman gpm killall netfs pure-ftpd smb -----Original Message----- According to the output you provided you do not have the sendmail service installed on your cPanel server. Could you send us the output of "ls /etc/rc.d/init.d/". There must be some service in there that processes mail and should be shut down for MS to do its job. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From publicforum at myjaring.net Thu Jan 10 18:56:27 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 18:56:49 2008 Subject: MailScanner not scanning emails. In-Reply-To: <478644CD.9040208@rma.edu> References: <005401c853a1$9ea20f00$dbe62d00$@net> <478644CD.9040208@rma.edu> Message-ID: <008701c853ba$812d6f00$83884d00$@net> Attached are three items showing my MailScanner and ClamAV are both OK: MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@server02 clamav-0.92]# freshclam -V ClamAV 0.92/5471/Thu Jan 10 12:35:34 2008 [root@server02 clamav-0.92]# freshclam ClamAV update process started at Thu Jan 10 12:54:48 2008 main.cvd is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven) daily.inc is up to date (version: 5471, sigs: 21576, f-level: 21, builder: ccordes) From uxbod at splatnix.net Thu Jan 10 18:58:32 2008 From: uxbod at splatnix.net (UxBoD) Date: Thu Jan 10 18:59:09 2008 Subject: MailScanner not scanning emails. In-Reply-To: <008501c853b9$232d5dd0$69881970$@net> Message-ID: <23965146.5311199991512117.JavaMail.root@office.splatnix.net> what MTA are you running ? if Postfix then this tells the MTA to hold the file so that MS can process it and re-inject back into the queue. It would normally be something like /etc/postfix/header_checks. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Lawrence Lam" To: "MailScanner discussion" Sent: 10 January 2008 18:46:39 o'clock (GMT) Europe/London Subject: RE: MailScanner not scanning emails. Can you explain more? What file is this? -----Original Message----- Did you set the header_check file up? I believe it needs to have an entry like this in it. /^Received:/ HOLD Ian -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Thu Jan 10 19:00:59 2008 From: uxbod at splatnix.net (UxBoD) Date: Thu Jan 10 19:01:16 2008 Subject: MailScanner not scanning emails. In-Reply-To: <008501c853b9$232d5dd0$69881970$@net> Message-ID: <10679947.5341199991659559.JavaMail.root@office.splatnix.net> If postfix you would see this in your postfix main.cf :- header_checks = regexp:/etc/postfix/header_checks and as said by the previous poster in the file you would have :- [uxbod@mailhub ~]$ cat /etc/postfix/header_checks /^Received:/ HOLD Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Lawrence Lam" To: "MailScanner discussion" Sent: 10 January 2008 18:46:39 o'clock (GMT) Europe/London Subject: RE: MailScanner not scanning emails. Can you explain more? What file is this? -----Original Message----- Did you set the header_check file up? I believe it needs to have an entry like this in it. /^Received:/ HOLD Ian -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ian-list at securitypimp.com Thu Jan 10 19:07:06 2008 From: ian-list at securitypimp.com (Ian Lists) Date: Thu Jan 10 19:07:20 2008 Subject: MailScanner not scanning emails. In-Reply-To: <16903754.2201199991761791.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <9619280.2221199992026417.JavaMail.root@postal.insourcedsecurity.com> In postfix it's /etc/postfix/header_checks But from your previous post it looks like you may be using exim, so I don't know if it's needed. ----- "Lawrence Lam" wrote: > Can you explain more? What file is this? > > -----Original Message----- > > Did you set the header_check file up? I believe it needs to have an > entry like this in it. > > /^Received:/ HOLD > > Ian > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From publicforum at myjaring.net Thu Jan 10 19:23:23 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 19:23:42 2008 Subject: MailScanner not scanning emails. In-Reply-To: <10679947.5341199991659559.JavaMail.root@office.splatnix.net> References: <008501c853b9$232d5dd0$69881970$@net> <10679947.5341199991659559.JavaMail.root@office.splatnix.net> Message-ID: <008e01c853be$44dd13d0$ce973b70$@net> I believe I am using EXIM. # cd /etc/postfix -bash: cd: /etc/postfix: No such file or directory But I cannot find anything about "header_checks". From KGoods at AIAInsurance.com Thu Jan 10 19:35:13 2008 From: KGoods at AIAInsurance.com (Ken Goods) Date: Thu Jan 10 19:39:40 2008 Subject: MailScanner not scanning emails. Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C2978F@aiainsurance.com> Lawrence Lam wrote: > My pleasure. Here you go: > > acpid courier-authlib haldaemon krb524 > netplugd rdisc spamassassin > anacron courier-imap halt kudzu > network readahead_early sshd > antirelayd cpanel hidd lvm2-monitor > NetworkManager readahead_later syslog > apf cpuspeed httpd MailScanner > NetworkManagerDispatcher restorecond sysstat > apmd crond httpd.tmpeditlib mcstrans nfs > rhnsd vsftpd > atd cups ip6tables mdmonitor > nfslock rpcgssd winbind > auditd dhcdbd ipalert_unix.sh mdmpd nscd > rpcidmapd wpa_supplicant > autofs dovecot ipaliases messagebus ntpd > rpcsvcgssd xfs > avahi-daemon dund ipmi microcode_ctl pand > saslauthd ypbind > avahi-dnsconfd exim iptables multipathd > pcscd securetmp yum-updatesd > bandmin filelimits irda mysql > portmap setroubleshoot > bluetooth firstboot irqbalance named > portsentry single > chkservd functions kdump netconsole > psacct smartd > conman gpm killall netfs > pure-ftpd smb > Since no one else has jumped on this.... it looks like you have Exim as your MTA. This explains why the sendmail commands did not work for you. I don't run Exim myself but thought I'd at least point you in the right direction to get started. I'm sure others that do use MainScanner/Exim will help if you run into issues. You'll be looking for setup instructions and configs for MailScanner running with Exim. A quick google search turned up: http://wiki.exim.org/MailScanner I don't know of a definitive install guide for Exim but I'm pretty sure it's documented well in the MailScanner docs and remarked in MailScanner.conf. I hope this, along with some tips from Exim users will get you going on the right path. Kind regards, Ken Ken Goods Network Administrator CropUSA Insurance, Inc. From drew.marshall at technologytiger.net Thu Jan 10 19:50:38 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Thu Jan 10 19:50:57 2008 Subject: MailScanner not scanning emails. In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C2978F@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C2978F@aiainsurance.com> Message-ID: On 10 Jan 2008, at 19:35, Ken Goods wrote: > Lawrence Lam wrote: >> > Since no one else has jumped on this.... it looks like you have Exim > as your > MTA. This explains why the sendmail commands did not work for you. I > don't > run Exim myself but thought I'd at least point you in the right > direction to > get started. I'm sure others that do use MainScanner/Exim will help > if you > run into issues. > > You'll be looking for setup instructions and configs for MailScanner > running > with Exim. A quick google search turned up: > > http://wiki.exim.org/MailScanner > > I don't know of a definitive install guide for Exim but I'm pretty > sure it's > documented well in the MailScanner docs and remarked in > MailScanner.conf. > > I hope this, along with some tips from Exim users will get you going > on the > right path. Well if it's Exim then I would start here http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta:exim and click installation to start with but have a good read of all the sections as there are some great tips and good reading. -- In line with our policy, this message has been scanned for viruses and dangerous content by Tiger Mail www.technologytiger.net/tigermail from Technology Tiger. Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From Denis.Beauchemin at USherbrooke.ca Thu Jan 10 19:59:24 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 10 20:01:26 2008 Subject: MailScanner not scanning emails. In-Reply-To: References: <13C0059880FDD3118DC600508B6D4A6D01C2978F@aiainsurance.com> Message-ID: <4786791C.10909@USherbrooke.ca> Drew Marshall a ?crit : > On 10 Jan 2008, at 19:35, Ken Goods wrote: > >> Lawrence Lam wrote: >>> >> Since no one else has jumped on this.... it looks like you have Exim >> as your >> MTA. This explains why the sendmail commands did not work for you. I >> don't >> run Exim myself but thought I'd at least point you in the right >> direction to >> get started. I'm sure others that do use MainScanner/Exim will help >> if you >> run into issues. >> >> You'll be looking for setup instructions and configs for MailScanner >> running >> with Exim. A quick google search turned up: >> >> http://wiki.exim.org/MailScanner >> >> I don't know of a definitive install guide for Exim but I'm pretty >> sure it's >> documented well in the MailScanner docs and remarked in >> MailScanner.conf. >> >> I hope this, along with some tips from Exim users will get you going >> on the >> right path. > > Well if it's Exim then I would start here > http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:mta:exim and > click installation to start with but have a good read of all the > sections as there are some great tips and good reading. > I'm sure there would be interesting information in the list archive at: http://search.gmane.org/?query=cpanel&author=&group=gmane.mail.virus.mailscanner&sort=relevance Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From J.Ede at birchenallhowden.co.uk Thu Jan 10 20:05:39 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Thu Jan 10 20:10:32 2008 Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 In-Reply-To: <13944241.5251199988977084.JavaMail.root@office.splatnix.net> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561C7B@server02.bhl.local>, <13944241.5251199988977084.JavaMail.root@office.splatnix.net> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D18@server02.bhl.local> The permissions all look ok. The workdir was set to /tmp but I've moved it back into the /var/spool/mailscanner dirs Still no joy... Its not reporting mcafee as present either, which is also installed and working... Can I make it more verbose... Emails flow normally and are scanned for spam which I assume wouldn't happen if permissions were wrong... Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of UxBoD [uxbod@splatnix.net] Sent: 10 January 2008 18:16 To: MailScanner discussion Subject: Re: Clamd not being detected on fresh install of 4.66.5 on CentOS5 Hmmm. Are the permissions on your MS work directories okay? The lint creates a sample batch and uses the normal scanning process to check the eicar file. Just give them a glance over. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jason Ede" To: "MailScanner discussion" Sent: 10 January 2008 17:59:03 o'clock (GMT) Europe/London Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 I?ve installed clamav and setup clamd (latest 0.92) onto a fresh install of CentOS 5 and set it up exactly the way I?ve always done it on other machines, but it seems that MailScanner seems unable to detect it (see below) [root@smtp MailScanner]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /tmp/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@smtp MailScanner]# clamdscan -V ClamAV 0.92/5470/Thu Jan 10 14:49:37 2008 [root@smtp MailScanner]# I?ve the socket set to 3310, the same as before and clamdscan seems to work, but just MailScanner seems unable to find it... Any ideas? Jason -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From uxbod at splatnix.net Thu Jan 10 20:20:42 2008 From: uxbod at splatnix.net (UxBoD) Date: Thu Jan 10 20:50:17 2008 Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D18@server02.bhl.local> Message-ID: <24210046.5371199996442769.JavaMail.root@office.splatnix.net> can you post your mailscanner.conf ? hash out the watermark if and domains though Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jason Ede" To: "MailScanner discussion" Sent: 10 January 2008 20:05:39 o'clock (GMT) Europe/London Subject: RE: Clamd not being detected on fresh install of 4.66.5 on CentOS5 The permissions all look ok. The workdir was set to /tmp but I've moved it back into the /var/spool/mailscanner dirs Still no joy... Its not reporting mcafee as present either, which is also installed and working... Can I make it more verbose... Emails flow normally and are scanned for spam which I assume wouldn't happen if permissions were wrong... Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of UxBoD [uxbod@splatnix.net] Sent: 10 January 2008 18:16 To: MailScanner discussion Subject: Re: Clamd not being detected on fresh install of 4.66.5 on CentOS5 Hmmm. Are the permissions on your MS work directories okay? The lint creates a sample batch and uses the normal scanning process to check the eicar file. Just give them a glance over. Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Jason Ede" To: "MailScanner discussion" Sent: 10 January 2008 17:59:03 o'clock (GMT) Europe/London Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 I?ve installed clamav and setup clamd (latest 0.92) onto a fresh install of CentOS 5 and set it up exactly the way I?ve always done it on other machines, but it seems that MailScanner seems unable to detect it (see below) [root@smtp MailScanner]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.66.5) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /tmp/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. [root@smtp MailScanner]# clamdscan -V ClamAV 0.92/5470/Thu Jan 10 14:49:37 2008 [root@smtp MailScanner]# I?ve the socket set to 3310, the same as before and clamdscan seems to work, but just MailScanner seems unable to find it... Any ideas? Jason -- This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Jan 10 20:50:49 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jan 10 20:51:10 2008 Subject: MailScanner not scanning emails. In-Reply-To: <28179646.2151199990171874.JavaMail.root@postal.insourcedsecurity.com> References: <008401c853b5$3f2c8f50$bd85adf0$@net> <28179646.2151199990171874.JavaMail.root@postal.insourcedsecurity.com> Message-ID: on 1/10/2008 10:36 AM Ian Lists spake the following: > Did you set the header_check file up? I believe it needs to have an entry like this in it. > > /^Received:/ HOLD > > Ian > Only if you are using postfix. Poster did not say what MTA is installed. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From publicforum at myjaring.net Thu Jan 10 21:09:18 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 21:09:36 2008 Subject: MailScanner not scanning emails. In-Reply-To: References: <008401c853b5$3f2c8f50$bd85adf0$@net> <28179646.2151199990171874.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <00ad01c853cd$104f6960$30ee3c20$@net> Well, I found a couple of web pages on how to configure Exim+MailScanner. The instruction is extremely complicated. If there is no miracle by tomorrow, I will remove MailScanner and install the clamavconnector under WHM. At least it works for me although the control is very minimal. Thanks guys. Regards, Blue From dstraka at caspercollege.edu Thu Jan 10 21:45:58 2008 From: dstraka at caspercollege.edu (Daniel Straka) Date: Thu Jan 10 21:46:30 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com> References: <4785EC19.61A4.0000.0@caspercollege.edu> <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com> Message-ID: <47862FA6.61A4.0000.0@caspercollege.edu> All, I emailed Sophos support regarding termination of subscription notice Martin sent us all and the 4.x version of SAV for Linux that I run. So if any of the rest of you are running this version like I am, and your stress level spiked after reading about it because your projects calendar is already booked for the next 9 months like mine, looks like you can breathe a sigh of relief. THIS IS WHAT I SENT TO SOPHOS SUPPORT... I run Sophos in conjunction with MailScanner for email viruses. I've been happily using "Installer for Sophos Anti-Virus for Linux, versions 4.x (on-demand scanning only)" Platform: Linux on Intel using libc6 (glibc2.2) Current version: 4.25.0 This automatically updates the IDE files periodically. Is Sophos (heard a rumor) going to drop support for this product and break my installation ? If so, what does Sophos recommended to do? Thanks...Dan AND THIS IS WHAT THEY SENT BACK... Hello Dan, The product in question is not slated for retirement any time soon. You can check this information at the following web page: http://sophos.com/support/timeline.html Regards, Chris Chaves Sophos Technical Support >>> On 1/10/2008 at 10:10 AM, in message <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com>, "Martin.Hepworth" wrote: > Looks like it - you need the emconsole (windows) running somewhere to handle > the updates by the looks of it. > > Fortunately I just started putting in windows/AD etc here today so I've now > got something to put in on ;-) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Daniel Straka >> Sent: 10 January 2008 16:58 >> To: MailScanner discussion >> Subject: Re: FW: IMPORTANT - Termination of this subscription - REMINDER >> >> Fellow MailScanner'ers >> >> I'm running MailScanner with the following Sophos: >> Installer for Sophos Anti-Virus for Linux, versions 4.x (on-demand >> scanning only) >> Platform: Linux on Intel using libc6 (glibc2.2) >> Current version: 4.25.0 >> >> This automatically updates the IDE files periodically. Can anyone tell me >> if my installation will be broken by the changes Sophos is planning to >> make? >> >> Thanks, >> >> -- >> >> Dan Straka >> Systems Coordinator >> Casper College >> 307.268.2399 >> www.caspercollege.edu >> >> >> >>> On 1/9/2008 at 1:34 AM, in message >> <99874cd41efba942bd396246f31676c1@solidstatelogic.com>, "Martin.Hepworth" >> wrote: >> > Guys >> > (well Jules prob ;-) >> > >> > Sophos are changing the way updates happen. I guess changes needed at MS >> end >> > somehow???? >> > >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> >> -----Original Message----- >> >> From: Sophos Alert System [mailto:notification-return@lists.sophos.com] >> >> Sent: 07 January 2008 11:43 >> >> To: notification@lists.sophos.com >> >> Subject: IMPORTANT - Termination of this subscription - REMINDER >> >> >> >> >> >> Dear Subscriber, >> >> >> >> The number of new malware samples seen on a daily basis by SophosLabs >> >> continues to grow exponentially. Following a review of the use of >> >> this Sophos Alert System mailing list and the updating mechanisms used >> >> by our customers, Sophos will be making several changes to the mailing >> >> lists and downloads available to customers over the next few months. >> >> As a result of these changes Sophos will be able to increase the >> >> number of virus updates released every day substantially, thereby >> >> providing even faster and better protection against malware. >> >> >> >> The changes are as follows: >> >> >> >> - Individual IDE files will not be available for download from >> >> www.sophos.com from March 2008. >> >> >> >> Customers are encouraged to use one of the automated update mechanisms >> >> available from Sophos to receive their updates (see >> >> >> >> www.sophos.com/support/knowledgebase/article/12663.html for further >> >> information). Alternatively users can download the ides.zip file from >> >> www.sophos.com. This zip archive contains all the ide updates >> >> released since the last monthly engine update. Other zip archives are >> >> available for customers using older engines although users are >> >> encouraged to stay up to date and should not use an engine more than 3 >> >> months old. >> >> >> >> - Three new subscription lists have been created to provide more >> >> targeted satisfaction of customer needs. >> >> >> >> Further information on these services and how to subscribe is below. >> >> >> >> - The format of emails from the existing alert service, Sophos Alert >> >> System, will change in January 2008 in line with the new alert >> >> service, Sophos Update Alert. >> >> >> >> - The existing alert service, Sophos Alert System, will then cease to >> >> send update alerts from March 2008. >> >> >> >> Subscribers are encouraged to sign up to one of the three new mailing >> >> lists above should they wish to continue to receive this information. >> >> >> >> On subscribing to one or more of the above mailing lists, you will >> >> automatically be removed from the current update alert service. >> >> >> >> The new email services are: >> >> >> >> Sophos Update Alert >> >> ------------------- >> >> Subscription to this service will continue to provide an alert >> >> following the release of a new virus update. As the number of virus >> >> updates increases, so will the number of update alerts received >> >> increase. This new alert email will not contain information about >> >> the update itself, only announcing that an update has taken place. >> >> >> >> To subscribe to this service please send an email to: >> >> updatealert-subscribe@lists.sophos.com >> >> >> >> Sophos Daily Update Digest >> >> -------------------------- >> >> This email is for those customers wanting basic information about >> >> recent identity updates. Initially this subscription will simply >> >> provide a link to www.sophos.com/downloads/ide. >> >> From March, this email will provide subscribers with a daily digest >> >> about the updates released in the previous 24 hours. This >> >> information can also be viewed by subscribing to our RSS feeds >> >> (www.sophos.com/feeds). >> >> >> >> To subscribe to this service please send an email to: >> >> updatedigest-subscribe@lists.sophos.com >> >> >> >> Sophos Protection News >> >> ---------------------- >> >> This newsletter will be a regular review of the updates released over >> >> the previous month, providing some statistics and analysis of these >> >> releases. This information will also be found on the SophosLabs blog >> >> which provides an easy way of keeping abreast of the very latest >> >> information about malware seen by our global network of analysts. >> >> This mailing list will also be used by SophosLabs to send out any >> >> urgent notifications about malware outbreaks where significant action >> >> should be taken. >> >> >> >> To subscribe to this service please send an email to: >> >> protection-subscribe@lists.sophos.com >> >> >> >> Should you have any questions about these changes, please contact your >> >> technical support representative. >> >> >> >> Regards, >> >> >> >> Sophos >> >> >> >> >> >> ---- >> >> To unsubscribe, email: notification-unsubscribe@lists.sophos.com >> >> For additional commands, email: notification-faq@lists.sophos.com >> > >> > >> > >> > >> > >> > ********************************************************************** >> > Confidentiality : This e-mail and any attachments are intended for the >> > addressee only and may be confidential. If they come to you in error >> > you must take no action based on them, nor must you copy or show them >> > to anyone. Please advise the sender by replying to this e-mail >> > immediately and then delete the original from your computer. >> > Opinion : Any opinions expressed in this e-mail are entirely those of >> > the author and unless specifically stated to the contrary, are not >> > necessarily those of the author's employer. >> > Security Warning : Internet e-mail is not necessarily a secure >> > communications medium and can be subject to data corruption. We advise >> > that you consider this fact when e-mailing us. >> > Viruses : We have taken steps to ensure that this e-mail and any >> > attachments are free from known viruses but in keeping with good >> > computing practice, you should ensure that they are virus free. >> > >> > Red Lion 49 Ltd T/A Solid State Logic >> > Registered as a limited company in England and Wales >> > (Company No:5362730) >> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> > United Kingdom >> > ********************************************************************** >> > >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Jan 10 22:52:45 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 10 22:53:08 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <47862FA6.61A4.0000.0@caspercollege.edu> References: <4785EC19.61A4.0000.0@caspercollege.edu> <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com> <47862FA6.61A4.0000.0@caspercollege.edu> Message-ID: <4786A1BD.5070107@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In particular, for Sophos for Linux users, http://sophos.com/support/knowledgebase/article/17591.html Basically, it just says stick to version 4 or upgrade to version 6. Version 5 is going away. Daniel Straka wrote: > All, > > I emailed Sophos support regarding termination of subscription notice Martin sent us all and the 4.x version of SAV for Linux that I run. So if any of the rest of you are running this version like I am, and your stress level spiked after reading about it because your projects calendar is already booked for the next 9 months like mine, looks like you can breathe a sigh of relief. > > THIS IS WHAT I SENT TO SOPHOS SUPPORT... > > I run Sophos in conjunction with MailScanner for email viruses. I've been happily using "Installer for Sophos Anti-Virus for Linux, versions 4.x (on-demand scanning only)" > Platform: Linux on Intel using libc6 (glibc2.2) > Current version: 4.25.0 > This automatically updates the IDE files periodically. > > Is Sophos (heard a rumor) going to drop support for this product and break my installation ? > If so, what does Sophos recommended to do? > > Thanks...Dan > > AND THIS IS WHAT THEY SENT BACK... > > Hello Dan, > The product in question is not slated for retirement any time soon. You can check this information at the following web page: http://sophos.com/support/timeline.html > > Regards, > > Chris Chaves > Sophos Technical Support > > > >>>> On 1/10/2008 at 10:10 AM, in message >>>> > <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com>, "Martin.Hepworth" > wrote: > >> Looks like it - you need the emconsole (windows) running somewhere to handle >> the updates by the looks of it. >> >> Fortunately I just started putting in windows/AD etc here today so I've now >> got something to put in on ;-) >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Daniel Straka >>> Sent: 10 January 2008 16:58 >>> To: MailScanner discussion >>> Subject: Re: FW: IMPORTANT - Termination of this subscription - REMINDER >>> >>> Fellow MailScanner'ers >>> >>> I'm running MailScanner with the following Sophos: >>> Installer for Sophos Anti-Virus for Linux, versions 4.x (on-demand >>> scanning only) >>> Platform: Linux on Intel using libc6 (glibc2.2) >>> Current version: 4.25.0 >>> >>> This automatically updates the IDE files periodically. Can anyone tell me >>> if my installation will be broken by the changes Sophos is planning to >>> make? >>> >>> Thanks, >>> >>> -- >>> >>> Dan Straka >>> Systems Coordinator >>> Casper College >>> 307.268.2399 >>> www.caspercollege.edu >>> >>> >>> >>>>>> On 1/9/2008 at 1:34 AM, in message >>>>>> >>> <99874cd41efba942bd396246f31676c1@solidstatelogic.com>, "Martin.Hepworth" >>> wrote: >>> >>>> Guys >>>> (well Jules prob ;-) >>>> >>>> Sophos are changing the way updates happen. I guess changes needed at MS >>>> >>> end >>> >>>> somehow???? >>>> >>>> >>>> -- >>>> Martin Hepworth >>>> Snr Systems Administrator >>>> Solid State Logic >>>> Tel: +44 (0)1865 842300 >>>> >>>> >>>>> -----Original Message----- >>>>> From: Sophos Alert System [mailto:notification-return@lists.sophos.com] >>>>> Sent: 07 January 2008 11:43 >>>>> To: notification@lists.sophos.com >>>>> Subject: IMPORTANT - Termination of this subscription - REMINDER >>>>> >>>>> >>>>> Dear Subscriber, >>>>> >>>>> The number of new malware samples seen on a daily basis by SophosLabs >>>>> continues to grow exponentially. Following a review of the use of >>>>> this Sophos Alert System mailing list and the updating mechanisms used >>>>> by our customers, Sophos will be making several changes to the mailing >>>>> lists and downloads available to customers over the next few months. >>>>> As a result of these changes Sophos will be able to increase the >>>>> number of virus updates released every day substantially, thereby >>>>> providing even faster and better protection against malware. >>>>> >>>>> The changes are as follows: >>>>> >>>>> - Individual IDE files will not be available for download from >>>>> www.sophos.com from March 2008. >>>>> >>>>> Customers are encouraged to use one of the automated update mechanisms >>>>> available from Sophos to receive their updates (see >>>>> >>>>> www.sophos.com/support/knowledgebase/article/12663.html for further >>>>> information). Alternatively users can download the ides.zip file from >>>>> www.sophos.com. This zip archive contains all the ide updates >>>>> released since the last monthly engine update. Other zip archives are >>>>> available for customers using older engines although users are >>>>> encouraged to stay up to date and should not use an engine more than 3 >>>>> months old. >>>>> >>>>> - Three new subscription lists have been created to provide more >>>>> targeted satisfaction of customer needs. >>>>> >>>>> Further information on these services and how to subscribe is below. >>>>> >>>>> - The format of emails from the existing alert service, Sophos Alert >>>>> System, will change in January 2008 in line with the new alert >>>>> service, Sophos Update Alert. >>>>> >>>>> - The existing alert service, Sophos Alert System, will then cease to >>>>> send update alerts from March 2008. >>>>> >>>>> Subscribers are encouraged to sign up to one of the three new mailing >>>>> lists above should they wish to continue to receive this information. >>>>> >>>>> On subscribing to one or more of the above mailing lists, you will >>>>> automatically be removed from the current update alert service. >>>>> >>>>> The new email services are: >>>>> >>>>> Sophos Update Alert >>>>> ------------------- >>>>> Subscription to this service will continue to provide an alert >>>>> following the release of a new virus update. As the number of virus >>>>> updates increases, so will the number of update alerts received >>>>> increase. This new alert email will not contain information about >>>>> the update itself, only announcing that an update has taken place. >>>>> >>>>> To subscribe to this service please send an email to: >>>>> updatealert-subscribe@lists.sophos.com >>>>> >>>>> Sophos Daily Update Digest >>>>> -------------------------- >>>>> This email is for those customers wanting basic information about >>>>> recent identity updates. Initially this subscription will simply >>>>> provide a link to www.sophos.com/downloads/ide. >>>>> From March, this email will provide subscribers with a daily digest >>>>> about the updates released in the previous 24 hours. This >>>>> information can also be viewed by subscribing to our RSS feeds >>>>> (www.sophos.com/feeds). >>>>> >>>>> To subscribe to this service please send an email to: >>>>> updatedigest-subscribe@lists.sophos.com >>>>> >>>>> Sophos Protection News >>>>> ---------------------- >>>>> This newsletter will be a regular review of the updates released over >>>>> the previous month, providing some statistics and analysis of these >>>>> releases. This information will also be found on the SophosLabs blog >>>>> which provides an easy way of keeping abreast of the very latest >>>>> information about malware seen by our global network of analysts. >>>>> This mailing list will also be used by SophosLabs to send out any >>>>> urgent notifications about malware outbreaks where significant action >>>>> should be taken. >>>>> >>>>> To subscribe to this service please send an email to: >>>>> protection-subscribe@lists.sophos.com >>>>> >>>>> Should you have any questions about these changes, please contact your >>>>> technical support representative. >>>>> >>>>> Regards, >>>>> >>>>> Sophos >>>>> >>>>> >>>>> ---- >>>>> To unsubscribe, email: notification-unsubscribe@lists.sophos.com >>>>> For additional commands, email: notification-faq@lists.sophos.com >>>>> >>>> >>>> >>>> >>>> ********************************************************************** >>>> Confidentiality : This e-mail and any attachments are intended for the >>>> addressee only and may be confidential. If they come to you in error >>>> you must take no action based on them, nor must you copy or show them >>>> to anyone. Please advise the sender by replying to this e-mail >>>> immediately and then delete the original from your computer. >>>> Opinion : Any opinions expressed in this e-mail are entirely those of >>>> the author and unless specifically stated to the contrary, are not >>>> necessarily those of the author's employer. >>>> Security Warning : Internet e-mail is not necessarily a secure >>>> communications medium and can be subject to data corruption. We advise >>>> that you consider this fact when e-mailing us. >>>> Viruses : We have taken steps to ensure that this e-mail and any >>>> attachments are free from known viruses but in keeping with good >>>> computing practice, you should ensure that they are virus free. >>>> >>>> Red Lion 49 Ltd T/A Solid State Logic >>>> Registered as a limited company in England and Wales >>>> (Company No:5362730) >>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>>> United Kingdom >>>> ********************************************************************** >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for the >> addressee only and may be confidential. If they come to you in error >> you must take no action based on them, nor must you copy or show them >> to anyone. Please advise the sender by replying to this e-mail >> immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We advise >> that you consider this fact when e-mailing us. >> Viruses : We have taken steps to ensure that this e-mail and any >> attachments are free from known viruses but in keeping with good >> computing practice, you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales >> (Company No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHhqG/EfZZRxQVtlQRAhSWAKDXriJg13FY0yI6TrANJBO0vVi41ACgs6f8 jm4k9omxKXPf37F/gAO7thQ= =z2cM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 10 23:23:04 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 10 23:23:27 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com> References: <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com> Message-ID: <4786A8D8.9060005@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin.Hepworth wrote: > Looks like it - you need the emconsole (windows) running somewhere to handle the updates by the looks of it. > > Fortunately I just started putting in windows/AD etc here today so I've now got something to put in on ;-) > I run version 6 on a Linux-only setup with sophos-autoupdate handling everything on the update side. No windows boxes involved, no em console, nothing. Looks like my configuration will continue to be supported. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Daniel Straka >> Sent: 10 January 2008 16:58 >> To: MailScanner discussion >> Subject: Re: FW: IMPORTANT - Termination of this subscription - REMINDER >> >> Fellow MailScanner'ers >> >> I'm running MailScanner with the following Sophos: >> Installer for Sophos Anti-Virus for Linux, versions 4.x (on-demand >> scanning only) >> Platform: Linux on Intel using libc6 (glibc2.2) >> Current version: 4.25.0 >> >> This automatically updates the IDE files periodically. Can anyone tell me >> if my installation will be broken by the changes Sophos is planning to >> make? >> >> Thanks, >> >> -- >> >> Dan Straka >> Systems Coordinator >> Casper College >> 307.268.2399 >> www.caspercollege.edu >> >> >> >>>>> On 1/9/2008 at 1:34 AM, in message >>>>> >> <99874cd41efba942bd396246f31676c1@solidstatelogic.com>, "Martin.Hepworth" >> wrote: >> >>> Guys >>> (well Jules prob ;-) >>> >>> Sophos are changing the way updates happen. I guess changes needed at MS >>> >> end >> >>> somehow???? >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>> >>>> -----Original Message----- >>>> From: Sophos Alert System [mailto:notification-return@lists.sophos.com] >>>> Sent: 07 January 2008 11:43 >>>> To: notification@lists.sophos.com >>>> Subject: IMPORTANT - Termination of this subscription - REMINDER >>>> >>>> >>>> Dear Subscriber, >>>> >>>> The number of new malware samples seen on a daily basis by SophosLabs >>>> continues to grow exponentially. Following a review of the use of >>>> this Sophos Alert System mailing list and the updating mechanisms used >>>> by our customers, Sophos will be making several changes to the mailing >>>> lists and downloads available to customers over the next few months. >>>> As a result of these changes Sophos will be able to increase the >>>> number of virus updates released every day substantially, thereby >>>> providing even faster and better protection against malware. >>>> >>>> The changes are as follows: >>>> >>>> - Individual IDE files will not be available for download from >>>> www.sophos.com from March 2008. >>>> >>>> Customers are encouraged to use one of the automated update mechanisms >>>> available from Sophos to receive their updates (see >>>> >>>> www.sophos.com/support/knowledgebase/article/12663.html for further >>>> information). Alternatively users can download the ides.zip file from >>>> www.sophos.com. This zip archive contains all the ide updates >>>> released since the last monthly engine update. Other zip archives are >>>> available for customers using older engines although users are >>>> encouraged to stay up to date and should not use an engine more than 3 >>>> months old. >>>> >>>> - Three new subscription lists have been created to provide more >>>> targeted satisfaction of customer needs. >>>> >>>> Further information on these services and how to subscribe is below. >>>> >>>> - The format of emails from the existing alert service, Sophos Alert >>>> System, will change in January 2008 in line with the new alert >>>> service, Sophos Update Alert. >>>> >>>> - The existing alert service, Sophos Alert System, will then cease to >>>> send update alerts from March 2008. >>>> >>>> Subscribers are encouraged to sign up to one of the three new mailing >>>> lists above should they wish to continue to receive this information. >>>> >>>> On subscribing to one or more of the above mailing lists, you will >>>> automatically be removed from the current update alert service. >>>> >>>> The new email services are: >>>> >>>> Sophos Update Alert >>>> ------------------- >>>> Subscription to this service will continue to provide an alert >>>> following the release of a new virus update. As the number of virus >>>> updates increases, so will the number of update alerts received >>>> increase. This new alert email will not contain information about >>>> the update itself, only announcing that an update has taken place. >>>> >>>> To subscribe to this service please send an email to: >>>> updatealert-subscribe@lists.sophos.com >>>> >>>> Sophos Daily Update Digest >>>> -------------------------- >>>> This email is for those customers wanting basic information about >>>> recent identity updates. Initially this subscription will simply >>>> provide a link to www.sophos.com/downloads/ide. >>>> From March, this email will provide subscribers with a daily digest >>>> about the updates released in the previous 24 hours. This >>>> information can also be viewed by subscribing to our RSS feeds >>>> (www.sophos.com/feeds). >>>> >>>> To subscribe to this service please send an email to: >>>> updatedigest-subscribe@lists.sophos.com >>>> >>>> Sophos Protection News >>>> ---------------------- >>>> This newsletter will be a regular review of the updates released over >>>> the previous month, providing some statistics and analysis of these >>>> releases. This information will also be found on the SophosLabs blog >>>> which provides an easy way of keeping abreast of the very latest >>>> information about malware seen by our global network of analysts. >>>> This mailing list will also be used by SophosLabs to send out any >>>> urgent notifications about malware outbreaks where significant action >>>> should be taken. >>>> >>>> To subscribe to this service please send an email to: >>>> protection-subscribe@lists.sophos.com >>>> >>>> Should you have any questions about these changes, please contact your >>>> technical support representative. >>>> >>>> Regards, >>>> >>>> Sophos >>>> >>>> >>>> ---- >>>> To unsubscribe, email: notification-unsubscribe@lists.sophos.com >>>> For additional commands, email: notification-faq@lists.sophos.com >>>> >>> >>> >>> >>> ********************************************************************** >>> Confidentiality : This e-mail and any attachments are intended for the >>> addressee only and may be confidential. If they come to you in error >>> you must take no action based on them, nor must you copy or show them >>> to anyone. Please advise the sender by replying to this e-mail >>> immediately and then delete the original from your computer. >>> Opinion : Any opinions expressed in this e-mail are entirely those of >>> the author and unless specifically stated to the contrary, are not >>> necessarily those of the author's employer. >>> Security Warning : Internet e-mail is not necessarily a secure >>> communications medium and can be subject to data corruption. We advise >>> that you consider this fact when e-mailing us. >>> Viruses : We have taken steps to ensure that this e-mail and any >>> attachments are free from known viruses but in keeping with good >>> computing practice, you should ensure that they are virus free. >>> >>> Red Lion 49 Ltd T/A Solid State Logic >>> Registered as a limited company in England and Wales >>> (Company No:5362730) >>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >>> United Kingdom >>> ********************************************************************** >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHhqjaEfZZRxQVtlQRArdyAJ9O7B3HZGkABiFLSEdU9l8m8NqGQgCgqcus 7+22lz5tnVaaYjjO3Z7faX4= =wHgn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From publicforum at myjaring.net Thu Jan 10 23:36:58 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Thu Jan 10 23:37:18 2008 Subject: MailScanner not scanning emails. In-Reply-To: <478644CD.9040208@rma.edu> References: <005401c853a1$9ea20f00$dbe62d00$@net> <478644CD.9040208@rma.edu> Message-ID: <003101c853e1$b158c130$140a4390$@net> I followed the instruction at http://www.configserver.com/free/mailscanner.html and now MailScanner is working happily on my new server!!! The trick: As told by the rep from www.configserver.com, I should not use the installation instruction directly from MailScanner's website as I am using Exim, not Sendmail. Instead, I should use their installer which is customized for cPanel. Thank you guys for all your advice. You actually gave me the hint to solving the problem. Regards, Blue From gmane at tippingmar.com Thu Jan 10 23:45:13 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Thu Jan 10 23:45:35 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <4786A1BD.5070107@ecs.soton.ac.uk> References: <4785EC19.61A4.0000.0@caspercollege.edu> <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com> <47862FA6.61A4.0000.0@caspercollege.edu> <4786A1BD.5070107@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In particular, for Sophos for Linux users, > http://sophos.com/support/knowledgebase/article/17591.html > Basically, it just says stick to version 4 or upgrade to version 6. > Version 5 is going away. So version 4 will continue to be supported, but the method of downloading individual IDE files to update version 4 is going away. Luckily, MailScanner updates v4 by downloading the "ides.zip" file, and that method will still be available. Mark From hvdkooij at vanderkooij.org Fri Jan 11 06:31:47 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Jan 11 06:32:23 2008 Subject: MailScanner not scanning emails. In-Reply-To: <008e01c853be$44dd13d0$ce973b70$@net> References: <008501c853b9$232d5dd0$69881970$@net> <10679947.5341199991659559.JavaMail.root@office.splatnix.net> <008e01c853be$44dd13d0$ce973b70$@net> Message-ID: <47870D53.8080809@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lawrence Lam wrote: | I believe I am using EXIM. That is not a good answer. As an admin setting up mailscanner you must KNOW for sure. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHhw1OBvzDRVjxmYERAiIKAJ0cfGwuqO/FI0Kmyf7fFOgCIH/t+gCfWlfB PjD6Vl2N3fd9BowkzQTH5+g= =TGpu -----END PGP SIGNATURE----- From J.Ede at birchenallhowden.co.uk Fri Jan 11 10:48:04 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Jan 11 10:48:22 2008 Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 In-Reply-To: <24210046.5371199996442769.JavaMail.root@office.splatnix.net> References: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D18@server02.bhl.local> <24210046.5371199996442769.JavaMail.root@office.splatnix.net> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561C89@server02.bhl.local> Posted it, but it got blocked cos of the size. I've set up another machine identically and it seems to be working fine and detecting the scanner so I'm doubly puzzled... The only thing I can think of is a difference in libraries somehow. I'll investigate and get back with more info... > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of UxBoD > Sent: 10 January 2008 20:21 > To: MailScanner discussion > Subject: Re: Clamd not being detected on fresh install of 4.66.5 on > CentOS5 > > can you post your mailscanner.conf ? hash out the watermark if and > domains though > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Jason Ede" > To: "MailScanner discussion" > Sent: 10 January 2008 20:05:39 o'clock (GMT) Europe/London > Subject: RE: Clamd not being detected on fresh install of 4.66.5 on > CentOS5 > > The permissions all look ok. The workdir was set to /tmp but I've moved > it back into the /var/spool/mailscanner dirs > > Still no joy... Its not reporting mcafee as present either, which is > also installed and working... > > Can I make it more verbose... Emails flow normally and are scanned for > spam which I assume wouldn't happen if permissions were wrong... > > Jason > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info [mailscanner- > bounces@lists.mailscanner.info] On Behalf Of UxBoD [uxbod@splatnix.net] > Sent: 10 January 2008 18:16 > To: MailScanner discussion > Subject: Re: Clamd not being detected on fresh install of 4.66.5 on > CentOS5 > > Hmmm. Are the permissions on your MS work directories okay? The lint > creates a sample batch and uses the normal scanning process to check > the eicar file. Just give them a glance over. > > Regards, > > --[ UxBoD ]-- > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > ----- Original Message ----- > From: "Jason Ede" > To: "MailScanner discussion" > Sent: 10 January 2008 17:59:03 o'clock (GMT) Europe/London > Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 > > > > > > I?ve installed clamav and setup clamd (latest 0.92) onto a fresh > install of CentOS 5 and set it up exactly the way I?ve always done it > on other machines, but it seems that MailScanner seems unable to detect > it (see below) > > > > > > [root@smtp MailScanner]# MailScanner --lint > > Trying to setlogsock(unix) > > Checking version numbers... > > Version number in MailScanner.conf (4.66.5) is correct. > > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > > > Checking for SpamAssassin errors (if you use it)... > > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamd" > > Found these virus scanners installed: clamd > > ======================================================================= > ==== > > ======================================================================= > ==== > > > > If any of your virus scanners (clamd) > > are not listed there, you should check that they are installed > correctly > > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > [root@smtp MailScanner]# clamdscan -V > > ClamAV 0.92/5470/Thu Jan 10 14:49:37 2008 > > [root@smtp MailScanner]# > > > > I?ve the socket set to 3310, the same as before and clamdscan seems to > work, but just MailScanner seems unable to find it... Any ideas? > > > > Jason > -- > This message has been scanned for viruses and > dangerous content by MailScanner , and is > believed to be clean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ian-list at securitypimp.com Fri Jan 11 12:29:38 2008 From: ian-list at securitypimp.com (Ian Lists) Date: Fri Jan 11 12:29:51 2008 Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 In-Reply-To: <17637314.2251200054397715.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <14678437.2271200054578015.JavaMail.root@postal.insourcedsecurity.com> Do you have SELinux enabled? I had an issue once where I had to adjust the policy to allow it to communicate with mailscanner and RHEL 5. ----- "Jason Ede" wrote: > Posted it, but it got blocked cos of the size. > I've set up another machine identically and it seems to be working > fine and detecting the scanner so I'm doubly puzzled... > > The only thing I can think of is a difference in libraries somehow. > I'll investigate and get back with more info... > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of UxBoD > > Sent: 10 January 2008 20:21 > > To: MailScanner discussion > > Subject: Re: Clamd not being detected on fresh install of 4.66.5 on > > CentOS5 > > > > can you post your mailscanner.conf ? hash out the watermark if and > > domains though > > > > Regards, > > > > --[ UxBoD ]-- > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg > --import" > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > > ----- Original Message ----- > > From: "Jason Ede" > > To: "MailScanner discussion" > > Sent: 10 January 2008 20:05:39 o'clock (GMT) Europe/London > > Subject: RE: Clamd not being detected on fresh install of 4.66.5 on > > CentOS5 > > > > The permissions all look ok. The workdir was set to /tmp but I've > moved > > it back into the /var/spool/mailscanner dirs > > > > Still no joy... Its not reporting mcafee as present either, which > is > > also installed and working... > > > > Can I make it more verbose... Emails flow normally and are scanned > for > > spam which I assume wouldn't happen if permissions were wrong... > > > > Jason > > ________________________________________ > > From: mailscanner-bounces@lists.mailscanner.info [mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of UxBoD > [uxbod@splatnix.net] > > Sent: 10 January 2008 18:16 > > To: MailScanner discussion > > Subject: Re: Clamd not being detected on fresh install of 4.66.5 on > > CentOS5 > > > > Hmmm. Are the permissions on your MS work directories okay? The > lint > > creates a sample batch and uses the normal scanning process to > check > > the eicar file. Just give them a glance over. > > > > Regards, > > > > --[ UxBoD ]-- > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg > --import" > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > > ----- Original Message ----- > > From: "Jason Ede" > > To: "MailScanner discussion" > > Sent: 10 January 2008 17:59:03 o'clock (GMT) Europe/London > > Subject: Clamd not being detected on fresh install of 4.66.5 on > CentOS5 > > > > > > > > > > > > I?ve installed clamav and setup clamd (latest 0.92) onto a fresh > > install of CentOS 5 and set it up exactly the way I?ve always done > it > > on other machines, but it seems that MailScanner seems unable to > detect > > it (see below) > > > > > > > > > > > > [root@smtp MailScanner]# MailScanner --lint > > > > Trying to setlogsock(unix) > > > > Checking version numbers... > > > > Version number in MailScanner.conf (4.66.5) is correct. > > > > > > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > > > > > > > Checking for SpamAssassin errors (if you use it)... > > > > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > > > > SpamAssassin reported no errors. > > > > MailScanner.conf says "Virus Scanners = clamd" > > > > Found these virus scanners installed: clamd > > > > > ======================================================================= > > ==== > > > > > ======================================================================= > > ==== > > > > > > > > If any of your virus scanners (clamd) > > > > are not listed there, you should check that they are installed > > correctly > > > > and that MailScanner is finding them correctly via its > > virus.scanners.conf. > > > > [root@smtp MailScanner]# clamdscan -V > > > > ClamAV 0.92/5470/Thu Jan 10 14:49:37 2008 > > > > [root@smtp MailScanner]# > > > > > > > > I?ve the socket set to 3310, the same as before and clamdscan seems > to > > work, but just MailScanner seems unable to find it... Any ideas? > > > > > > > > Jason > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner , and is > > believed to be clean. > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From J.Ede at birchenallhowden.co.uk Fri Jan 11 12:55:03 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Fri Jan 11 12:55:16 2008 Subject: Clamd not being detected on fresh install of 4.66.5 on CentOS5 In-Reply-To: <14678437.2271200054578015.JavaMail.root@postal.insourcedsecurity.com> References: <17637314.2251200054397715.JavaMail.root@postal.insourcedsecurity.com> <14678437.2271200054578015.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7561C92@server02.bhl.local> The first thing I did on both machines was disabled selinux :) Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ian Lists > Sent: 11 January 2008 12:30 > To: MailScanner discussion > Subject: Re: Clamd not being detected on fresh install of 4.66.5 on > CentOS5 > > Do you have SELinux enabled? I had an issue once where I had to adjust > the policy to allow it to communicate with mailscanner and RHEL 5. > > > ----- "Jason Ede" wrote: > > Posted it, but it got blocked cos of the size. > > I've set up another machine identically and it seems to be working > > fine and detecting the scanner so I'm doubly puzzled... > > > > The only thing I can think of is a difference in libraries somehow. > > I'll investigate and get back with more info... > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of UxBoD > > > Sent: 10 January 2008 20:21 > > > To: MailScanner discussion > > > Subject: Re: Clamd not being detected on fresh install of 4.66.5 on > > > CentOS5 > > > > > > can you post your mailscanner.conf ? hash out the watermark if and > > > domains though > > > > > > Regards, > > > > > > --[ UxBoD ]-- > > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg > > --import" > > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > > > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > > > > ----- Original Message ----- > > > From: "Jason Ede" > > > To: "MailScanner discussion" > > > Sent: 10 January 2008 20:05:39 o'clock (GMT) Europe/London > > > Subject: RE: Clamd not being detected on fresh install of 4.66.5 on > > > CentOS5 > > > > > > The permissions all look ok. The workdir was set to /tmp but I've > > moved > > > it back into the /var/spool/mailscanner dirs > > > > > > Still no joy... Its not reporting mcafee as present either, which > > is > > > also installed and working... > > > > > > Can I make it more verbose... Emails flow normally and are scanned > > for > > > spam which I assume wouldn't happen if permissions were wrong... > > > > > > Jason > > > ________________________________________ > > > From: mailscanner-bounces@lists.mailscanner.info [mailscanner- > > > bounces@lists.mailscanner.info] On Behalf Of UxBoD > > [uxbod@splatnix.net] > > > Sent: 10 January 2008 18:16 > > > To: MailScanner discussion > > > Subject: Re: Clamd not being detected on fresh install of 4.66.5 on > > > CentOS5 > > > > > > Hmmm. Are the permissions on your MS work directories okay? The > > lint > > > creates a sample batch and uses the normal scanning process to > > check > > > the eicar file. Just give them a glance over. > > > > > > Regards, > > > > > > --[ UxBoD ]-- > > > // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg > > --import" > > > // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B > > > // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B > > > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > > > > > ----- Original Message ----- > > > From: "Jason Ede" > > > To: "MailScanner discussion" > > > Sent: 10 January 2008 17:59:03 o'clock (GMT) Europe/London > > > Subject: Clamd not being detected on fresh install of 4.66.5 on > > CentOS5 > > > > > > > > > > > > > > > > > > I?ve installed clamav and setup clamd (latest 0.92) onto a fresh > > > install of CentOS 5 and set it up exactly the way I?ve always done > > it > > > on other machines, but it seems that MailScanner seems unable to > > detect > > > it (see below) > > > > > > > > > > > > > > > > > > [root@smtp MailScanner]# MailScanner --lint > > > > > > Trying to setlogsock(unix) > > > > > > Checking version numbers... > > > > > > Version number in MailScanner.conf (4.66.5) is correct. > > > > > > > > > > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > > > > > > > > > > > Checking for SpamAssassin errors (if you use it)... > > > > > > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > > > > > > SpamAssassin reported no errors. > > > > > > MailScanner.conf says "Virus Scanners = clamd" > > > > > > Found these virus scanners installed: clamd > > > > > > > > > ======================================================================= > > > ==== > > > > > > > > > ======================================================================= > > > ==== > > > > > > > > > > > > If any of your virus scanners (clamd) > > > > > > are not listed there, you should check that they are installed > > > correctly > > > > > > and that MailScanner is finding them correctly via its > > > virus.scanners.conf. > > > > > > [root@smtp MailScanner]# clamdscan -V > > > > > > ClamAV 0.92/5470/Thu Jan 10 14:49:37 2008 > > > > > > [root@smtp MailScanner]# > > > > > > > > > > > > I?ve the socket set to 3310, the same as before and clamdscan seems > > to > > > work, but just MailScanner seems unable to find it... Any ideas? > > > > > > > > > > > > Jason > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner , and is > > > believed to be clean. > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From gmatt at nerc.ac.uk Fri Jan 11 13:12:26 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Jan 11 13:13:27 2008 Subject: mailscanner on coolthreads server In-Reply-To: <625385e30801100933p5c64aa2dwfbfacf9e36e6eda9@mail.gmail.com> References: <47864814.2050704@nerc.ac.uk> <625385e30801100844v4a4a85c1w5c6b4f9a24238317@mail.gmail.com> <47865051.4000501@nerc.ac.uk> <625385e30801100933p5c64aa2dwfbfacf9e36e6eda9@mail.gmail.com> Message-ID: <47876B3A.4080908@nerc.ac.uk> shuttlebox wrote: > On Jan 10, 2008 6:18 PM, Jeff A. Earickson wrote: >> I've soured on Solaris; their OS patching has driven me insane. > > Have you looked at this: http://www.par.univie.ac.at/solaris/pca/ beat me to it! G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From mailscanner at barendse.to Fri Jan 11 16:04:12 2008 From: mailscanner at barendse.to (Remco Barendse) Date: Fri Jan 11 16:04:22 2008 Subject: Correct regexp to block mails that advertise certain websites? Message-ID: Hi list! I would like to block e-mails that always contain a certain url that allows to "unsubscribe". The unsubcribe url from the e-mail is this in plain text : click here to unsubscribe . I tried to block this using the following regexp : body URETH1 /^http:\/\/.*\.ur...ethanes-technology-international\.com\// describe URETH1 urethane rubbish score URETH1 100 (deliberately broke the url with some dots as my message doesn't seem to make it to the list) But nothing happens, where do i go wrong? Where do i go wrong? I would already be happy if i can block any e-mail that contains urethanes-technology-international.com i am sure that no legitimate e-mail will contain a link to it Thanks!! From doc at maddoc.net Fri Jan 11 16:11:35 2008 From: doc at maddoc.net (Doc Schneider) Date: Fri Jan 11 16:12:12 2008 Subject: Correct regexp to block mails that advertise certain websites? In-Reply-To: References: Message-ID: <47879537.9050903@maddoc.net> Remco Barendse wrote: > Hi list! > > I would like to block e-mails that always contain a certain url that > allows to "unsubscribe". > > The unsubcribe url from the e-mail is this in plain text : > href="http://www.ur...ethanes-technology-international.com/unsubscribe.aspx?id=31797&email=whoever@whatever.com">click > here to unsubscribe . > > I tried to block this using the following regexp : > body URETH1 > /^http:\/\/.*\.ur...ethanes-technology-international\.com\// > describe URETH1 urethane rubbish > score URETH1 100 > > (deliberately broke the url with some dots as my message doesn't seem to > make it to the list) > > But nothing happens, where do i go wrong? > > Where do i go wrong? I would already be happy if i can block any e-mail > that contains urethanes-technology-international.com i am sure that no > legitimate e-mail will contain a link to it > > Thanks!! you need to \ (escape) the three periods. ur\.\.\.ethanes Funky that they actually have those 3 periods in their homename. Go figure. -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ms-list at alexb.ch Fri Jan 11 16:19:05 2008 From: ms-list at alexb.ch (Alex Broens) Date: Fri Jan 11 16:19:17 2008 Subject: Correct regexp to block mails that advertise certain websites? In-Reply-To: References: Message-ID: <478796F9.8040206@alexb.ch> On 1/11/2008 5:04 PM, Remco Barendse wrote: > Hi list! > > I would like to block e-mails that always contain a certain url that > allows to "unsubscribe". > > The unsubcribe url from the e-mail is this in plain text : > href="http://www.ur...ethanes-technology-international.com/unsubscribe.aspx?id=31797&email=whoever@whatever.com">click > here to unsubscribe . > > I tried to block this using the following regexp : > body URETH1 > /^http:\/\/.*\.ur...ethanes-technology-international\.com\// > describe URETH1 urethane rubbish > score URETH1 100 > > (deliberately broke the url with some dots as my message doesn't seem to > make it to the list) > > But nothing happens, where do i go wrong? > > Where do i go wrong? I would already be happy if i can block any e-mail > that contains urethanes-technology-international.com i am sure that no > legitimate e-mail will contain a link to it uri BLAH m'urethanes-technology-international\.com/unsubscribe\.asp' score BLAH 100.0 h2h Alex From MailScanner at ecs.soton.ac.uk Fri Jan 11 16:25:10 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 11 16:25:32 2008 Subject: Correct regexp to block mails that advertise certain websites? In-Reply-To: References: Message-ID: <47879866.7040600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After you put this in /etc/mail/spamassassin/local.cf or /etc/MailScanner/spam.assassin.prefs.conf (which should be linked to /etc/mail/spamassassin/mailscanner.cf, are you doing a "service MailScanner restart" ? Remco Barendse wrote: > Hi list! > > I would like to block e-mails that always contain a certain url that > allows to "unsubscribe". > > The unsubcribe url from the e-mail is this in plain text : > href="http://www.ur...ethanes-technology-international.com/unsubscribe.aspx?id=31797&email=whoever@whatever.com">click > here to unsubscribe . > > I tried to block this using the following regexp : > body URETH1 > /^http:\/\/.*\.ur...ethanes-technology-international\.com\// > describe URETH1 urethane rubbish > score URETH1 100 > > (deliberately broke the url with some dots as my message doesn't seem > to make it to the list) > > But nothing happens, where do i go wrong? > > Where do i go wrong? I would already be happy if i can block any > e-mail that contains urethanes-technology-international.com i am sure > that no legitimate e-mail will contain a link to it > > Thanks!! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHh5hnEfZZRxQVtlQRAkTbAJ9zVbInyai87pQhmj2iAUzwGHmAuQCeK9oW 41t3ZKMREtbEPwsCjkGfSIQ= =Day7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brent.bolin at gmail.com Fri Jan 11 17:43:09 2008 From: brent.bolin at gmail.com (BB) Date: Fri Jan 11 17:43:20 2008 Subject: Might be a question more about sendmail but also need to verify mailscanner can handle Message-ID: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> I have been asked to add another virtual domain to an existing server. Does mailscanner handle virtual domain, my guess it does. The other question I had has more to do with sendmail. I know there are some config files to setup sendmail to handle multiple domains. Also virtuser to map user@new_domain.com to a local user. Is there any way to hide the headers to not show the real domain of the server and only show the new domain Example mail.new_domain.com Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080111/ec597175/attachment.html From Denis.Beauchemin at USherbrooke.ca Fri Jan 11 18:34:39 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jan 11 18:35:58 2008 Subject: Correct regexp to block mails that advertise certain websites? In-Reply-To: References: Message-ID: <4787B6BF.9010106@USherbrooke.ca> Remco Barendse a ?crit : > Hi list! > > I would like to block e-mails that always contain a certain url that > allows to "unsubscribe". > > The unsubcribe url from the e-mail is this in plain text : > href="http://www.ur...ethanes-technology-international.com/unsubscribe.aspx?id=31797&email=whoever@whatever.com">click > here to unsubscribe . > > I tried to block this using the following regexp : > body URETH1 > /^http:\/\/.*\.ur...ethanes-technology-international\.com\// > describe URETH1 urethane rubbish > score URETH1 100 > > (deliberately broke the url with some dots as my message doesn't seem > to make it to the list) > > But nothing happens, where do i go wrong? > > Where do i go wrong? I would already be happy if i can block any > e-mail that contains urethanes-technology-international.com i am sure > that no legitimate e-mail will contain a link to it > > Thanks!! Remco, The main error you made was to use ^ which means to lock the pattern to the beginning of a new line. I would also use "uri" instead of "body" to search for this kind of string. Denis -- Denis Beauchemin, analyste Universit? de Sherbrooke, S.T.I. T: 819.821.8000x62252 F: 819.821.8045 From mkettler at evi-inc.com Fri Jan 11 18:43:11 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jan 11 18:43:36 2008 Subject: Correct regexp to block mails that advertise certain websites? In-Reply-To: References: Message-ID: <4787B8BF.6020605@evi-inc.com> Remco Barendse wrote: > Hi list! > > I would like to block e-mails that always contain a certain url that > allows to "unsubscribe". > > The unsubcribe url from the e-mail is this in plain text : > href="http://www.ur...ethanes-technology-international.com/unsubscribe.aspx?id=31797&email=whoever@whatever.com">click > here to unsubscribe . > > I tried to block this using the following regexp : > body URETH1 > /^http:\/\/.*\.ur...ethanes-technology-international\.com\// > describe URETH1 urethane rubbish > score URETH1 100 > > (deliberately broke the url with some dots as my message doesn't seem to > make it to the list) > > But nothing happens, where do i go wrong? You can't use a body rule to match HTML tags in SpamAssassin. By definition, all HTML tags are removed prior to running the body rules, to avoid spammers obfuscating strings with comment tags or things like . You really want a uri rule for this. rawbody would also work, but could fail to match sometimes due to line wraps (both body and uri are normalized to remove linewraps, but rawbody isn't.) I'd also warn you about using ^. In general, for body rules it makes no sense at all to use ^, as line breaks are removed for this rule type. This would force it to only match at the start of the message, not the start of a line in the body. (actually, for long messages SA does break it up into chunks, so it would really match the start of any "chunk"). For URI rules you're probably OK with it being there, but it's probably not needed. so try this instead: uri URETH1 /^http:\/\/.*\.ur...ethanes-technology-international\.com\// Or you could simplify to: uri URETH1 /\.ur.{3}ethanes-technology-international\.com\// However, the latter would be subject to matching mailto: uri's, which you might not want. From ssilva at sgvwater.com Fri Jan 11 19:45:49 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 11 19:50:16 2008 Subject: Might be a question more about sendmail but also need to verify mailscanner can handle In-Reply-To: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> References: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> Message-ID: on 1/11/2008 9:43 AM BB spake the following: > I have been asked to add another virtual domain to an existing server. > > Does mailscanner handle virtual domain, my guess it does. > > The other question I had has more to do with sendmail. I know there are > some config files to setup sendmail to handle multiple domains. Also > virtuser to map user@new_domain.com to a > local user. > > Is there any way to hide the headers to not show the real domain of the > server and only show the new domain > > Example mail.new_domain.com > > Thanks. > The MTA's handle the ins and outs of virtual domains. Mailscanner just sits in between scanning the mail. Google on virtual domains and sendmail, although I have been told other MTA's do it somewhat easier. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From gborders at balanceconsult.com Fri Jan 11 20:44:53 2008 From: gborders at balanceconsult.com (Greg Borders) Date: Fri Jan 11 20:46:41 2008 Subject: Only sign outgoing messages rules revisited. Message-ID: <4787D545.4040303@balanceconsult.com> I'm looking into doing this, and I implemented this rule from the examples: 3. Only sign outgoing messages Set "Sign Clean Messages = /opt/MailScanner/etc/rules/signing.rules". If your messages come from "yourdomain.com", then try this: From: 192.168. yes FromOrTo: default no where your network is the whole of 192.168.xxx.xxx. My subnet happens to match nicely with the examples. However, it signs *all* outbound messages, even from in-house user to other in-house user. I'd like to eliminate the signing for all inhouse person-to person mails. I've tried several extra rules, but no success yet. It just keeps tagging all sent mail. I'd expect something like this to work: From: 192.168. yes To: 192.168. no FromOrTo: default no Logic thinking if any mail comming into our subnet aka "To:" would not be tagged. No luck. Also tried: From: 192.168. yes FromAndTo: 192.168. no FromOrTo: default no Thinking that if it's from my subnet, and then coming back into my subnet, it would not be tagged. Still no luck. Any tips? "This is MailScanner version 4.66.5" With Mailwatch 1..0.4 -- This email message and any document accompanying it may contain information intended only for the person(s) named. Any use, distribution, copying or disclosure by another person is strictly prohibited. NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: DISCLOSURE UNDER TREASURY CIRCULAR 230: Any tax advice included in this written or electronic communication was not intended or written to be used, and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer by any governmental taxing authority or agency. This written or electronic communication does not represent legal advice. Persons in need of a legal opinion should seek competent counsel. From peter at farrows.org Fri Jan 11 21:09:40 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Jan 11 21:09:50 2008 Subject: Brilliant In-Reply-To: References: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> Message-ID: <4787DB14.3090801@farrows.org> This was sent to me today, and It made me smile... thought I would pass it on, sorry to abuse the list.... =============================== The following is an actual question given on a University of Washington chemistry mid-term. The answer by one student was so "profound" that the professor shared it with colleagues, via the Internet, which is, of course, why we now have the pleasure of enjoying it as well: Bonus Question: Is Hell exothermic(gives off heat) or endothermic (absorbs heat)? Most of the students wrote proofs of their beliefs using Boyle's Law (gas cools when it expands and heats when it is compressed) or some variant. One student, however, wrote the following: First, we need to know how the mass of Hell is changing in time. So we need to know the rate at which souls are moving into Hell and the rate at which they are leaving. I think that we can safely assume that once a soul gets to Hell, it will not leave. Therefore, no souls are leaving. As for how many souls are entering Hell, let's look at the different religions that exist in the world today. Most of these religions state that if you are not a member of their religion, you will go to Hell. Since there is more than one of these religions and since people do not belong to more than one religion, we can project that all souls go to Hell. With birth and death rates as they are, we can expect the number of souls in Hell to increase exponentially. Now, we look at the rate of change of the volume in Hell because Boyle's Law states that in order for the temperature and pressure in Hell to stay the same, the volume in Hell has to expand proportionately as souls are added: This gives two possibilities: 1. If Hell is expanding at a slower rate than the rate at which souls enter Hell, then the temperature and pressure in Hell will increase until all Hell breaks loose. 2. If Hell is expanding at a rate faster than the increase of souls in Hell, then the temperature and pressure will drop until Hell freezes over. So which is it? If we accept the postulate given to me by Teresa during my Freshman year that, "It will be a cold day in Hell before I sleep with you," and take into account the fact that I slept with her last night, then number two must be true, and thus I am sure that Hell is exothermic and has already frozen over. The corollary of the theory is that since Hell has frozen over, it follows that it is not accepting any more souls and is therefore, extinct......leaving only Heaven, thereby proving the existence of a divine being which explains why, last night, Teresa kept shouting "Oh my God." THE STUDENT RECEIVED THE ONLY "A" ================================= -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080111/0b4e27ec/attachment.html From gerard at seibercom.net Fri Jan 11 22:15:40 2008 From: gerard at seibercom.net (Gerard) Date: Fri Jan 11 22:16:06 2008 Subject: OT: Brilliant In-Reply-To: <4787DB14.3090801@farrows.org> References: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> <4787DB14.3090801@farrows.org> Message-ID: <20080111171540.2b07f93e@scorpio> On Fri, 11 Jan 2008 21:09:40 +0000 Peter Farrow wrote: > This was sent to me today, and It made me smile... > > thought I would pass it on, sorry to abuse the list.... If you are going to post something totally 'off topic' to the group, then at least prefix the subject line with 'OT' so others will be fore warned. BTW, that is a rather old. I first heard it several years ago. You might want to check out these URLs: http://www.pinetree.net/humor/thermodynamics.html http://www.snopes.com/college/exam/hell.asp -- Gerard gerard@seibercom.net I read the newspaper avidly. It is my one form of continuous fiction. Aneurin Bevan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080111/d528ab52/signature.bin From publicforum at myjaring.net Fri Jan 11 22:31:02 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Fri Jan 11 22:31:20 2008 Subject: MailScanner not scanning emails. In-Reply-To: <478644CD.9040208@rma.edu> References: <005401c853a1$9ea20f00$dbe62d00$@net> <478644CD.9040208@rma.edu> Message-ID: <000c01c854a1$a5e25300$f1a6f900$@net> The MailScanner installer at http://www.configserver.com/free/mailscanner.html works perfectly for cPanel/RHEL5. Although they did not install MS for me, I have just made a $60 donation to them for their advice. Blue -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Brendan Pirie Sent: Friday, January 11, 2008 12:16 AM To: MailScanner discussion Subject: Re: MailScanner not scanning emails. As for problem 2, you must be logged in as root with root's ENV loaded for those commands to work. If you became root using "su" they will not work. use "su -" instead, or include the full path to the commands (e.g. /sbin/service sendmail stop). Brendan Lawrence Lam wrote: > Problem 1: > > ============================= > > Latest version of ClamAV and MailScanner installed OK but MailScanner is > not scanning emails. > > > > This happens for both my RH9 and RHEL5 servers (both with WHM/cPanel). > I have been searching Google for days but could not solve the problem. > I believe the solution is something very simple. Can somebody please > show me the way? > > > > Problem 2: > > ============================= > > At the end of MailScanner installation, it said I should do these: > > > > service sendmail stop > > chkconfig sendmail off > > chkconfig MailScanner on > > service MailScanner start > > > > But for all the 4 commands, all I got was "Command not found". I am > using RHEL5. What to do? > > > > Thanks. > > > > Regards, > > Lawrence Lam > > > > > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Jan 11 22:36:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 11 22:36:42 2008 Subject: Only sign outgoing messages rules revisited. In-Reply-To: <4787D545.4040303@balanceconsult.com> References: <4787D545.4040303@balanceconsult.com> Message-ID: <4787EF63.9070507@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg Borders wrote: > I'm looking into doing this, and I implemented this rule from the > examples: > > 3. Only sign outgoing messages > Set "Sign Clean Messages = /opt/MailScanner/etc/rules/signing.rules". > If your messages come from "yourdomain.com", then try this: > From: 192.168. yes > FromOrTo: default no > where your network is the whole of 192.168.xxx.xxx. > > My subnet happens to match nicely with the examples. > However, it signs *all* outbound messages, even from in-house user to > other in-house user. > I'd like to eliminate the signing for all inhouse person-to person > mails. I've tried several extra rules, but no success yet. It just > keeps tagging all sent mail. > > I'd expect something like this to work: > From: 192.168. yes > To: 192.168. no You can't do "To", only "From" with IP addresses. The MTA doesn't know the IP address of the destination address until it has already successfully delivered the message, at which point it's a bit late to start testing things :-) To: yourdomain.com no FromOrTo: default yes is usually good enough, isn't it? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHh+9lEfZZRxQVtlQRAsU0AJ9i7diUb16RhE2ZzzbUjybazqoIcwCfT55R 7IeMFUNsFriHnDq4QjxbV9c= =UYzX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve at fsl.com Sat Jan 12 00:22:56 2008 From: steve at fsl.com (Stephen Swaney) Date: Sat Jan 12 00:23:06 2008 Subject: OT: Brilliant In-Reply-To: <20080111171540.2b07f93e@scorpio> References: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> <4787DB14.3090801@farrows.org> <20080111171540.2b07f93e@scorpio> Message-ID: <47880860.2030903@fsl.com> Gerard wrote: > On Fri, 11 Jan 2008 21:09:40 +0000 > Peter Farrow wrote: > > >> This was sent to me today, and It made me smile... >> >> thought I would pass it on, sorry to abuse the list.... >> > > If you are going to post something totally 'off topic' to the group, > then at least prefix the subject line with 'OT' so others will be fore > warned. > > BTW, that is a rather old. I first heard it several years ago. You > might want to check out these URLs: > > http://www.pinetree.net/humor/thermodynamics.html > http://www.snopes.com/college/exam/hell.asp > > I tend to agree that: 1. It is pretty old 2. Humor really doesn't have much place on this list But: 1. It is Friday 2. This one was a bit funnier that the original So let's cut this tread off now with no regrets - and let's all have a good weekend! Steve Steve Swaney steve@fsl.com www.fsl.com From hvdkooij at vanderkooij.org Sat Jan 12 08:53:33 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jan 12 08:54:16 2008 Subject: Brilliant In-Reply-To: <4787DB14.3090801@farrows.org> References: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> <4787DB14.3090801@farrows.org> Message-ID: <4788800D.1040200@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Farrow wrote: | This was sent to me today, and It made me smile... Besides the issue of wether the message belongs to the list. This is another example of a new message being posted as a reply an in doing so messing up the threads. As one can see from these header lines. To: MailScanner discussion References: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> In-Reply-To: Subject: Brilliant Which will lead us to the conclusion that there definitly is not an A in store for Peter. I guess Jules will hand him his F. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHiIALBvzDRVjxmYERAuyeAJ4psNNSqm4KN7EDgud27cFWPK6J3QCfVROg 8YyDIK0UBZEiCjGJqaqhkJw= =ms30 -----END PGP SIGNATURE----- From peter at farrows.org Sat Jan 12 10:47:07 2008 From: peter at farrows.org (Peter Farrow) Date: Sat Jan 12 10:45:18 2008 Subject: Brilliant In-Reply-To: <4788800D.1040200@vanderkooij.org> References: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> <4787DB14.3090801@farrows.org> <4788800D.1040200@vanderkooij.org> Message-ID: <47889AAB.6020906@farrows.org> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Peter Farrow wrote: > | This was sent to me today, and It made me smile... > > Besides the issue of wether the message belongs to the list. This is > another example of a new message being posted as a reply an in doing so > messing up the threads. As one can see from these header lines. > > To: MailScanner discussion > References: <787dcac20801110943u2183184aibd86bb8aad74e69a@mail.gmail.com> > > In-Reply-To: > Subject: Brilliant > > Which will lead us to the conclusion that there definitly is not an A in > store for Peter. I guess Jules will hand him his F. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHiIALBvzDRVjxmYERAuyeAJ4psNNSqm4KN7EDgud27cFWPK6J3QCfVROg > 8YyDIK0UBZEiCjGJqaqhkJw= > =ms30 > -----END PGP SIGNATURE----- >>Which will lead us to the conclusion that there definitly is not an A in Ok I got an F....and I have to only give you 6/10 for poor spelling..."definitly" :-P From paul at welshfamily.com Sat Jan 12 16:36:13 2008 From: paul at welshfamily.com (Paul Welsh) Date: Sat Jan 12 16:36:55 2008 Subject: Exim verify recipient and MailScanner In-Reply-To: <200801121200.m0CC0Iff029116@safir.blacknight.ie> Message-ID: <200801121636.m0CGakGZ002694@safir.blacknight.ie> Hi all I'm running MailScanner 4.64.3 with Exim 4.6. Apologies in advance if this is deemed off-topic. The problem is, I can't get Exim's verify recipient functionality working, even though my exim.conf specifies it. The reason I would like this to work is that my server relays for one domain in particular that is getting thousands of dictionary based spam messages (tens of thousands per day). My server relays to their smtp server after checking for spam and viruses using MailScanner and SpamAssassin. The public DNS for the domain points to my server as the MX and my server's DNS has an MX of their SMTP server. Their server sends their outbound mail via mine so it gets scanned. The domain is in my /etc/virtual/relay_domains file and the IP of their mail server is in my /etc/virtual/relay_hosts file. Has anyone any ideas? I've spent hours banging my head against a brick wall on this one. What I expect to happen is for exim to contact the remote smtp server to validate the address as soon as it gets the "rcpt to" command and then issue an "unknown user" response. What is happening instead is that the messages are being accepted, scanned by MailScanner and passed to the remote smtp server which rejects them. This is a real waste of resources. One theory I have is that because there's an inbound and outbound instance of exim to allow it to work with MailScanner then the verify recipient functionality is effectively disabled. The /etc/exim.conf which is the instance of exim used for inbound mail has these settings: # accept if address is in a local domain as long as recipient can be verified accept domains = +local_domains endpass message = unknown user verify = recipient # accept if address is in a domain for which we relay as long as recipient # can be verified accept domains = +relay_domains endpass message = unknown user verify = recipient accept hosts = +relay_hosts endpass message = unknown user verify = recipient accept hosts = +auth_relay_hosts endpass message = authentication required verify = recipient From MailScanner at ecs.soton.ac.uk Sat Jan 12 18:49:34 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 12 18:49:57 2008 Subject: Checking of "file -i" mime types of attachments Message-ID: <47890BBE.7010505@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I couldn't find the original thread, sorry. I have implemented an extension to the "filetype.rules.conf" file, where you can now specify an extra field just after the string that says what file type output you are looking for. So instead of allow text - - deny executable No executables No programs allowed you can now add an extra field like this: allow - text/plain - - deny executable application/.*exec No executables No programs allowed This 5th field is optional, and specifies a regular expression which is matched against the MIME type as determined by the "file -i" command. If it is never specified, then the "file -i" command will never be run on your message attachments so there is no appreciable overhead on the speed of MailScanner caused by this new feature. If the "mime type" *and* the filetype fields are both specified (and are not "-") then either matching will cause the rule to fire. In a "deny" rule like the example above, then *either* test firing will cause the attachment to be blocked. In an "allow" rule then *both* of the tests must pass to cause the attachment to be allowed and hence no more rules to be checked. This sounds a bit odd but actually ends up doing pretty much what you expect it to. I'm sure you'll let me know if I'm wrong there :-) There are also 3 new configuration settings to complete this: Log Permitted File MIME Types = no Allow File MIME Types = Deny File MIME Types = which work just like their non-MIME brethren. The aim of all this is to stop the false alarms caused by text files starting with the word "free", and various problems with languages other than English causing the "DOS executable" trap to fire when given certain plain text files. Is this a good enough solution to the problem? I have just released a new beta containing this new feature, 4.67.3. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHiQvAEfZZRxQVtlQRAou8AJ4hcaerUFdpy+1lZ7Oup3bwGMhGtwCfVqCG C+H4GEYuOd+mwbUbRmNT704= =d0jX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 13 10:27:25 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 13 10:27:59 2008 Subject: Kaspersky Message-ID: <6845397.6861200220045496.JavaMail.root@office.splatnix.net> Hi, I noticed this in my maillog this morning :- Jan 13 10:25:46 mailhub MailScanner[20256]: object="email message", name="./53FCB2DA007F.3FEB8.header", virus="", action="", info="error - unknown compression method ", lines=0 I reckon from the wording it probably is being generated by Kaspersky. Had anybody else seen these ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 13 11:39:31 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 13 11:40:03 2008 Subject: Kaspersky In-Reply-To: <6845397.6861200220045496.JavaMail.root@office.splatnix.net> Message-ID: <30892710.6891200224371364.JavaMail.root@office.splatnix.net> Hmmm, looks like it is actually ESET (NOD32) that is generating the error :( Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "UxBoD" To: "MailScanner discussion" Sent: 13 January 2008 10:27:25 o'clock (GMT) Europe/London Subject: Kaspersky Hi, I noticed this in my maillog this morning :- Jan 13 10:25:46 mailhub MailScanner[20256]: object="email message", name="./53FCB2DA007F.3FEB8.header", virus="", action="", info="error - unknown compression method ", lines=0 I reckon from the wording it probably is being generated by Kaspersky. Had anybody else seen these ? Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sun Jan 13 14:29:53 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jan 13 14:30:29 2008 Subject: Let postfix bypass MailScanner for specific recipients Message-ID: <478A2061.6070409@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have the need to bypass MailScanner for specific recipients which I can define as regular expression. I was oping to do this much in the way I definne custom reject messages without the need of large line in access tables. Un fortunatly this does not work as planned as nothing gets put on HOLD anymore. So this is what I did: ~ 1. in main.cf header_checks = regexp:/etc/postfix/regexp/header-checks # Classifications smtpd_restriction_classes = ~ work_MS, ~ reject_RFC, ~ reject_auto, ~ reject_auto_virus, ~ reject_domain, ~ reject_dynamic, ~ reject_infected, ~ reject_spam, ~ reject_user work_MS = check_client_access regexp:/etc/postfix/class/work_MS reject_RFC = check_client_access regexp:/etc/postfix/class/reject_RFC reject_auto = check_client_access regexp:/etc/postfix/class/reject_auto reject_auto_virus = check_client_access regexp:/etc/postfix/class/reject_auto_virus reject_domain = check_client_access regexp:/etc/postfix/class/reject_domain reject_dynamic = check_client_access regexp:/etc/postfix/class/reject_dynamic reject_infected = check_client_access regexp:/etc/postfix/class/reject_infected reject_spam = check_client_access regexp:/etc/postfix/class/reject_spam reject_user = check_client_access regexp:/etc/postfix/class/reject_user ~ 2. in class/work_MS: /To: loopback@.*\.waakhond\.net/ OK /./ HOLD ~ 3. in regexp/header-checks: /^Received:/ work_MS While in the past it would point straight to HOLD in the regexp/header-checks file I can imagine it would be an issue with the check_client_access stuff. But then I should be able to simplify this by using the following lines in the regexp/header-checks: /To: loopback@.*\.waakhond\.net/ OK /^Received:/ HOLD While this put all the incoming messages one again in the hold queue it also does this for the ones I wan to exclude. The simple reason is that the loopback account eats email and checks each message on a number of keys and if all of them match will log the arrival time matched to the keys. As MailScaner will add extra delay and ~ most importantly a very flexible amount of delay the time measurements on the messages becomes tainted. So you may now understand why I wan tthe bypass to work selectively and am not worried about an incidental spam message ending up there. Any suggestions to make this actually work? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHiiBeBvzDRVjxmYERAiX6AJ9BD0Blzbuo9zNLA+WtNxKLB+us4gCfcQ12 UHqx4VIKwEX+mXD8AdjYs2Q= =cDKF -----END PGP SIGNATURE----- From uxbod at splatnix.net Sun Jan 13 15:06:39 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 13 15:11:12 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <478A2061.6070409@vanderkooij.org> Message-ID: <14124746.7011200236799308.JavaMail.root@office.splatnix.net> Hugo, According to the Postfix documentation http://www.postfix.org/uce.html :- "At present, specifying a header pattern with OK serves no useful purpose. A rule ending in OK affects only the header being matched. The next header may still result in a REJECT match, causing the mail still to be rejected." I read it that each header line is checked via the header_checks directive, therefore all email would end up in the HOLD queue. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner Mailinglist" Sent: 13 January 2008 14:29:53 o'clock (GMT) Europe/London Subject: Let postfix bypass MailScanner for specific recipients -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have the need to bypass MailScanner for specific recipients which I can define as regular expression. I was oping to do this much in the way I definne custom reject messages without the need of large line in access tables. Un fortunatly this does not work as planned as nothing gets put on HOLD anymore. So this is what I did: ~ 1. in main.cf header_checks = regexp:/etc/postfix/regexp/header-checks # Classifications smtpd_restriction_classes = ~ work_MS, ~ reject_RFC, ~ reject_auto, ~ reject_auto_virus, ~ reject_domain, ~ reject_dynamic, ~ reject_infected, ~ reject_spam, ~ reject_user work_MS = check_client_access regexp:/etc/postfix/class/work_MS reject_RFC = check_client_access regexp:/etc/postfix/class/reject_RFC reject_auto = check_client_access regexp:/etc/postfix/class/reject_auto reject_auto_virus = check_client_access regexp:/etc/postfix/class/reject_auto_virus reject_domain = check_client_access regexp:/etc/postfix/class/reject_domain reject_dynamic = check_client_access regexp:/etc/postfix/class/reject_dynamic reject_infected = check_client_access regexp:/etc/postfix/class/reject_infected reject_spam = check_client_access regexp:/etc/postfix/class/reject_spam reject_user = check_client_access regexp:/etc/postfix/class/reject_user ~ 2. in class/work_MS: /To: loopback@.*\.waakhond\.net/ OK /./ HOLD ~ 3. in regexp/header-checks: /^Received:/ work_MS While in the past it would point straight to HOLD in the regexp/header-checks file I can imagine it would be an issue with the check_client_access stuff. But then I should be able to simplify this by using the following lines in the regexp/header-checks: /To: loopback@.*\.waakhond\.net/ OK /^Received:/ HOLD While this put all the incoming messages one again in the hold queue it also does this for the ones I wan to exclude. The simple reason is that the loopback account eats email and checks each message on a number of keys and if all of them match will log the arrival time matched to the keys. As MailScaner will add extra delay and ~ most importantly a very flexible amount of delay the time measurements on the messages becomes tainted. So you may now understand why I wan tthe bypass to work selectively and am not worried about an incidental spam message ending up there. Any suggestions to make this actually work? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHiiBeBvzDRVjxmYERAiX6AJ9BD0Blzbuo9zNLA+WtNxKLB+us4gCfcQ12 UHqx4VIKwEX+mXD8AdjYs2Q= =cDKF -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 13 15:16:23 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 13 15:17:31 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <32309636.7041200237295774.JavaMail.root@office.splatnix.net> Message-ID: <10471258.7061200237383472.JavaMail.root@office.splatnix.net> Could you not just invert the regex for the To: pattern match ie. /!To: loopback@.*\.waakhond\.net/ HOLD Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner Mailinglist" Sent: 13 January 2008 14:29:53 o'clock (GMT) Europe/London Subject: Let postfix bypass MailScanner for specific recipients -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have the need to bypass MailScanner for specific recipients which I can define as regular expression. I was oping to do this much in the way I definne custom reject messages without the need of large line in access tables. Un fortunatly this does not work as planned as nothing gets put on HOLD anymore. So this is what I did: ~ 1. in main.cf header_checks = regexp:/etc/postfix/regexp/header-checks # Classifications smtpd_restriction_classes = ~ work_MS, ~ reject_RFC, ~ reject_auto, ~ reject_auto_virus, ~ reject_domain, ~ reject_dynamic, ~ reject_infected, ~ reject_spam, ~ reject_user work_MS = check_client_access regexp:/etc/postfix/class/work_MS reject_RFC = check_client_access regexp:/etc/postfix/class/reject_RFC reject_auto = check_client_access regexp:/etc/postfix/class/reject_auto reject_auto_virus = check_client_access regexp:/etc/postfix/class/reject_auto_virus reject_domain = check_client_access regexp:/etc/postfix/class/reject_domain reject_dynamic = check_client_access regexp:/etc/postfix/class/reject_dynamic reject_infected = check_client_access regexp:/etc/postfix/class/reject_infected reject_spam = check_client_access regexp:/etc/postfix/class/reject_spam reject_user = check_client_access regexp:/etc/postfix/class/reject_user ~ 2. in class/work_MS: /To: loopback@.*\.waakhond\.net/ OK /./ HOLD ~ 3. in regexp/header-checks: /^Received:/ work_MS While in the past it would point straight to HOLD in the regexp/header-checks file I can imagine it would be an issue with the check_client_access stuff. But then I should be able to simplify this by using the following lines in the regexp/header-checks: /To: loopback@.*\.waakhond\.net/ OK /^Received:/ HOLD While this put all the incoming messages one again in the hold queue it also does this for the ones I wan to exclude. The simple reason is that the loopback account eats email and checks each message on a number of keys and if all of them match will log the arrival time matched to the keys. As MailScaner will add extra delay and ~ most importantly a very flexible amount of delay the time measurements on the messages becomes tainted. So you may now understand why I wan tthe bypass to work selectively and am not worried about an incidental spam message ending up there. Any suggestions to make this actually work? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHiiBeBvzDRVjxmYERAiX6AJ9BD0Blzbuo9zNLA+WtNxKLB+us4gCfcQ12 UHqx4VIKwEX+mXD8AdjYs2Q= =cDKF -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 13 15:17:58 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 13 15:19:46 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <478A2061.6070409@vanderkooij.org> Message-ID: <28344416.7091200237478128.JavaMail.root@office.splatnix.net> sorry bad regex! should be this :- [^To: loopback@.*\.waakhond\.net] HOLD so anything other than the above will be put in the hold queue. Tested with :- uxbod@cyborg:~$ cat p To: loopback@waakhond.net To: uxbod@waakhond.net uxbod@cyborg:~$ grep "[^To: loopback@waakhond.net]" p To: uxbod@waakhond.net Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner Mailinglist" Sent: 13 January 2008 14:29:53 o'clock (GMT) Europe/London Subject: Let postfix bypass MailScanner for specific recipients -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have the need to bypass MailScanner for specific recipients which I can define as regular expression. I was oping to do this much in the way I definne custom reject messages without the need of large line in access tables. Un fortunatly this does not work as planned as nothing gets put on HOLD anymore. So this is what I did: ~ 1. in main.cf header_checks = regexp:/etc/postfix/regexp/header-checks # Classifications smtpd_restriction_classes = ~ work_MS, ~ reject_RFC, ~ reject_auto, ~ reject_auto_virus, ~ reject_domain, ~ reject_dynamic, ~ reject_infected, ~ reject_spam, ~ reject_user work_MS = check_client_access regexp:/etc/postfix/class/work_MS reject_RFC = check_client_access regexp:/etc/postfix/class/reject_RFC reject_auto = check_client_access regexp:/etc/postfix/class/reject_auto reject_auto_virus = check_client_access regexp:/etc/postfix/class/reject_auto_virus reject_domain = check_client_access regexp:/etc/postfix/class/reject_domain reject_dynamic = check_client_access regexp:/etc/postfix/class/reject_dynamic reject_infected = check_client_access regexp:/etc/postfix/class/reject_infected reject_spam = check_client_access regexp:/etc/postfix/class/reject_spam reject_user = check_client_access regexp:/etc/postfix/class/reject_user ~ 2. in class/work_MS: /To: loopback@.*\.waakhond\.net/ OK /./ HOLD ~ 3. in regexp/header-checks: /^Received:/ work_MS While in the past it would point straight to HOLD in the regexp/header-checks file I can imagine it would be an issue with the check_client_access stuff. But then I should be able to simplify this by using the following lines in the regexp/header-checks: /To: loopback@.*\.waakhond\.net/ OK /^Received:/ HOLD While this put all the incoming messages one again in the hold queue it also does this for the ones I wan to exclude. The simple reason is that the loopback account eats email and checks each message on a number of keys and if all of them match will log the arrival time matched to the keys. As MailScaner will add extra delay and ~ most importantly a very flexible amount of delay the time measurements on the messages becomes tainted. So you may now understand why I wan tthe bypass to work selectively and am not worried about an incidental spam message ending up there. Any suggestions to make this actually work? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHiiBeBvzDRVjxmYERAiX6AJ9BD0Blzbuo9zNLA+WtNxKLB+us4gCfcQ12 UHqx4VIKwEX+mXD8AdjYs2Q= =cDKF -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Sun Jan 13 15:33:04 2008 From: uxbod at splatnix.net (UxBoD) Date: Sun Jan 13 15:33:56 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <28344416.7091200237478128.JavaMail.root@office.splatnix.net> Message-ID: <21464666.7121200238384972.JavaMail.root@office.splatnix.net> Sorry, being dumb today! That wouldn't make any difference anyway as each line of the header is parsed. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "UxBoD" To: "MailScanner discussion" Sent: 13 January 2008 15:17:58 o'clock (GMT) Europe/London Subject: Re: Let postfix bypass MailScanner for specific recipients sorry bad regex! should be this :- [^To: loopback@.*\.waakhond\.net] HOLD so anything other than the above will be put in the hold queue. Tested with :- uxbod@cyborg:~$ cat p To: loopback@waakhond.net To: uxbod@waakhond.net uxbod@cyborg:~$ grep "[^To: loopback@waakhond.net]" p To: uxbod@waakhond.net Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner Mailinglist" Sent: 13 January 2008 14:29:53 o'clock (GMT) Europe/London Subject: Let postfix bypass MailScanner for specific recipients -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have the need to bypass MailScanner for specific recipients which I can define as regular expression. I was oping to do this much in the way I definne custom reject messages without the need of large line in access tables. Un fortunatly this does not work as planned as nothing gets put on HOLD anymore. So this is what I did: ~ 1. in main.cf header_checks = regexp:/etc/postfix/regexp/header-checks # Classifications smtpd_restriction_classes = ~ work_MS, ~ reject_RFC, ~ reject_auto, ~ reject_auto_virus, ~ reject_domain, ~ reject_dynamic, ~ reject_infected, ~ reject_spam, ~ reject_user work_MS = check_client_access regexp:/etc/postfix/class/work_MS reject_RFC = check_client_access regexp:/etc/postfix/class/reject_RFC reject_auto = check_client_access regexp:/etc/postfix/class/reject_auto reject_auto_virus = check_client_access regexp:/etc/postfix/class/reject_auto_virus reject_domain = check_client_access regexp:/etc/postfix/class/reject_domain reject_dynamic = check_client_access regexp:/etc/postfix/class/reject_dynamic reject_infected = check_client_access regexp:/etc/postfix/class/reject_infected reject_spam = check_client_access regexp:/etc/postfix/class/reject_spam reject_user = check_client_access regexp:/etc/postfix/class/reject_user ~ 2. in class/work_MS: /To: loopback@.*\.waakhond\.net/ OK /./ HOLD ~ 3. in regexp/header-checks: /^Received:/ work_MS While in the past it would point straight to HOLD in the regexp/header-checks file I can imagine it would be an issue with the check_client_access stuff. But then I should be able to simplify this by using the following lines in the regexp/header-checks: /To: loopback@.*\.waakhond\.net/ OK /^Received:/ HOLD While this put all the incoming messages one again in the hold queue it also does this for the ones I wan to exclude. The simple reason is that the loopback account eats email and checks each message on a number of keys and if all of them match will log the arrival time matched to the keys. As MailScaner will add extra delay and ~ most importantly a very flexible amount of delay the time measurements on the messages becomes tainted. So you may now understand why I wan tthe bypass to work selectively and am not worried about an incidental spam message ending up there. Any suggestions to make this actually work? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHiiBeBvzDRVjxmYERAiX6AJ9BD0Blzbuo9zNLA+WtNxKLB+us4gCfcQ12 UHqx4VIKwEX+mXD8AdjYs2Q= =cDKF -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sun Jan 13 16:08:02 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jan 13 16:08:16 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <21464666.7121200238384972.JavaMail.root@office.splatnix.net> References: <21464666.7121200238384972.JavaMail.root@office.splatnix.net> Message-ID: <478A3762.7060703@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UxBoD wrote: | Sorry, being dumb today! That wouldn't make any difference anyway as each line of the header is parsed. We need to have some sort of AND function on 2 regexp in postfix. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHijdgBvzDRVjxmYERAvYCAKCgT9wMFMOKJzqmxwZJqc11l9xvVACfalWm o2Kv4ouh4pR2J7GUM1Cmr6I= =lvOy -----END PGP SIGNATURE----- From drew.marshall at technologytiger.net Sun Jan 13 18:44:01 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Sun Jan 13 18:44:24 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <478A3762.7060703@vanderkooij.org> References: <21464666.7121200238384972.JavaMail.root@office.splatnix.net> <478A3762.7060703@vanderkooij.org> Message-ID: <6BFB3BA8-EAC2-42DC-9534-67CAFB8B06E4@technologytiger.net> On 13 Jan 2008, at 16:08, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > UxBoD wrote: > | Sorry, being dumb today! That wouldn't make any difference anyway as > each line of the header is parsed. > > We need to have some sort of AND function on 2 regexp in postfix. > > Hugo. Hugo I have tried, with out success to do something similar before. The problem is that Postfix doesn't have any 'not' or 'and' rule understanding, which is pretty limiting, however, there might be an option. How does postfix receive your time critical mail? Is it possible to inject it using the sendmail binary? If so you can set a regex to only hold mail based on your server ID like thus: /^Received:(.*)by your\.mail-server\.name \(Postfix\)/ HOLD which will only put into the hold queue mail that comes in via SMTP. Injected mail produces headers like: Received:by your.mail-server.com (Postfix, from userid 80) which doesn't match and therefore won't get held. I don't know if this helps... Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Tiger Mail www.technologytiger.net/tigermail from Technology Tiger. Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From hvdkooij at vanderkooij.org Sun Jan 13 19:47:12 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Jan 13 19:47:41 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <6BFB3BA8-EAC2-42DC-9534-67CAFB8B06E4@technologytiger.net> References: <21464666.7121200238384972.JavaMail.root@office.splatnix.net> <478A3762.7060703@vanderkooij.org> <6BFB3BA8-EAC2-42DC-9534-67CAFB8B06E4@technologytiger.net> Message-ID: <478A6AC0.2090105@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drew Marshall wrote: | On 13 Jan 2008, at 16:08, Hugo van der Kooij wrote: | |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> UxBoD wrote: |> | Sorry, being dumb today! That wouldn't make any difference anyway as |> each line of the header is parsed. |> |> We need to have some sort of AND function on 2 regexp in postfix. |> |> Hugo. | | Hugo | | I have tried, with out success to do something similar before. The | problem is that Postfix doesn't have any 'not' or 'and' rule | understanding, which is pretty limiting, however, there might be an option. | | How does postfix receive your time critical mail? Is it possible to | inject it using the sendmail binary? If so you can set a regex to only | hold mail based on your server ID like thus: | | /^Received:(.*)by your\.mail-server\.name \(Postfix\)/ HOLD I will receive it from various remote servers (1 for now) by SMTP. Basically I send it with a custom perlscript to a remote SMTP server to start the timer and at the end of the chain it gets send back to me so I know the whole SMTP chain is alive and how long it took to process through the chain. The concept was deviced over a drink last friday night and by now the SMTP chain works I just need to parse the results and setup alerting if certain steps take to long. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHimq+BvzDRVjxmYERAreCAJ4m4vKa6UgZTyWPP5eq+YWB5Kpm1QCffPO6 Jp0ZDgAeNBDK5bqCTMymXkE= =lxwN -----END PGP SIGNATURE----- From davi at jvsinfo.com.br Sun Jan 13 22:14:44 2008 From: davi at jvsinfo.com.br (Davi Baldin) Date: Sun Jan 13 22:15:00 2008 Subject: =?iso-8859-1?q?ATEN=C7=C3O_-_Davi_estar=E1_ausente?= Message-ID: Estarei ausente do escrit?rio a partir de 13/01/2008 e n?o retornarei at? 14/01/2008. Oba F?rias! Assuntos JVS, favor encaminhar para suporte@jvsinfo.com.br, grato. From hvdkooij at vanderkooij.org Mon Jan 14 06:29:36 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 14 06:30:07 2008 Subject: =?iso-8859-1?q?ATEN=C7=C3O_-_Davi_estar=E1_ausente?= In-Reply-To: References: Message-ID: <478B0150.3030903@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Davi Baldin wrote: | Estarei ausente do escrit?rio a partir de 13/01/2008 e n?o retornarei at? | 14/01/2008. | | Oba F?rias! Assuntos JVS, favor encaminhar para suporte@jvsinfo.com.br, | grato. | Can this person be removed from the list for multiple cases of sending automated replies to a mailinglist? Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHiwFOBvzDRVjxmYERAurZAKC1EVwDWxK5evEEjeYPq3MRotgQNACeMMUt UMpMq6lUK87BRIZI1jZnguA= =T2kl -----END PGP SIGNATURE----- From martinh at solidstatelogic.com Mon Jan 14 09:15:56 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jan 14 09:16:23 2008 Subject: MailScanner not scanning emails. In-Reply-To: <003101c853e1$b158c130$140a4390$@net> Message-ID: Yeah Configserver's stuff is there own. I wish they'd use the standard install stiff or collaborate with Jules somehow... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Lawrence Lam > Sent: 10 January 2008 23:37 > To: 'MailScanner discussion' > Subject: RE: MailScanner not scanning emails. > > I followed the instruction at > http://www.configserver.com/free/mailscanner.html and now MailScanner is > working happily on my new server!!! > > The trick: > > As told by the rep from www.configserver.com, I should not use the > installation instruction directly from MailScanner's website as I am using > Exim, not Sendmail. Instead, I should use their installer which is > customized for cPanel. > > Thank you guys for all your advice. You actually gave me the hint to > solving > the problem. > > Regards, > Blue > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Jan 14 09:17:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 14 09:17:29 2008 Subject: =?iso-8859-1?q?ATEN=C7=C3O_-_Davi_estar=E1_ausente?= In-Reply-To: <478B0150.3030903@vanderkooij.org> References: <478B0150.3030903@vanderkooij.org> Message-ID: <478B2895.8060205@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > * PGP Signed by an unverified key: 01/14/08 at 06:29:34 > > Davi Baldin wrote: > | Estarei ausente do escrit?rio a partir de 13/01/2008 e n?o > retornarei at? > | 14/01/2008. > | > | Oba F?rias! Assuntos JVS, favor encaminhar para suporte@jvsinfo.com.br, > | grato. > | > > Can this person be removed from the list for multiple cases of sending > automated replies to a mailinglist? I've suspended his list membership. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHiyiVEfZZRxQVtlQRAv4ZAJ9aqUnv40CSTHZuIMDdwvYoDqK3EACfaJ+C zknXt6CJDdlFiPqsI300mEg= =2Ite -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kit at simplysites.co.uk Mon Jan 14 11:28:50 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Mon Jan 14 11:29:13 2008 Subject: Mailscanner gateway using sendmail (are there rules for individual domains) In-Reply-To: <4787D545.4040303@balanceconsult.com> References: <4787D545.4040303@balanceconsult.com> Message-ID: Hi All I found this article http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway I have sendmail and mailscanner on a bluequartz (centos 5). Its working great. I need to be able to use the excellent spam filtering ability of mailscanner before mail is relayed to an exchange server on a fixed ip address . I only want to do this for a few domains. Is it possible. The above article hints that it can be done, but not sure if its domain name specific or all mail on that server. Thanks in advanced From prandal at herefordshire.gov.uk Mon Jan 14 11:53:50 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jan 14 11:54:09 2008 Subject: Mailscanner gateway using sendmail (are there rules for individualdomains) In-Reply-To: References: <4787D545.4040303@balanceconsult.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> In /etc/MailScanner/MailScanner.conf Use SpamAssassin = %rules-dir%/spamassassin.rules which would contain: From: 127.0.0.1 no To: example.com yes FromOrTo: default no This would run spamassassin on incoming mails for example.com. Similar rulesets would be needed to control MailScanner's filename/filetype and phishing handling. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kit Wong > Sent: 14 January 2008 11:29 > To: MailScanner discussion > Subject: Mailscanner gateway using sendmail (are there rules > for individualdomains) > > > Hi All > > I found this article > http://wiki.mailscanner.info/doku.php?id=documentation:configu > ration:mta > :sendmail:how_to:setup_a_gateway > I have sendmail and mailscanner on a bluequartz (centos 5). > Its working > great. > > I need to be able to use the excellent spam filtering ability of > mailscanner before mail is relayed to an exchange server on a fixed ip > address . I only want to do this for a few domains. Is it > possible. The > above article hints that it can be done, but not sure if its > domain name > specific or all mail on that server. > > Thanks in advanced > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martinh at solidstatelogic.com Mon Jan 14 12:02:02 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Jan 14 12:02:25 2008 Subject: FW: IMPORTANT - Termination of this subscription - REMINDER In-Reply-To: <47862FA6.61A4.0000.0@caspercollege.edu> Message-ID: <59e25fa750bf4b4f8f92e89ac57ad492@solidstatelogic.com> All >From my reading of the email, they aren't dropping support of the products, just the old way of providing updates one IDE at a time. Ah you gotta download the zip file and use that, which is what Jules code does I think...(or use the em thing from windows to push out the updates). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Daniel Straka > Sent: 10 January 2008 21:46 > To: MailScanner discussion > Subject: RE: FW: IMPORTANT - Termination of this subscription - REMINDER > > All, > > I emailed Sophos support regarding termination of subscription notice > Martin sent us all and the 4.x version of SAV for Linux that I run. So if > any of the rest of you are running this version like I am, and your stress > level spiked after reading about it because your projects calendar is > already booked for the next 9 months like mine, looks like you can breathe > a sigh of relief. > > THIS IS WHAT I SENT TO SOPHOS SUPPORT... > > I run Sophos in conjunction with MailScanner for email viruses. I've been > happily using "Installer for Sophos Anti-Virus for Linux, versions 4.x > (on-demand scanning only)" > Platform: Linux on Intel using libc6 (glibc2.2) > Current version: 4.25.0 > This automatically updates the IDE files periodically. > > Is Sophos (heard a rumor) going to drop support for this product and break > my installation ? > If so, what does Sophos recommended to do? > > Thanks...Dan > > AND THIS IS WHAT THEY SENT BACK... > > Hello Dan, > The product in question is not slated for retirement any time soon. You > can check this information at the following web page: > http://sophos.com/support/timeline.html > > Regards, > > Chris Chaves > Sophos Technical Support > > > >>> On 1/10/2008 at 10:10 AM, in message > <13a5ecb3e531aa4f8d7e083e31483235@solidstatelogic.com>, "Martin.Hepworth" > wrote: > > Looks like it - you need the emconsole (windows) running somewhere to > handle > > the updates by the looks of it. > > > > Fortunately I just started putting in windows/AD etc here today so I've > now > > got something to put in on ;-) > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Daniel Straka > >> Sent: 10 January 2008 16:58 > >> To: MailScanner discussion > >> Subject: Re: FW: IMPORTANT - Termination of this subscription - > REMINDER > >> > >> Fellow MailScanner'ers > >> > >> I'm running MailScanner with the following Sophos: > >> Installer for Sophos Anti-Virus for Linux, versions 4.x (on-demand > >> scanning only) > >> Platform: Linux on Intel using libc6 (glibc2.2) > >> Current version: 4.25.0 > >> > >> This automatically updates the IDE files periodically. Can anyone tell > me > >> if my installation will be broken by the changes Sophos is planning to > >> make? > >> > >> Thanks, > >> > >> -- > >> > >> Dan Straka > >> Systems Coordinator > >> Casper College > >> 307.268.2399 > >> www.caspercollege.edu > >> > >> > >> >>> On 1/9/2008 at 1:34 AM, in message > >> <99874cd41efba942bd396246f31676c1@solidstatelogic.com>, > "Martin.Hepworth" > >> wrote: > >> > Guys > >> > (well Jules prob ;-) > >> > > >> > Sophos are changing the way updates happen. I guess changes needed at > MS > >> end > >> > somehow???? > >> > > >> > > >> > -- > >> > Martin Hepworth > >> > Snr Systems Administrator > >> > Solid State Logic > >> > Tel: +44 (0)1865 842300 > >> > > >> >> -----Original Message----- > >> >> From: Sophos Alert System [mailto:notification- > return@lists.sophos.com] > >> >> Sent: 07 January 2008 11:43 > >> >> To: notification@lists.sophos.com > >> >> Subject: IMPORTANT - Termination of this subscription - REMINDER > >> >> > >> >> > >> >> Dear Subscriber, > >> >> > >> >> The number of new malware samples seen on a daily basis by > SophosLabs > >> >> continues to grow exponentially. Following a review of the use of > >> >> this Sophos Alert System mailing list and the updating mechanisms > used > >> >> by our customers, Sophos will be making several changes to the > mailing > >> >> lists and downloads available to customers over the next few months. > >> >> As a result of these changes Sophos will be able to increase the > >> >> number of virus updates released every day substantially, thereby > >> >> providing even faster and better protection against malware. > >> >> > >> >> The changes are as follows: > >> >> > >> >> - Individual IDE files will not be available for download from > >> >> www.sophos.com from March 2008. > >> >> > >> >> Customers are encouraged to use one of the automated update > mechanisms > >> >> available from Sophos to receive their updates (see > >> >> > >> >> www.sophos.com/support/knowledgebase/article/12663.html for further > >> >> information). Alternatively users can download the ides.zip file > from > >> >> www.sophos.com. This zip archive contains all the ide updates > >> >> released since the last monthly engine update. Other zip archives > are > >> >> available for customers using older engines although users are > >> >> encouraged to stay up to date and should not use an engine more than > 3 > >> >> months old. > >> >> > >> >> - Three new subscription lists have been created to provide more > >> >> targeted satisfaction of customer needs. > >> >> > >> >> Further information on these services and how to subscribe is below. > >> >> > >> >> - The format of emails from the existing alert service, Sophos Alert > >> >> System, will change in January 2008 in line with the new alert > >> >> service, Sophos Update Alert. > >> >> > >> >> - The existing alert service, Sophos Alert System, will then cease > to > >> >> send update alerts from March 2008. > >> >> > >> >> Subscribers are encouraged to sign up to one of the three new > mailing > >> >> lists above should they wish to continue to receive this > information. > >> >> > >> >> On subscribing to one or more of the above mailing lists, you will > >> >> automatically be removed from the current update alert service. > >> >> > >> >> The new email services are: > >> >> > >> >> Sophos Update Alert > >> >> ------------------- > >> >> Subscription to this service will continue to provide an alert > >> >> following the release of a new virus update. As the number of virus > >> >> updates increases, so will the number of update alerts received > >> >> increase. This new alert email will not contain information about > >> >> the update itself, only announcing that an update has taken place. > >> >> > >> >> To subscribe to this service please send an email to: > >> >> updatealert-subscribe@lists.sophos.com > >> >> > >> >> Sophos Daily Update Digest > >> >> -------------------------- > >> >> This email is for those customers wanting basic information about > >> >> recent identity updates. Initially this subscription will simply > >> >> provide a link to www.sophos.com/downloads/ide. > >> >> From March, this email will provide subscribers with a daily digest > >> >> about the updates released in the previous 24 hours. This > >> >> information can also be viewed by subscribing to our RSS feeds > >> >> (www.sophos.com/feeds). > >> >> > >> >> To subscribe to this service please send an email to: > >> >> updatedigest-subscribe@lists.sophos.com > >> >> > >> >> Sophos Protection News > >> >> ---------------------- > >> >> This newsletter will be a regular review of the updates released > over > >> >> the previous month, providing some statistics and analysis of these > >> >> releases. This information will also be found on the SophosLabs > blog > >> >> which provides an easy way of keeping abreast of the very latest > >> >> information about malware seen by our global network of analysts. > >> >> This mailing list will also be used by SophosLabs to send out any > >> >> urgent notifications about malware outbreaks where significant > action > >> >> should be taken. > >> >> > >> >> To subscribe to this service please send an email to: > >> >> protection-subscribe@lists.sophos.com > >> >> > >> >> Should you have any questions about these changes, please contact > your > >> >> technical support representative. > >> >> > >> >> Regards, > >> >> > >> >> Sophos > >> >> > >> >> > >> >> ---- > >> >> To unsubscribe, email: notification-unsubscribe@lists.sophos.com > >> >> For additional commands, email: notification-faq@lists.sophos.com > >> > > >> > > >> > > >> > > >> > > >> > > ********************************************************************** > >> > Confidentiality : This e-mail and any attachments are intended for > the > >> > addressee only and may be confidential. If they come to you in error > >> > you must take no action based on them, nor must you copy or show them > >> > to anyone. Please advise the sender by replying to this e-mail > >> > immediately and then delete the original from your computer. > >> > Opinion : Any opinions expressed in this e-mail are entirely those of > >> > the author and unless specifically stated to the contrary, are not > >> > necessarily those of the author's employer. > >> > Security Warning : Internet e-mail is not necessarily a secure > >> > communications medium and can be subject to data corruption. We > advise > >> > that you consider this fact when e-mailing us. > >> > Viruses : We have taken steps to ensure that this e-mail and any > >> > attachments are free from known viruses but in keeping with good > >> > computing practice, you should ensure that they are virus free. > >> > > >> > Red Lion 49 Ltd T/A Solid State Logic > >> > Registered as a limited company in England and Wales > >> > (Company No:5362730) > >> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > >> > United Kingdom > >> > > ********************************************************************** > >> > > >> > -- > >> > MailScanner mailing list > >> > mailscanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From simon at saq.co.uk Mon Jan 14 11:58:58 2008 From: simon at saq.co.uk (Simon Jones) Date: Mon Jan 14 12:11:44 2008 Subject: FW: [Mailwatch-users] file name rules help Message-ID: > -----Original Message----- > From: mailwatch-users-bounces@lists.sourceforge.net [mailto:mailwatch- > users-bounces@lists.sourceforge.net] On Behalf Of Scott Silva > Sent: 11 January 2008 17:07 > To: mailwatch-users@lists.sourceforge.net > Subject: Re: [Mailwatch-users] file name rules help > > on 1/11/2008 4:28 AM Simon Jones spake the following: > > Hi - I need to allow .prx files through mailscanner - so i put the > > following in /etc/MailScanner/filename.rules.conf under the "# These > are > > known to be mostly harmless." section but it still quarantines them. > > > > allow \.prx$ - - > > > > thanks! > > > > Si > > > Did you reload Mailscanner? > How are they marked when they are quarantined? Could they also be > getting > caught in filetype rules? > > > -- >Hi Scott, > >Yep I did restart mailscanner - report in MailWatch: > >Anti-Virus/Dangerous Content Protection >Virus: N >Blocked File: Y >Other Infection: N >Report: No programs allowed (C17M.PRX) > >Cheers, > Hi, anyone help me get prx files through mailscanner please? originally posted to mailwatch list by mistake. Registered Office: 131 Havant Road, Hayling Island Hampshire PO11 0LE SAQ Telecom Limited is Registered in England & Wales Company Number: 03572157 http://www.saqnet.co.uk AS29219 SAQ Group Delivers high quality, honestly priced communication and I.T. services to UK Business. DSL : Domains : Email : Hosting : CoLo : Servers : Racks : Transit : Backups : Managed Networks : Remote Support. From Kit at simplysites.co.uk Mon Jan 14 12:17:11 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Mon Jan 14 12:17:29 2008 Subject: Mailscanner gateway using sendmail (are there rules forindividualdomains) In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> References: <4787D545.4040303@balanceconsult.com> <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> Message-ID: Might be crossed wired here. I want to be able to tell mailscanner/sendmail to scan all incoming but rather than put it into the mail box on the server is to relay it on to an ip address that will have exchange waiting. I want to be able to say which emails (domain) and which ip address to relay to. Thanks -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 14 January 2008 11:54 To: MailScanner discussion Subject: RE: Mailscanner gateway using sendmail (are there rules forindividualdomains) In /etc/MailScanner/MailScanner.conf Use SpamAssassin = %rules-dir%/spamassassin.rules which would contain: From: 127.0.0.1 no To: example.com yes FromOrTo: default no This would run spamassassin on incoming mails for example.com. Similar rulesets would be needed to control MailScanner's filename/filetype and phishing handling. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kit Wong > Sent: 14 January 2008 11:29 > To: MailScanner discussion > Subject: Mailscanner gateway using sendmail (are there rules > for individualdomains) > > > Hi All > > I found this article > http://wiki.mailscanner.info/doku.php?id=documentation:configu > ration:mta > :sendmail:how_to:setup_a_gateway > I have sendmail and mailscanner on a bluequartz (centos 5). > Its working > great. > > I need to be able to use the excellent spam filtering ability of > mailscanner before mail is relayed to an exchange server on a fixed ip > address . I only want to do this for a few domains. Is it > possible. The > above article hints that it can be done, but not sure if its > domain name > specific or all mail on that server. > > Thanks in advanced > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Hostmaster at computerservicecentre.com Mon Jan 14 12:41:34 2008 From: Hostmaster at computerservicecentre.com (Hostmaster) Date: Mon Jan 14 12:41:47 2008 Subject: Mailscanner gateway using sendmail (are there rulesforindividualdomains) In-Reply-To: References: <4787D545.4040303@balanceconsult.com><7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> Message-ID: <3D9C92F3075F5144B46AA2C590F48E2A354789@commssrv01.computerservicecentre.com> >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kit >Wong >Posted At: 14 January 2008 12:17 >Posted To: Hostmaster >Conversation: Mailscanner gateway using sendmail (are there rulesforindividualdomains) >Subject: RE: Mailscanner gateway using sendmail (are there rulesforindividualdomains) >Might be crossed wired here. I want to be able to tell >mailscanner/sendmail to scan all incoming but rather than put it into >the mail box on the server is to relay it on to an ip address that will >have exchange waiting. I want to be able to say which emails (domain) >and which ip address to relay to. > >Thanks Hi Kit, AFAIK, the only way to do what you want to do will be at MTA level, not with MailScanner. I know what you want to do is possible using Exim with custom manual routing transports on the outbound split queue config file, however I do not know whether you can do it with sendmail - if nobody else can suggest a solution, switch to exim :) Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. From prandal at herefordshire.gov.uk Mon Jan 14 12:44:03 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jan 14 12:44:23 2008 Subject: Mailscanner gateway using sendmail (are there rulesforindividualdomains) In-Reply-To: References: <4787D545.4040303@balanceconsult.com><7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02819D1A@HC-MBX02.herefordshire.gov.uk> Oh, sorry. Easily done by specifying the server to relay to in /etc/mail/mailertable To relay mail for mydomain.com and its subdomains to the host at 10.1.2.3 you'd have mydomain.com [10.1.2.3] .mydomain.com [10.1.2.3] You need the usual stuff in /etc/mail/access to accept mail for those domains too. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kit Wong > Sent: 14 January 2008 12:17 > To: MailScanner discussion > Subject: RE: Mailscanner gateway using sendmail (are there > rulesforindividualdomains) > > Might be crossed wired here. I want to be able to tell > mailscanner/sendmail to scan all incoming but rather than put it into > the mail box on the server is to relay it on to an ip address > that will > have exchange waiting. I want to be able to say which emails (domain) > and which ip address to relay to. > > Thanks > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, > Phil > Sent: 14 January 2008 11:54 > To: MailScanner discussion > Subject: RE: Mailscanner gateway using sendmail (are there rules > forindividualdomains) > > In /etc/MailScanner/MailScanner.conf > > Use SpamAssassin = %rules-dir%/spamassassin.rules > > which would contain: > > From: 127.0.0.1 no > To: example.com yes > FromOrTo: default no > > This would run spamassassin on incoming mails for example.com. > > Similar rulesets would be needed to control MailScanner's > filename/filetype and phishing handling. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Kit Wong > > Sent: 14 January 2008 11:29 > > To: MailScanner discussion > > Subject: Mailscanner gateway using sendmail (are there rules > > for individualdomains) > > > > > > Hi All > > > > I found this article > > http://wiki.mailscanner.info/doku.php?id=documentation:configu > > ration:mta > > :sendmail:how_to:setup_a_gateway > > I have sendmail and mailscanner on a bluequartz (centos 5). > > Its working > > great. > > > > I need to be able to use the excellent spam filtering ability of > > mailscanner before mail is relayed to an exchange server on > a fixed ip > > address . I only want to do this for a few domains. Is it > > possible. The > > above article hints that it can be done, but not sure if its > > domain name > > specific or all mail on that server. > > > > Thanks in advanced > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From a.peacock at chime.ucl.ac.uk Mon Jan 14 12:46:02 2008 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Mon Jan 14 12:46:16 2008 Subject: Mailscanner gateway using sendmail (are there rules forindividualdomains) In-Reply-To: References: <4787D545.4040303@balanceconsult.com> <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> Message-ID: <478B598A.8050300@chime.ucl.ac.uk> Hi Kit, Kit Wong wrote: > Might be crossed wired here. I want to be able to tell > mailscanner/sendmail to scan all incoming but rather than put it into > the mail box on the server is to relay it on to an ip address that will > have exchange waiting. I want to be able to say which emails (domain) > and which ip address to relay to. MailScanner does not do any local delivery. MailScanner reads from the incoming SMTP queue, scans based on its own rules, then places the scanned message into its 'outgoing' queue. The program that process that queue (usually your MTA) is the program that decides whether to deliver locally or relay on. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 From glenn.steen at gmail.com Mon Jan 14 12:54:13 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jan 14 12:54:24 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <478A6AC0.2090105@vanderkooij.org> References: <21464666.7121200238384972.JavaMail.root@office.splatnix.net> <478A3762.7060703@vanderkooij.org> <6BFB3BA8-EAC2-42DC-9534-67CAFB8B06E4@technologytiger.net> <478A6AC0.2090105@vanderkooij.org> Message-ID: <223f97700801140454n3549a107hbe039aba06c88967@mail.gmail.com> On 13/01/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Drew Marshall wrote: > | On 13 Jan 2008, at 16:08, Hugo van der Kooij wrote: > | > |> -----BEGIN PGP SIGNED MESSAGE----- > |> Hash: SHA1 > |> > |> UxBoD wrote: > |> | Sorry, being dumb today! That wouldn't make any difference anyway as > |> each line of the header is parsed. > |> > |> We need to have some sort of AND function on 2 regexp in postfix. > |> > |> Hugo. > | > | Hugo > | > | I have tried, with out success to do something similar before. The > | problem is that Postfix doesn't have any 'not' or 'and' rule > | understanding, which is pretty limiting, however, there might be an > option. > | > | How does postfix receive your time critical mail? Is it possible to > | inject it using the sendmail binary? If so you can set a regex to only > | hold mail based on your server ID like thus: > | > | /^Received:(.*)by your\.mail-server\.name \(Postfix\)/ HOLD > > I will receive it from various remote servers (1 for now) by SMTP. > > Basically I send it with a custom perlscript to a remote SMTP server to > start the timer and at the end of the chain it gets send back to me so I > know the whole SMTP chain is alive and how long it took to process > through the chain. > > The concept was deviced over a drink last friday night and by now the > SMTP chain works I just need to parse the results and setup alerting if > certain steps take to long. > > Hugo. > Hopefully the drink was a tasty... fruitjuice?!:-) I suppose you've considered the possibility of a second listener? Have a "high" port smtpd defined without the header check... have the "respondee" send to that one...? Or wouldn't that be feasible with what you're trying to do? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Kit at simplysites.co.uk Mon Jan 14 12:54:10 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Mon Jan 14 12:54:27 2008 Subject: Mailscanner gateway using sendmail (are thererulesforindividualdomains) In-Reply-To: <3D9C92F3075F5144B46AA2C590F48E2A354789@commssrv01.computerservicecentre.com> References: <4787D545.4040303@balanceconsult.com><7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> <3D9C92F3075F5144B46AA2C590F48E2A354789@commssrv01.computerservicecentre.com> Message-ID: This link http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway shows how. But not sure if its for whole server or individual domains -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hostmaster Sent: 14 January 2008 12:42 To: MailScanner discussion Subject: RE: Mailscanner gateway using sendmail (are thererulesforindividualdomains) >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kit >Wong >Posted At: 14 January 2008 12:17 >Posted To: Hostmaster >Conversation: Mailscanner gateway using sendmail (are there rulesforindividualdomains) >Subject: RE: Mailscanner gateway using sendmail (are there rulesforindividualdomains) >Might be crossed wired here. I want to be able to tell >mailscanner/sendmail to scan all incoming but rather than put it into >the mail box on the server is to relay it on to an ip address that will >have exchange waiting. I want to be able to say which emails (domain) >and which ip address to relay to. > >Thanks Hi Kit, AFAIK, the only way to do what you want to do will be at MTA level, not with MailScanner. I know what you want to do is possible using Exim with custom manual routing transports on the outbound split queue config file, however I do not know whether you can do it with sendmail - if nobody else can suggest a solution, switch to exim :) Best Regards, Richard Garner (A+, N+, AMBCS, MOS-O) All E-Mail communications are monitored in addition to being content checked for malicious codes or viruses. The success of scanning products is not guaranteed, therefore the recipient(s) should carry out any checks that they believe to be appropriate in this respect. This message (including any attachments and/or related materials) is confidential to and is the property of Computer Service Centre, unless otherwise noted. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Computer Service Centre. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ms-list at alexb.ch Mon Jan 14 12:55:10 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Jan 14 12:55:25 2008 Subject: Mailscanner gateway using sendmail (are there rules forindividualdomains) In-Reply-To: References: <4787D545.4040303@balanceconsult.com> <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> Message-ID: <478B5BAE.4090004@alexb.ch> On 1/14/2008 1:17 PM, Kit Wong wrote: > Might be crossed wired here. I want to be able to tell > mailscanner/sendmail to scan all incoming but rather than put it into > the mail box on the server is to relay it on to an ip address that will > have exchange waiting. I want to be able to say which emails (domain) > and which ip address to relay to. This seems like irrelevant to Mailwatch an MailScanner Sendmail's. afaik, mailertable & relay-domains would be your friends you might wanna read up the Sendmail docs or ask on a Sendmail list. Alex From Kit at simplysites.co.uk Mon Jan 14 12:55:40 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Mon Jan 14 12:55:58 2008 Subject: Mailscanner gateway using sendmail (are thererulesforindividualdomains) In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA02819D1A@HC-MBX02.herefordshire.gov.uk> References: <4787D545.4040303@balanceconsult.com><7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> <7EF0EE5CB3B263488C8C18823239BEBA02819D1A@HC-MBX02.herefordshire.gov.uk> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Randal, Phil Sent: 14 January 2008 12:44 To: MailScanner discussion Subject: RE: Mailscanner gateway using sendmail (are thererulesforindividualdomains) Oh, sorry. Easily done by specifying the server to relay to in /etc/mail/mailertable To relay mail for mydomain.com and its subdomains to the host at 10.1.2.3 you'd have mydomain.com [10.1.2.3] .mydomain.com [10.1.2.3] You need the usual stuff in /etc/mail/access to accept mail for those domains too. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Kit Wong > Sent: 14 January 2008 12:17 > To: MailScanner discussion > Subject: RE: Mailscanner gateway using sendmail (are there > rulesforindividualdomains) > > Might be crossed wired here. I want to be able to tell > mailscanner/sendmail to scan all incoming but rather than put it into > the mail box on the server is to relay it on to an ip address > that will > have exchange waiting. I want to be able to say which emails (domain) > and which ip address to relay to. > > Thanks > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Randal, > Phil > Sent: 14 January 2008 11:54 > To: MailScanner discussion > Subject: RE: Mailscanner gateway using sendmail (are there rules > forindividualdomains) > > In /etc/MailScanner/MailScanner.conf > > Use SpamAssassin = %rules-dir%/spamassassin.rules > > which would contain: > > From: 127.0.0.1 no > To: example.com yes > FromOrTo: default no > > This would run spamassassin on incoming mails for example.com. > > Similar rulesets would be needed to control MailScanner's > filename/filetype and phishing handling. > > Cheers, > > Phil > > -- > Phil Randal > Network Engineer > Herefordshire Council > Hereford, UK > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of Kit Wong > > Sent: 14 January 2008 11:29 > > To: MailScanner discussion > > Subject: Mailscanner gateway using sendmail (are there rules > > for individualdomains) > > > > > > Hi All > > > > I found this article > > http://wiki.mailscanner.info/doku.php?id=documentation:configu > > ration:mta > > :sendmail:how_to:setup_a_gateway > > I have sendmail and mailscanner on a bluequartz (centos 5). > > Its working > > great. > > > > I need to be able to use the excellent spam filtering ability of > > mailscanner before mail is relayed to an exchange server on > a fixed ip > > address . I only want to do this for a few domains. Is it > > possible. The > > above article hints that it can be done, but not sure if its > > domain name > > specific or all mail on that server. > > > > Thanks in advanced > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This is what it says Set your MailScanner box(es) to be MX(s) for the domain (i.e. available to the outside world), running MailScanner. A Windows box running Exchange on an IP address not available to the outside world (in our case 192.168.10.5) On the MailScanner box, there is a file called /etc/mail/mailertable. It put the following line in it: ourdomain.co.uk smtp:[192.168.10.5] (The brackets tell sendmail to bypass DNS resolution.) Add the domain name to /etc/mail/relay-domains This tells sendmail to push the mail off to the Exchange server, but crucially, it does this AFTER MailScanner has done its work. From Kit at simplysites.co.uk Mon Jan 14 13:03:37 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Mon Jan 14 13:03:56 2008 Subject: Mailscanner gateway using sendmail (are thererules forindividualdomains) In-Reply-To: <478B598A.8050300@chime.ucl.ac.uk> References: <4787D545.4040303@balanceconsult.com> <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> <478B598A.8050300@chime.ucl.ac.uk> Message-ID: Hi Kit, Kit Wong wrote: > Might be crossed wired here. I want to be able to tell > mailscanner/sendmail to scan all incoming but rather than put it into > the mail box on the server is to relay it on to an ip address that will > have exchange waiting. I want to be able to say which emails (domain) > and which ip address to relay to. >MailScanner does not do any local delivery. >MailScanner reads from the incoming SMTP queue, scans based on its own >rules, then places the scanned message into its 'outgoing' queue. The >program that process that queue (usually your MTA) is the program that >decides whether to deliver locally or relay on. -- >Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A CAT scan should take less time than a PET scan. For a CAT scan, they're only looking for one thing, whereas a PET scan could result in a lot of things." - Carl Princi, 2002/07/19 ------------------------------------------------------------------------ - In that case where do I tell sendmail to relay this? I have added Domain.com smtp:[10.1.2.3] Domain-2.com smtp:[10.1.2.4] Into /etc/mail/mailertable Also it says to put the domain in /etc/mail/relay-domains Domain.com Domain-2.com Is this correct? From glenn.steen at gmail.com Mon Jan 14 13:04:18 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jan 14 13:04:27 2008 Subject: FW: [Mailwatch-users] file name rules help In-Reply-To: References: Message-ID: <223f97700801140504t58f0e6a1rb1da4d67732820d2@mail.gmail.com> On 14/01/2008, Simon Jones wrote: > > -----Original Message----- > > From: mailwatch-users-bounces@lists.sourceforge.net [mailto:mailwatch- > > users-bounces@lists.sourceforge.net] On Behalf Of Scott Silva > > Sent: 11 January 2008 17:07 > > To: mailwatch-users@lists.sourceforge.net > > Subject: Re: [Mailwatch-users] file name rules help > > > > on 1/11/2008 4:28 AM Simon Jones spake the following: > > > Hi - I need to allow .prx files through mailscanner - so i put the > > > following in /etc/MailScanner/filename.rules.conf under the "# These > > are > > > known to be mostly harmless." section but it still quarantines them. > > > > > > allow \.prx$ - - > > > > > > thanks! > > > > > > Si > > > > > Did you reload Mailscanner? > > How are they marked when they are quarantined? Could they also be > > getting > > caught in filetype rules? > > > > > > -- > >Hi Scott, > > > >Yep I did restart mailscanner - report in MailWatch: > > > >Anti-Virus/Dangerous Content Protection > >Virus: N > >Blocked File: Y > >Other Infection: N > >Report: No programs allowed (C17M.PRX) > > > >Cheers, > > > > Hi, anyone help me get prx files through mailscanner please? originally > posted to mailwatch list by mistake. > Simon, Scott already asked fro the relevant bit of information, namely what the file command (which MS uses to determine the "type") thinks about your .prx file. My guess is that it'll trigger on one of the more optimistic file magics (like one byte magics for MS-DOS .COM executables). Show that information, please. To rectify, one could perhaps try use the new file -i stuff Jules has implemented (in beta, I think), or simply edit the magic file and compile it (file -C)... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Jan 14 13:09:17 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jan 14 13:09:28 2008 Subject: Mailscanner gateway using sendmail (are thererulesforindividualdomains) In-Reply-To: References: <4787D545.4040303@balanceconsult.com> <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> <3D9C92F3075F5144B46AA2C590F48E2A354789@commssrv01.computerservicecentre.com> Message-ID: <223f97700801140509x715002b1ibc73bf3991fc8916@mail.gmail.com> On 14/01/2008, Kit Wong wrote: > This link > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta > :sendmail:how_to:setup_a_gateway > shows how. But not sure if its for whole server or individual domains > Read the whole aexample and you'll see that it is for one relayed domain. More domains -> repeat until done:-) But then, I might be wrong, being a Postfix person:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From telecaadmin at gmail.com Mon Jan 14 13:47:57 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jan 14 13:48:07 2008 Subject: Mailscanner gateway using sendmail (are there rules forindividualdomains) In-Reply-To: References: <4787D545.4040303@balanceconsult.com> <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> Message-ID: <478B680D.6030306@gmail.com> Hi, if by any chance it is possible for you to use postfix, just do so. It is easier to configure relays and to get your configuration right with postfix than it is with sendmail. E.g.: I only define my transport table (which domains go where) and my trusted relay servers. 2 little scripts then create the necessary settings for MailScanner (do not scan outgoing, only incoming) and the relay_domain table. BR, Ronny From simon at saq.co.uk Mon Jan 14 13:52:34 2008 From: simon at saq.co.uk (Simon Jones) Date: Mon Jan 14 14:05:19 2008 Subject: FW: [Mailwatch-users] file name rules help References: <223f97700801140504t58f0e6a1rb1da4d67732820d2@mail.gmail.com> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 14 January 2008 13:04 > To: MailScanner discussion > Subject: Re: FW: [Mailwatch-users] file name rules help > > On 14/01/2008, Simon Jones wrote: > > > -----Original Message----- > > > From: mailwatch-users-bounces@lists.sourceforge.net > [mailto:mailwatch- > > > users-bounces@lists.sourceforge.net] On Behalf Of Scott Silva > > > Sent: 11 January 2008 17:07 > > > To: mailwatch-users@lists.sourceforge.net > > > Subject: Re: [Mailwatch-users] file name rules help > > > > > > on 1/11/2008 4:28 AM Simon Jones spake the following: > > > > Hi - I need to allow .prx files through mailscanner - so i put > the > > > > following in /etc/MailScanner/filename.rules.conf under the "# > These > > > are > > > > known to be mostly harmless." section but it still quarantines > them. > > > > > > > > allow \.prx$ - - > > > > > > > > thanks! > > > > > > > > Si > > > > > > > Did you reload Mailscanner? > > > How are they marked when they are quarantined? Could they also be > > > getting > > > caught in filetype rules? > > > > > > > > > -- > > >Hi Scott, > > > > > >Yep I did restart mailscanner - report in MailWatch: > > > > > >Anti-Virus/Dangerous Content Protection > > >Virus: N > > >Blocked File: Y > > >Other Infection: N > > >Report: No programs allowed (C17M.PRX) > > > > > >Cheers, > > > > > > > Hi, anyone help me get prx files through mailscanner please? > originally > > posted to mailwatch list by mistake. > > > Simon, > > Scott already asked fro the relevant bit of information, namely what > the file command (which MS uses to determine the "type") thinks about > your .prx file. My guess is that it'll trigger on one of the more > optimistic file magics (like one byte magics for MS-DOS .COM > executables). > Show that information, please. > To rectify, one could perhaps try use the new file -i stuff Jules has > implemented (in beta, I think), or simply edit the magic file and > compile it (file -C)... > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Err... what's a "magic file" (ooh dear - sorry :@) Registered Office: 131 Havant Road, Hayling Island Hampshire PO11 0LE SAQ Telecom Limited is Registered in England & Wales Company Number: 03572157 http://www.saqnet.co.uk AS29219 SAQ Group Delivers high quality, honestly priced communication and I.T. services to UK Business. DSL : Domains : Email : Hosting : CoLo : Servers : Racks : Transit : Backups : Managed Networks : Remote Support. From telecaadmin at gmail.com Mon Jan 14 14:05:27 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jan 14 14:05:37 2008 Subject: Disable filename checking in archives Message-ID: <478B6C27.4010606@gmail.com> Hi, can I by any chance disable the filename checking in attached archives? That is, all archives (zip, rar, ...) should have different FILENAME rules. Cheers, Ronny From shuttlebox at gmail.com Mon Jan 14 14:55:41 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Jan 14 14:55:52 2008 Subject: Disable filename checking in archives In-Reply-To: <478B6C27.4010606@gmail.com> References: <478B6C27.4010606@gmail.com> Message-ID: <625385e30801140655x4a325461t76fd98381d729102@mail.gmail.com> On Jan 14, 2008 3:05 PM, Ronny T. Lampert wrote: > Hi, > > can I by any chance disable the filename checking in attached archives? Set Maximum Archive Depth to 0. -- /peter From telecaadmin at gmail.com Mon Jan 14 15:27:18 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jan 14 15:27:27 2008 Subject: Disable filename checking in archives In-Reply-To: <625385e30801140655x4a325461t76fd98381d729102@mail.gmail.com> References: <478B6C27.4010606@gmail.com> <625385e30801140655x4a325461t76fd98381d729102@mail.gmail.com> Message-ID: <478B7F56.7070001@gmail.com> >> can I by any chance disable the filename checking in attached archives? > > Set Maximum Archive Depth to 0. Great, thanks! That was the exact setting I was looking for, but didn't find it! Cheers, Ronny From glenn.steen at gmail.com Mon Jan 14 17:16:49 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jan 14 17:16:59 2008 Subject: FW: [Mailwatch-users] file name rules help In-Reply-To: References: <223f97700801140504t58f0e6a1rb1da4d67732820d2@mail.gmail.com> Message-ID: <223f97700801140916g793fc022u647fc2df45cc5a48@mail.gmail.com> On 14/01/2008, Simon Jones wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > > Sent: 14 January 2008 13:04 > > To: MailScanner discussion > > Subject: Re: FW: [Mailwatch-users] file name rules help > > > > On 14/01/2008, Simon Jones wrote: > > > > -----Original Message----- > > > > From: mailwatch-users-bounces@lists.sourceforge.net > > [mailto:mailwatch- > > > > users-bounces@lists.sourceforge.net] On Behalf Of Scott Silva > > > > Sent: 11 January 2008 17:07 > > > > To: mailwatch-users@lists.sourceforge.net > > > > Subject: Re: [Mailwatch-users] file name rules help > > > > > > > > on 1/11/2008 4:28 AM Simon Jones spake the following: > > > > > Hi - I need to allow .prx files through mailscanner - so i put > > the > > > > > following in /etc/MailScanner/filename.rules.conf under the "# > > These > > > > are > > > > > known to be mostly harmless." section but it still quarantines > > them. > > > > > > > > > > allow \.prx$ - - > > > > > > > > > > thanks! > > > > > > > > > > Si > > > > > > > > > Did you reload Mailscanner? > > > > How are they marked when they are quarantined? Could they also be > > > > getting > > > > caught in filetype rules? > > > > > > > > > > > > -- > > > >Hi Scott, > > > > > > > >Yep I did restart mailscanner - report in MailWatch: > > > > > > > >Anti-Virus/Dangerous Content Protection > > > >Virus: N > > > >Blocked File: Y > > > >Other Infection: N > > > >Report: No programs allowed (C17M.PRX) > > > > > > > >Cheers, > > > > > > > > > > Hi, anyone help me get prx files through mailscanner please? > > originally > > > posted to mailwatch list by mistake. > > > > > Simon, > > > > Scott already asked fro the relevant bit of information, namely what > > the file command (which MS uses to determine the "type") thinks about > > your .prx file. My guess is that it'll trigger on one of the more > > optimistic file magics (like one byte magics for MS-DOS .COM > > executables). > > Show that information, please. > > To rectify, one could perhaps try use the new file -i stuff Jules has > > implemented (in beta, I think), or simply edit the magic file and > > compile it (file -C)... > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > Err... what's a "magic file" (ooh dear - sorry :@) > Hehe... What an amazing amount of misinformation I could give you now, if I was a really evil bunny.... :-) I suggest you read "man file" or "info file" or google it...:-). Short synopsis: a "file magic number" is simply a collection of more or less simple patterns to determine a file type. The magic is usually rather numeric in form, but can also include strings etc. A "magic-file" is a file containg a collection of "file magics" that the file command uses. Since this collection is rather hefty, the command doesn't use the human-readable text file (usually found someplace like /usr/share/misc/magic ... check your file-commands man-page...)... Rather it "compiles" this into a binary format (magic.mgc). This compilation can easily be done by way of "file -C" ... So once you know what magic gets triggered by file on the .prx file, you can edit your copy of the magic file and "recompile" it... Clearer? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Mon Jan 14 17:49:18 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 14 17:49:48 2008 Subject: Mailscanner gateway using sendmail (are there rules forindividualdomains) In-Reply-To: <478B680D.6030306@gmail.com> References: <4787D545.4040303@balanceconsult.com> <7EF0EE5CB3B263488C8C18823239BEBA02819CEA@HC-MBX02.herefordshire.gov.uk> <478B680D.6030306@gmail.com> Message-ID: <478BA09E.4090507@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ronny T. Lampert wrote: | Hi, | | if by any chance it is possible for you to use postfix, just do so. | It is easier to configure relays and to get your configuration right | with postfix than it is with sendmail. I recall that sendmail can be configured just as easily in this regard. So if it ain't broken then please do not break just for something new. (Meet the new boss, same as the old boss. ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHi6CVBvzDRVjxmYERAogLAJ0Vt4oR3EEQVGXKTjHRdvuupxZcVwCfWlZj 6Zc2WlUE4Z5rYf0GbV//p7I= =INqI -----END PGP SIGNATURE----- From uxbod at splatnix.net Mon Jan 14 17:55:47 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Jan 14 17:56:08 2008 Subject: [Mailwatch-users] Email Archiving Patch In-Reply-To: <478B9C0E.4020901@glcomputers.com> Message-ID: <25353017.2961200333347562.JavaMail.root@office.splatnix.net> Graham, Thinking about it, I presume you are not going to store the actual message in a database ? IMHO it would be better to modify MailScanner so that it could store the messages in a seperate area on disk. Just as it does with quarantined messages. It would be fairly simple to add a new option to MailScanner.conf and then update MessageBatch.pm and Message.pm to write out the email if the parameter is set. This would also satisfy requirements of SOX (Sarbanes-Oxley). I have cross-posted to MailScanner list as I believe that it is appropriate. Apologies if not deemed so by others. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Graham Pearson" To: mailwatch-users@lists.sourceforge.net Sent: 14 January 2008 17:29:50 o'clock (GMT) Europe/London Subject: [Mailwatch-users] Email Archiving Patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 List: I am working on a patch that will allow MailWatch store Clean messages within a new table for archiving purposes since archiving of email is being required for Indiana K-12 School Districts. I have been successful within Mailwatch when a message is clean to store the message within another table called mailarchive at the same time that it is storing the message within maillog. Right now I am stumped is what variable within the $$message structure would contain the same information that is within the message id text file that is stored within the filesystem? Once I can figure this out, then I will be working on a patch for the Web Interface for Administrators to retrieve any message from this new table. Then I will need to learn how to create a patch so others who want to utilize this can patch their files. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHi5wOTaiPMnvbJeURAoyDAJ9cHixxeuDdCoptU2h6FrHRmc97KQCfbSgu 5jxLY/Py5oF7YqNoXbBlGEw= =QEOO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Mailwatch-users mailing list Mailwatch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mailwatch-users -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Jan 14 18:02:01 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 14 18:02:29 2008 Subject: Let postfix bypass MailScanner for specific recipients In-Reply-To: <223f97700801140454n3549a107hbe039aba06c88967@mail.gmail.com> References: <21464666.7121200238384972.JavaMail.root@office.splatnix.net> <478A3762.7060703@vanderkooij.org> <6BFB3BA8-EAC2-42DC-9534-67CAFB8B06E4@technologytiger.net> <478A6AC0.2090105@vanderkooij.org> <223f97700801140454n3549a107hbe039aba06c88967@mail.gmail.com> Message-ID: <478BA399.4090408@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: | On 13/01/2008, Hugo van der Kooij wrote: |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Drew Marshall wrote: |> | On 13 Jan 2008, at 16:08, Hugo van der Kooij wrote: |> | |> |> -----BEGIN PGP SIGNED MESSAGE----- |> |> Hash: SHA1 |> |> |> |> UxBoD wrote: |> |> | Sorry, being dumb today! That wouldn't make any difference anyway as |> |> each line of the header is parsed. |> |> |> |> We need to have some sort of AND function on 2 regexp in postfix. |> |> |> |> Hugo. |> | |> | Hugo |> | |> | I have tried, with out success to do something similar before. The |> | problem is that Postfix doesn't have any 'not' or 'and' rule |> | understanding, which is pretty limiting, however, there might be an |> option. |> | |> | How does postfix receive your time critical mail? Is it possible to |> | inject it using the sendmail binary? If so you can set a regex to only |> | hold mail based on your server ID like thus: |> | |> | /^Received:(.*)by your\.mail-server\.name \(Postfix\)/ HOLD |> |> I will receive it from various remote servers (1 for now) by SMTP. |> |> Basically I send it with a custom perlscript to a remote SMTP server to |> start the timer and at the end of the chain it gets send back to me so I |> know the whole SMTP chain is alive and how long it took to process |> through the chain. |> |> The concept was deviced over a drink last friday night and by now the |> SMTP chain works I just need to parse the results and setup alerting if |> certain steps take to long. |> |> Hugo. |> | Hopefully the drink was a tasty... fruitjuice?!:-) Nahh. Just two sorts of beer and two sorts of softdrinks. | I suppose you've considered the possibility of a second listener? Have | a "high" port smtpd defined without the header check... have the | "respondee" send to that one...? | Or wouldn't that be feasible with what you're trying to do? I have not given it a real hard thought. The majority of our SMTP products are able to connect to any port I see fit to configure. But I need to work out that after I tackled the reporting issue. I got some great ideas from the SEC mailinglist. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHi6OVBvzDRVjxmYERAp0UAJ4s20vhb19TD388jv2GeGJJ6OgcHwCZAXFv FDH91v5hC4s6QZ61f1+mOzk= =HxA8 -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Mon Jan 14 18:16:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 14 18:17:02 2008 Subject: [Mailwatch-users] Email Archiving Patch In-Reply-To: <25353017.2961200333347562.JavaMail.root@office.splatnix.net> References: <25353017.2961200333347562.JavaMail.root@office.splatnix.net> Message-ID: <478BA705.7050901@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Archive Mail" can already do that. - --[ UxBoD ]-- wrote: > Graham, > > Thinking about it, I presume you are not going to store the actual message in a database ? IMHO it would be better to modify MailScanner so that it could store the messages in a seperate area on disk. Just as it does with quarantined messages. It would be fairly simple to add a new option to MailScanner.conf and then update MessageBatch.pm and Message.pm to write out the email if the parameter is set. This would also satisfy requirements of SOX (Sarbanes-Oxley). > > I have cross-posted to MailScanner list as I believe that it is appropriate. Apologies if not deemed so by others. > > Regards, > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHi6cIEfZZRxQVtlQRAjPfAJ9KYg3KBnUNNmEsm2nJ64x7d9frpQCg4Ari WU7Io6ieei4BSsC7NIpznTg= =SIOt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gborders at balanceconsult.com Mon Jan 14 18:33:35 2008 From: gborders at balanceconsult.com (Greg Borders) Date: Mon Jan 14 18:35:23 2008 Subject: Only sign outgoing messages rules revisited. In-Reply-To: <4787EF63.9070507@ecs.soton.ac.uk> References: <4787D545.4040303@balanceconsult.com> <4787EF63.9070507@ecs.soton.ac.uk> Message-ID: <478BAAFF.10907@balanceconsult.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Greg Borders wrote: > >> I'm looking into doing this, and I implemented this rule from the >> examples: >> >> 3. Only sign outgoing messages >> Set "Sign Clean Messages = /opt/MailScanner/etc/rules/signing.rules". >> If your messages come from "yourdomain.com", then try this: >> From: 192.168. yes >> FromOrTo: default no >> where your network is the whole of 192.168.xxx.xxx. >> >> My subnet happens to match nicely with the examples. >> However, it signs *all* outbound messages, even from in-house user to >> other in-house user. >> I'd like to eliminate the signing for all inhouse person-to person >> mails. I've tried several extra rules, but no success yet. It just >> keeps tagging all sent mail. >> >> I'd expect something like this to work: >> From: 192.168. yes >> To: 192.168. no >> > You can't do "To", only "From" with IP addresses. The MTA doesn't know > the IP address of the destination address until it has already > successfully delivered the message, at which point it's a bit late to > start testing things :-) > > To: yourdomain.com no > FromOrTo: default yes > > is usually good enough, isn't it? > > Jules > Ahhh, that's a good tip to know. Can't IP's on "TO:" This might be worth mentioning in the EXAMPLES file.... This is the final signing.rules that is now working for me for no in-house signatures: To: domain.com no From: 192.168. yes FromOrTo: default no -- This email message and any document accompanying it may contain information intended only for the person(s) named. Any use, distribution, copying or disclosure by another person is strictly prohibited. NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: DISCLOSURE UNDER TREASURY CIRCULAR 230: Any tax advice included in this written or electronic communication was not intended or written to be used, and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer by any governmental taxing authority or agency. This written or electronic communication does not represent legal advice. Persons in need of a legal opinion should seek competent counsel. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080114/2984c7cd/attachment.html From uxbod at splatnix.net Mon Jan 14 18:21:10 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Jan 14 18:46:48 2008 Subject: [Mailwatch-users] Email Archiving Patch In-Reply-To: <478BA705.7050901@ecs.soton.ac.uk> Message-ID: <24277529.3221200334870440.JavaMail.root@office.splatnix.net> Grrrr! Dumb sys-admin did not even think to check as thought somebody would have already been there! Sorry Jules. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: 14 January 2008 18:16:37 o'clock (GMT) Europe/London Subject: Re: [Mailwatch-users] Email Archiving Patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 "Archive Mail" can already do that. - --[ UxBoD ]-- wrote: > Graham, > > Thinking about it, I presume you are not going to store the actual message in a database ? IMHO it would be better to modify MailScanner so that it could store the messages in a seperate area on disk. Just as it does with quarantined messages. It would be fairly simple to add a new option to MailScanner.conf and then update MessageBatch.pm and Message.pm to write out the email if the parameter is set. This would also satisfy requirements of SOX (Sarbanes-Oxley). > > I have cross-posted to MailScanner list as I believe that it is appropriate. Apologies if not deemed so by others. > > Regards, > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHi6cIEfZZRxQVtlQRAjPfAJ9KYg3KBnUNNmEsm2nJ64x7d9frpQCg4Ari WU7Io6ieei4BSsC7NIpznTg= =SIOt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Jan 14 19:19:35 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 14 19:20:08 2008 Subject: Mailscanner gateway using sendmail (are there rules for individual domains) In-Reply-To: References: <4787D545.4040303@balanceconsult.com> Message-ID: <478BB5C7.6060801@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kit Wong wrote: | Hi All Kit, please do not hijack a thread. It makes a mess of mailinglist archives. Identified by your headers: Message-ID: X-MimeOLE: Produced By Microsoft Exchange V6.5 In-Reply-To: <4787D545.4040303@balanceconsult.com> Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHi7XEBvzDRVjxmYERAqfkAKCcJyuXvYM/85VK9HCPfLnMc0UfZwCeKQ/w QYwifrUPnutogSooRDx5Ovc= =XtP9 -----END PGP SIGNATURE----- From alvaro at hostalia.com Mon Jan 14 22:27:04 2008 From: alvaro at hostalia.com (=?ISO-8859-1?Q?Alvaro_Mar=EDn?=) Date: Mon Jan 14 22:28:51 2008 Subject: X-MailScanner-ID header Message-ID: <478BE1B8.6070803@hostalia.com> Hello, I've installed the last stable version, upgrading from 4.62.9-3 and I see that in this new version a new header is added in every message. This new header is called X-MailScanner-ID and it seems that contais the message's ID. Is there any way to disable it? As I see in Message.pm, is always added. Thanks! Regards, -- Alvaro Mar?n Illera Hostalia Internet www.hostalia.com From waytotheweb at googlemail.com Tue Jan 15 08:53:45 2008 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Tue Jan 15 08:53:55 2008 Subject: PathTools 3.26 breaks MailScanner Message-ID: MailScanner stopped working overnight on a number of our servers and client servers (running cPanel). We have tracked the problem down to an upgrade to the latest version of the PathTools perl module. It results in a segmentation fault. Downgrading PathTools to version 3.2501 fixes the problem. -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From edward at tdcs.com.au Tue Jan 15 10:45:52 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Tue Jan 15 10:47:12 2008 Subject: [OT] Help Desk Software Message-ID: Sorry to bounce this off you guys, but I've googled and there seem to be too many free php based help desk software for me to go through all of them. Do you guys use web based help desk software and if so what can you recommend? Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Tue Jan 15 10:48:07 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jan 15 10:48:22 2008 Subject: email from Colonial Real Estate, Inc. Message-ID: <7594dbde6d87d84ea02612cf0f98990e@solidstatelogic.com> Steve Any chance of nixing their email to the list - I'm seeing multiple OoO style things going to the list.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From goetz.reinicke at filmakademie.de Tue Jan 15 11:01:18 2008 From: goetz.reinicke at filmakademie.de (=?ISO-8859-1?Q?G=F6tz_Reinicke?=) Date: Tue Jan 15 11:01:29 2008 Subject: [OT] Help Desk Software In-Reply-To: References: Message-ID: <478C927E.8070503@filmakademie.de> Edward Dekkers schrieb: > Sorry to bounce this off you guys, but I've googled and there seem to be too > many free php based help desk software for me to go through all of them. > > Do you guys use web based help desk software and if so what can you > recommend? OTRS. http://www.otrs.com/en/ /regards G?tz -- G?tz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Gesch?ftsf?hrer: Prof. Thomas Schadt From vlad at univap.br Tue Jan 15 11:03:05 2008 From: vlad at univap.br (Vladimir M Costa) Date: Tue Jan 15 11:03:27 2008 Subject: [OT] Help Desk Software In-Reply-To: References: Message-ID: <478C92E9.2020606@univap.br> Edward Dekkers wrote: > Sorry to bounce this off you guys, but I've googled and there seem to be too > many free php based help desk software for me to go through all of them. > > Do you guys use web based help desk software and if so what can you > recommend? > > Regards, > Ed. > > > www.otrs.org From rabellino at di.unito.it Tue Jan 15 12:00:32 2008 From: rabellino at di.unito.it (Sergio Rabellino) Date: Tue Jan 15 12:00:48 2008 Subject: [OT] Help Desk Software In-Reply-To: References: Message-ID: <478CA060.1090907@di.unito.it> We're using since 2006 http://www.oneorzero.com, very simple to install, adapt and use. Edward Dekkers ha scritto: > Sorry to bounce this off you guys, but I've googled and there seem to be too > many free php based help desk software for me to go through all of them. > > Do you guys use web based help desk software and if so what can you > recommend? > > Regards, > Ed. > > > > -- ing. Sergio Rabellino Universit? degli Studi di Torino Dipartimento di Informatica ICT Services Director C.so Svizzera 185, 10149 - Torino -------------- next part -------------- Skipped content of type multipart/related From edward at tdcs.com.au Tue Jan 15 12:05:37 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Tue Jan 15 12:07:09 2008 Subject: [OT] Help Desk Software In-Reply-To: <478C92E9.2020606@univap.br> References: <478C92E9.2020606@univap.br> Message-ID: > www.otrs.org 3 replies - 3 times the same advice. Thanks guys - that will do. OTRS it is. Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From support-lists at petdoctors.co.uk Tue Jan 15 12:21:00 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Tue Jan 15 12:21:54 2008 Subject: [OT] Help Desk Software In-Reply-To: Message-ID: <00cb01c85771$16d83c10$0202fea9@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Edward Dekkers Sent: Tuesday, January 15, 2008 10:46 AM To: 'MailScanner discussion' Subject: [OT] Help Desk Software Sorry to bounce this off you guys, but I've googled and there seem to be too many free php based help desk software for me to go through all of them. Do you guys use web based help desk software and if so what can you recommend? Regards, Ed. GLPI - Tracks inventory/maintenance schedules and problems by items too. Not so hot on SLAs yet but worth a look: http://glpi-project.org/?lang=en From support-lists at petdoctors.co.uk Tue Jan 15 12:22:51 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Tue Jan 15 12:23:23 2008 Subject: [OT] Help Desk Software In-Reply-To: Message-ID: <00db01c85771$58ab9560$0202fea9@support01> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Edward Dekkers Sent: Tuesday, January 15, 2008 12:06 PM To: 'MailScanner discussion' Subject: RE: [OT] Help Desk Software > www.otrs.org 3 replies - 3 times the same advice. Thanks guys - that will do. OTRS it is. Whoa - how about some features/needs analysis and an evaluation process first!!?? From bpirie at rma.edu Tue Jan 15 13:08:14 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Jan 15 13:04:24 2008 Subject: [OT] Help Desk Software In-Reply-To: References: Message-ID: <478CB03E.7090202@rma.edu> We've been looking into http://bestpractical.com/rt/ as a result of recommendations from several people. Brendan Pirie Manager of Information Technology Randolph-Macon Academy bpirie@rma.edu Edward Dekkers wrote: > Sorry to bounce this off you guys, but I've googled and there seem to be too > many free php based help desk software for me to go through all of them. > > Do you guys use web based help desk software and if so what can you > recommend? > > Regards, > Ed. > > > From publicforum at myjaring.net Tue Jan 15 13:54:03 2008 From: publicforum at myjaring.net (Lawrence Lam) Date: Tue Jan 15 13:54:24 2008 Subject: [OT] Help Desk Software In-Reply-To: References: Message-ID: <000001c8577e$173e16e0$45ba44a0$@net> Try the @1 Helpdesk XP v3.20 at http://upoint.info/cgi/index-bestseller.htm This PHP script is extremely reliable. It is fast as it does not use much graphics. We have been using it for 3 years with 1,700 tickets (some tickets contain more than 200 messages). No message or attachment upload has ever corrupted - not even once. You can always tell if your customer has read your message. If not, reminders can be sent automatically or manually. The system does not use the usual open/closed ticket method. Its method is very simple - latest tickets (or tickets with new replies) go to the top. If a ticket is closed manually, it will go to the bottom of the list. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Edward Dekkers Sent: Tuesday, January 15, 2008 6:46 PM To: 'MailScanner discussion' Subject: [OT] Help Desk Software Sorry to bounce this off you guys, but I've googled and there seem to be too many free php based help desk software for me to go through all of them. Do you guys use web based help desk software and if so what can you recommend? Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ugob at lubik.ca Tue Jan 15 14:01:02 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Tue Jan 15 14:01:36 2008 Subject: [OT] Help Desk Software In-Reply-To: <478CB03E.7090202@rma.edu> References: <478CB03E.7090202@rma.edu> Message-ID: Brendan Pirie wrote: > We've been looking into http://bestpractical.com/rt/ as a result of > recommendations from several people. I use it and love it. Not trivial to install though. Ugo From glenn.steen at gmail.com Tue Jan 15 14:59:17 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jan 15 14:59:28 2008 Subject: email from Colonial Real Estate, Inc. In-Reply-To: <7594dbde6d87d84ea02612cf0f98990e@solidstatelogic.com> References: <7594dbde6d87d84ea02612cf0f98990e@solidstatelogic.com> Message-ID: <223f97700801150659s5abca011qaf843f65965ac09b@mail.gmail.com> On 15/01/2008, Martin.Hepworth wrote: > Steve > > Any chance of nixing their email to the list - I'm seeing multiple OoO style things going to the list.. > An emphatic CC on that account! BTW... "nixing"...? What would that be? Something akin to the act of registering in the Swedish "NIX" registers (one for telemarketing (http://www.nix.nu), one for snailmail SPAM (http://www.swedma.se/site.aspx?id=16) ...? For those of you who follow the links and don't read Swedish real well, the gist of it is that if you register your phone or address in the registers, companies aren't allowed to send ads or disturb your peace while eating (when telemarketeers usually call...), unless they have a prior business agreement with you. Good in theory, works pretty well in practice. The scumbags still call though, but then you can have no remorse whilst hanging up:-). "Nix" would translate to "Nope"...:). But you perhaps already knew that.:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From bpirie at rma.edu Tue Jan 15 17:23:27 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Jan 15 17:19:34 2008 Subject: filename rules for docx with multiple xml.rel files In-Reply-To: References: Message-ID: <478CEC0F.5000501@rma.edu> I've been getting numerous complaints about blocked Word (docx) files lately. The cause appears to be that the included filename rule "allow \.xml\.rel$ - -" doesn't account for multiple xml.rel files. e.g.: Quarantine: /var/spool/MailScanner/quarantine/20080111/m0C3woql005602 Report: Attempt to hide real filename extension (document.xml1.rel) Report: Attempt to hide real filename extension (document.xml2.rel) I've added a new rule: allow \.xml[0-9]\.rel$ - - to the filename.rules.conf file, but I don't know enough about the new docx format to create a file that contains multiple xml.rel files to test with. Has anyone else run into this, or come up with a more elegant solution? Thanks, Brendan From ssilva at sgvwater.com Tue Jan 15 17:50:08 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 15 17:50:31 2008 Subject: [OT] Help Desk Software In-Reply-To: <00db01c85771$58ab9560$0202fea9@support01> References: <00db01c85771$58ab9560$0202fea9@support01> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 on 1/15/2008 4:22 AM Nigel Kendrick spake the following: | | | -----Original Message----- | From: mailscanner-bounces@lists.mailscanner.info | [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Edward | Dekkers | Sent: Tuesday, January 15, 2008 12:06 PM | To: 'MailScanner discussion' | Subject: RE: [OT] Help Desk Software | |> www.otrs.org | | 3 replies - 3 times the same advice. | | Thanks guys - that will do. | | OTRS it is. | | | | Whoa - how about some features/needs analysis and an evaluation process | first!!?? | Sounds like a government job. Lets do a million dollar analysis to see if we want to use free software! ;-P - -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHjPJQRADw9lziUqQRAjhyAJ9J7Pdi+7FKuhWMQg2IrIjDmhTR+gCfZBnK iW82+uaseGTnyTtokvaA7Zw= =g7EZ -----END PGP SIGNATURE----- From bpirie at rma.edu Tue Jan 15 18:06:38 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Jan 15 18:02:44 2008 Subject: filename rules for docx with multiple xml.rel files In-Reply-To: <478CEC0F.5000501@rma.edu> References: <478CEC0F.5000501@rma.edu> Message-ID: <478CF62E.80107@rma.edu> Crud. Sorry about misthreading this. Just go ahead and shoot me now. Brendan From Kevin_Miller at ci.juneau.ak.us Tue Jan 15 18:12:20 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jan 15 18:11:43 2008 Subject: filename rules for docx with multiple xml.rel files In-Reply-To: <478CF62E.80107@rma.edu> References: <478CEC0F.5000501@rma.edu> <478CF62E.80107@rma.edu> Message-ID: Brendan Pirie wrote: > Crud. Sorry about misthreading this. Just go ahead and shoot me now. > > Brendan Can't. Executions are only performed on the third Wednesdays of even months. You're just going to have to live with your guilt. I don't envy you. ;-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From bpirie at rma.edu Tue Jan 15 18:24:27 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Jan 15 18:20:37 2008 Subject: filename rules for docx with multiple xml.rel files In-Reply-To: References: <478CEC0F.5000501@rma.edu> <478CF62E.80107@rma.edu> Message-ID: <478CFA5B.2010106@rma.edu> Kevin Miller wrote: > Brendan Pirie wrote: >> Crud. Sorry about misthreading this. Just go ahead and shoot me now. >> >> Brendan > > Can't. Executions are only performed on the third Wednesdays of even > months. You're just going to have to live with your guilt. I don't > envy you. > ;-) > > ...Kevin Fine. Put me in the queue. :) Brendan From ssilva at sgvwater.com Tue Jan 15 18:32:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 15 18:32:49 2008 Subject: filename rules for docx with multiple xml.rel files In-Reply-To: <478CFA5B.2010106@rma.edu> References: <478CEC0F.5000501@rma.edu> <478CF62E.80107@rma.edu> <478CFA5B.2010106@rma.edu> Message-ID: on 1/15/2008 10:24 AM Brendan Pirie spake the following: > Kevin Miller wrote: >> Brendan Pirie wrote: >>> Crud. Sorry about misthreading this. Just go ahead and shoot me now. >>> >>> Brendan >> >> Can't. Executions are only performed on the third Wednesdays of even >> months. You're just going to have to live with your guilt. I don't >> envy you. >> ;-) >> >> ...Kevin > > Fine. Put me in the queue. :) > > Brendan > But there is some space available in flogging, and we can let you know when your turn comes up. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080115/9bde6b29/signature.bin From bpirie at rma.edu Tue Jan 15 18:48:15 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Jan 15 18:44:23 2008 Subject: filename rules for docx with multiple xml.rel files In-Reply-To: References: <478CEC0F.5000501@rma.edu> <478CF62E.80107@rma.edu> <478CFA5B.2010106@rma.edu> Message-ID: <478CFFEF.8080404@rma.edu> Scott Silva wrote: > on 1/15/2008 10:24 AM Brendan Pirie spake the following: >> Kevin Miller wrote: >>> Brendan Pirie wrote: >>>> Crud. Sorry about misthreading this. Just go ahead and shoot me now. >>>> >>>> Brendan >>> >>> Can't. Executions are only performed on the third Wednesdays of even >>> months. You're just going to have to live with your guilt. I don't >>> envy you. >>> ;-) >>> >>> ...Kevin >> >> Fine. Put me in the queue. :) >> >> Brendan >> > But there is some space available in flogging, and we can let you know > when your turn comes up. > Right! Torture it is, then, and probably a more fitting punishment at that. Don't let me take the easy way out! From hvdkooij at vanderkooij.org Tue Jan 15 18:53:48 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 15 18:54:20 2008 Subject: email from Colonial Real Estate, Inc. In-Reply-To: <7594dbde6d87d84ea02612cf0f98990e@solidstatelogic.com> References: <7594dbde6d87d84ea02612cf0f98990e@solidstatelogic.com> Message-ID: <478D013C.8060904@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin.Hepworth wrote: | Steve | | Any chance of nixing their email to the list - I'm seeing multiple OoO style things going to the list.. I follow a simple procedure for autoresponders to a mailinglist. I put their email adres on a page where most people will never see them but those greedy bots that gather addresses will find them in time. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHjQE6BvzDRVjxmYERAmHvAKCpzFuIe3trMSXkFQ1EFDqARzrlngCcDD1O fQX9PXKkPZuJXduuBMHYufU= =N31B -----END PGP SIGNATURE----- From uxbod at splatnix.net Tue Jan 15 18:57:49 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jan 15 19:01:02 2008 Subject: email from Colonial Real Estate, Inc. In-Reply-To: <478D013C.8060904@vanderkooij.org> Message-ID: <25512762.5581200423469333.JavaMail.root@office.splatnix.net> nice one hugo; increase the bot traffic ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Phil.Udel at SalemCorp.com Tue Jan 15 19:01:21 2008 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Tue Jan 15 19:02:09 2008 Subject: Web Mail Client Message-ID: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Can anyone suggest a Web Mail Client. I have been using SquirrelMail for years. Management wants a client with a Outlook fell. Anyway, I was looking at openwebmail but don;t really know that much about it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080115/29c78ada/attachment.html From ssilva at sgvwater.com Tue Jan 15 19:10:41 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 15 19:11:03 2008 Subject: email from Colonial Real Estate, Inc. In-Reply-To: <478D013C.8060904@vanderkooij.org> References: <7594dbde6d87d84ea02612cf0f98990e@solidstatelogic.com> <478D013C.8060904@vanderkooij.org> Message-ID: on 1/15/2008 10:53 AM Hugo van der Kooij spake the following: > Martin.Hepworth wrote: > | Steve > | > | Any chance of nixing their email to the list - I'm seeing multiple OoO > style things going to the list.. > > I follow a simple procedure for auto responders to a mailing list. I put > their email address on a page where most people will never see them but > those greedy bots that gather addresses will find them in time. > > Hugo. > WOW! Who needs an evil bunny anymore? Remind me to not catch you on a bad day. ;-P What happened to the good old days? A simple flogging followed by a dunking or some time in the stocks usually worked wonders! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080115/363aedd8/signature.bin From hvdkooij at vanderkooij.org Tue Jan 15 19:12:22 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 15 19:12:55 2008 Subject: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <478D0596.5020403@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phil Udel wrote: | Can anyone suggest a Web Mail Client. I have been using SquirrelMail | for years. | Management wants a client with a Outlook fell. Then install Outlook Web Access. Of course you need to run Exchange for this. But what the heck. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHjQWUBvzDRVjxmYERApaAAJwOnMzqYA7K8yXkN/s9XYqvMqqDwQCgjyT1 mTHD0X0NmM4vJj/7YFpvlk0= =lbcq -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Tue Jan 15 19:12:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 15 19:13:11 2008 Subject: OT: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <478D05A6.5060508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OT as ever :-) Check out roundcube. Lots of very clever Javascript. Phil Udel wrote: > Can anyone suggest a Web Mail Client. I have been using SquirrelMail > for years. > Management wants a client with a Outlook fell. > > Anyway, I was looking at openwebmail but don;t really know that much > about it. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHjQWyEfZZRxQVtlQRAkGCAKDKCmW699Qp4BNAMCXTzYBUEh0fugCg0MKW KjMUPInOPBSkuhcNHmohLgo= =xP0j -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikea at mikea.ath.cx Tue Jan 15 19:13:45 2008 From: mikea at mikea.ath.cx (mikea) Date: Tue Jan 15 19:13:58 2008 Subject: [OT] Help Desk Software In-Reply-To: References: <478CB03E.7090202@rma.edu> Message-ID: <20080115191345.GC8253@mikea.ath.cx> On Tue, Jan 15, 2008 at 09:01:02AM -0500, Ugo Bellavance wrote: > Brendan Pirie wrote: > >We've been looking into http://bestpractical.com/rt/ as a result of > >recommendations from several people. > > I use it and love it. Not trivial to install though. RT is excellent for helpdesk service, but needs configuration. The helpdesk products I'm familiar with are: Request Tracker - www.bestpractical.com/rt/ Kana - www.kana.com/ Remedy - www.remedy.com/ and a tiny bit with Open source Ticket Request System - otrs.org/ For complaint/abuse desk service, where you need to play things closer to your chest. they're not so good. If you want abuse desk software, look at Abacus from wordtothewise.com. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From uxbod at splatnix.net Tue Jan 15 19:22:26 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jan 15 19:23:02 2008 Subject: OT: Web Mail Client In-Reply-To: <478D05A6.5060508@ecs.soton.ac.uk> Message-ID: <1982757.5611200424946951.JavaMail.root@office.splatnix.net> if you want just webmail then as Jules says RoundCube is great. if you want a full suite use the FOSS Zimbra package. http://www.zimbra.com. it has AV/AS already in it, but I run it in a VM and have MS running before it and forwarding the email on. MS is always being promoted on the Zimbra forums ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Julian Field" To: "MailScanner discussion" Sent: 15 January 2008 19:12:38 o'clock (GMT) Europe/London Subject: Re: OT: Web Mail Client -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OT as ever :-) Check out roundcube. Lots of very clever Javascript. Phil Udel wrote: > Can anyone suggest a Web Mail Client. I have been using SquirrelMail > for years. > Management wants a client with a Outlook fell. > > Anyway, I was looking at openwebmail but don;t really know that much > about it. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHjQWyEfZZRxQVtlQRAkGCAKDKCmW699Qp4BNAMCXTzYBUEh0fugCg0MKW KjMUPInOPBSkuhcNHmohLgo= =xP0j -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From miguelk at konsultex.com.br Tue Jan 15 19:24:11 2008 From: miguelk at konsultex.com.br (Miguel Koren O'Brien de Lacy) Date: Tue Jan 15 19:24:38 2008 Subject: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <478D085B.5080406@konsultex.com.br> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080115/058b03b4/attachment.html From rgreen at trayerproducts.com Tue Jan 15 19:25:11 2008 From: rgreen at trayerproducts.com (Rodney Green) Date: Tue Jan 15 19:29:09 2008 Subject: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <478D0897.2050906@trayerproducts.com> OpenWebMail could be an option for you. It has "skins" you can use with different interface styles. http://openwebmail.org/ Rod Phil Udel wrote: > Can anyone suggest a Web Mail Client. I have been using SquirrelMail > for years. > Management wants a client with a Outlook fell. > > Anyway, I was looking at openwebmail but don;t really know that much > about it. > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- / / -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Tue Jan 15 19:29:19 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Tue Jan 15 19:29:44 2008 Subject: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <200801151929.m0FJTYUS005614@mxt.1bigthink.com> Skipped content of type multipart/alternative From Phil.Udel at SalemCorp.com Tue Jan 15 19:39:08 2008 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Tue Jan 15 19:39:48 2008 Subject: Web Mail Client In-Reply-To: <478D0596.5020403@vanderkooij.org> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D0596.5020403@vanderkooij.org> Message-ID: <002001c857ae$4c779310$6102a8c0@salemcorp.com> Phil Udel wrote: | Can anyone suggest a Web Mail Client. I have been using SquirrelMail | for years. | Management wants a client with a Outlook fell. Then install Outlook Web Access. Of course you need to run Exchange for this. But what the heck. Hugo. - -- LOL, Aggg Exchange, I would rather suck the snot from a dead dogs nose then run exchange. But I might be a little narrow-minded :) From richard.frovarp at sendit.nodak.edu Tue Jan 15 19:45:49 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Jan 15 19:46:00 2008 Subject: OT: Web Mail Client In-Reply-To: <478D05A6.5060508@ecs.soton.ac.uk> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D05A6.5060508@ecs.soton.ac.uk> Message-ID: <478D0D6D.1060208@sendit.nodak.edu> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > OT as ever :-) > Check out roundcube. Lots of very clever Javascript. > > Anyone concerned that it is version 0.1-rc2? I know that versions don't necessarily mean a lot, but 0.1 is typically pre-alpha, not something you'd have an RC to. There's always Horde: www.horde.org Or Nutsmail: www.nutsmail.com @mail isn't free, but it is cheap: www.atmail.com We're looking at a possible replacement, as squirrlemail isn't pretty enough. One requirement is that it has to support IMAP as we're not replacing that infrastructure. Oh and to be able to scale to a very large number of users (usually not a performance problem, but at $1/mail box it would probably be cheaper to write our own every year). From uxbod at splatnix.net Tue Jan 15 19:53:51 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jan 15 19:54:18 2008 Subject: Web Mail Client In-Reply-To: <002001c857ae$4c779310$6102a8c0@salemcorp.com> Message-ID: <23559190.5641200426831759.JavaMail.root@office.splatnix.net> nothing like OSS compared to MicroDollar ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- Original Message ----- From: "Phil Udel" To: "MailScanner discussion" Sent: 15 January 2008 19:39:08 o'clock (GMT) Europe/London Subject: RE: Web Mail Client Phil Udel wrote: | Can anyone suggest a Web Mail Client. I have been using SquirrelMail | for years. | Management wants a client with a Outlook fell. Then install Outlook Web Access. Of course you need to run Exchange for this. But what the heck. Hugo. - -- LOL, Aggg Exchange, I would rather suck the snot from a dead dogs nose then run exchange. But I might be a little narrow-minded :) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Jan 15 19:56:09 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 15 19:56:36 2008 Subject: Web Mail Client In-Reply-To: <002001c857ae$4c779310$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D0596.5020403@vanderkooij.org> <002001c857ae$4c779310$6102a8c0@salemcorp.com> Message-ID: on 1/15/2008 11:39 AM Phil Udel spake the following: > > > > Phil Udel wrote: > | Can anyone suggest a Web Mail Client. I have been using SquirrelMail > | for years. > | Management wants a client with a Outlook fell. > > Then install Outlook Web Access. Of course you need to run Exchange for > this. But what the heck. > > Hugo. > > - -- > LOL, Aggg Exchange, I would rather suck the snot from a dead dogs nose > then run exchange. > > I don't see the difference between those options! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080115/49a0127d/signature.bin From Kevin_Miller at ci.juneau.ak.us Tue Jan 15 19:59:58 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jan 15 19:59:20 2008 Subject: filename rules for docx with multiple xml.rel files In-Reply-To: <478CFFEF.8080404@rma.edu> References: <478CEC0F.5000501@rma.edu> <478CF62E.80107@rma.edu> <478CFA5B.2010106@rma.edu> <478CFFEF.8080404@rma.edu> Message-ID: Brendan Pirie wrote: > Scott Silva wrote: >> on 1/15/2008 10:24 AM Brendan Pirie spake the following: >>> Kevin Miller wrote: >>>> Brendan Pirie wrote: >>>>> Crud. Sorry about misthreading this. Just go ahead and shoot me >>>>> now. >>>>> >>>>> Brendan >>>> >>>> Can't. Executions are only performed on the third Wednesdays of >>>> even months. You're just going to have to live with your guilt. >>>> I don't envy you. ;-) >>>> >>>> ...Kevin >>> >>> Fine. Put me in the queue. :) >>> >>> Brendan >>> >> But there is some space available in flogging, and we can let you >> know when your turn comes up. >> > > Right! Torture it is, then, and probably a more fitting punishment at > that. Don't let me take the easy way out! OK. You're right after the folks from Colonial Real Estate. They may take a while though... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ssilva at sgvwater.com Tue Jan 15 19:58:18 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 15 20:00:17 2008 Subject: Web Mail Client In-Reply-To: <478D085B.5080406@konsultex.com.br> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D085B.5080406@konsultex.com.br> Message-ID: on 1/15/2008 11:24 AM Miguel Koren O'Brien de Lacy spake the following: > I can recommend Openwebmail We use it in a few locations and have been > using it for about 6 years. > The biggest negative with OpenWebmail is its direct accessing of the mailspool, so if you want IMAP and maildir, you are out of luck. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080115/1fd51960/signature.bin From hvdkooij at vanderkooij.org Tue Jan 15 20:14:26 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 15 20:16:40 2008 Subject: Web Mail Client In-Reply-To: <002001c857ae$4c779310$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D0596.5020403@vanderkooij.org> <002001c857ae$4c779310$6102a8c0@salemcorp.com> Message-ID: <478D1422.5080906@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phil Udel wrote: | | | | Phil Udel wrote: | | Can anyone suggest a Web Mail Client. I have been using SquirrelMail | | for years. | | Management wants a client with a Outlook fell. | | Then install Outlook Web Access. Of course you need to run Exchange for | this. But what the heck. | | - -- | LOL, Aggg Exchange, I would rather suck the snot from a dead dogs nose | then run exchange. | But I might be a little narrow-minded :) Well. He who starts an OT thread without a OT: warning might expect some ~ 'ackward' replies. OK. Telling someone to use MicroSoft might be a bit more harse then sending him to a galley. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHjRQgBvzDRVjxmYERAv9BAJ47LZ0DFDlYoGl5mF5qZoc7j7o2bgCgj+3r XICMwrY/gPyg9ySUJ/OjvHg= =uwot -----END PGP SIGNATURE----- From uxbod at splatnix.net Tue Jan 15 20:36:07 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jan 15 20:36:31 2008 Subject: Web Mail Client In-Reply-To: <478D1422.5080906@vanderkooij.org> Message-ID: <1105604.5671200429367212.JavaMail.root@office.splatnix.net> I am sure he is open to suggestions, but this is a OSS list so perhaps OSS suggestions would be more appropriate Hugo ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Jan 15 20:39:31 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jan 15 20:39:41 2008 Subject: email from Colonial Real Estate, Inc. In-Reply-To: <25512762.5581200423469333.JavaMail.root@office.splatnix.net> References: <478D013C.8060904@vanderkooij.org> <25512762.5581200423469333.JavaMail.root@office.splatnix.net> Message-ID: <223f97700801151239j45315ebetb5e9cd095c6d844@mail.gmail.com> On 15/01/2008, --[ UxBoD ]-- wrote: > nice one hugo; increase the bot traffic ;) > > Regards, Methinks that Hugo is working on the Evil Bunny awards... In the absence of Noel (Res)...:-). Cheers > -- > --[ UxBoD ]-- > // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 > // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From edward at tdcs.com.au Tue Jan 15 21:09:18 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Tue Jan 15 21:10:46 2008 Subject: [OT] Help Desk Software In-Reply-To: References: <00db01c85771$58ab9560$0202fea9@support01> Message-ID: > | Whoa - how about some features/needs analysis and an evaluation > process > | first!!?? > | > Sounds like a government job. Lets do a million dollar analysis to see > if we > want to use free software! ;-P Sorry - when I said "OTRS it is", I didn't mean it was set in concrete, it meant I'd install it and use it in an evaluation capacity, then if we like it open it up for general use. Better? :) Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul at blacknight.ie Tue Jan 15 21:26:19 2008 From: paul at blacknight.ie (Paul Kelly:: Blacknight) Date: Tue Jan 15 21:26:38 2008 Subject: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <478D24FB.2090601@blacknight.ie> Phil Udel wrote: > Can anyone suggest a Web Mail Client. I have been using SquirrelMail > for years. > Management wants a client with a Outlook fell. > > Anyway, I was looking at openwebmail but don;t really know that much > about it. > > @Mail, it isn't free but it'll fit in nicely with any existing imap/smtp system. It can also be rolled out with its own mail server, which costs more. We've deployed it for our clients and hope to put it and many other cool new toys live shortly. It's already running on a 50k user site that we run aswell. The interface has several styles including a mobile client for phones, pda's etc. -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Tel: +353 (0) 59 9183072 Lo-call: 1850 929 929 DDI: +353 (0) 59 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From lhaig at haigmail.com Tue Jan 15 22:11:22 2008 From: lhaig at haigmail.com (Lance Haig) Date: Tue Jan 15 22:10:35 2008 Subject: What package to use for a non rpm distro? Message-ID: <478D2F8A.4070005@haigmail.com> Hi, Which package should I use for a non rpm linux distro? I am trying to work with Rpath, Thanks Lance From ssilva at sgvwater.com Tue Jan 15 22:13:06 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 15 22:13:22 2008 Subject: What package to use for a non rpm distro? In-Reply-To: <478D2F8A.4070005@haigmail.com> References: <478D2F8A.4070005@haigmail.com> Message-ID: on 1/15/2008 2:11 PM Lance Haig spake the following: > Hi, > > Which package should I use for a non rpm linux distro? > > I am trying to work with Rpath, > > Thanks > > Lance Use the source, Luke! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080115/45f677ab/signature.bin From lhaig at haigmail.com Tue Jan 15 22:25:00 2008 From: lhaig at haigmail.com (Lance Haig) Date: Tue Jan 15 22:24:11 2008 Subject: What package to use for a non rpm distro? In-Reply-To: References: <478D2F8A.4070005@haigmail.com> Message-ID: <478D32BC.80103@haigmail.com> Scott Silva wrote: > on 1/15/2008 2:11 PM Lance Haig spake the following: >> Hi, >> >> Which package should I use for a non rpm linux distro? >> >> I am trying to work with Rpath, >> >> Thanks >> >> Lance > Use the source, Luke! > > Thanks Scott Lance From hvdkooij at vanderkooij.org Tue Jan 15 22:29:32 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 15 22:30:05 2008 Subject: PathTools 3.26 breaks MailScanner In-Reply-To: References: Message-ID: <478D33CC.8010703@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sarah Michaelson wrote: | MailScanner stopped working overnight on a number of our servers and | client servers (running cPanel). We have tracked the problem down to | an upgrade to the latest version of the PathTools perl module. It | results in a segmentation fault. | | Downgrading PathTools to version 3.2501 fixes the problem. Are you using automated installation of RPM's? In that case you have a timebomb installed with a dodgy timer. I would recommend never to automagically install patches/updates. Warn if they are available automagicall, download them automagically if you want but a human should make the decision to install them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHjTPJBvzDRVjxmYERAk1vAKC2+8Ll86GmiZsQL39tTITDYXci7wCfcw+8 MaUlcakAd/6rS0fNunds/hs= =Kkut -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Jan 15 22:34:32 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 15 22:34:59 2008 Subject: email from Colonial Real Estate, Inc. In-Reply-To: <223f97700801151239j45315ebetb5e9cd095c6d844@mail.gmail.com> References: <478D013C.8060904@vanderkooij.org> <25512762.5581200423469333.JavaMail.root@office.splatnix.net> <223f97700801151239j45315ebetb5e9cd095c6d844@mail.gmail.com> Message-ID: <478D34F8.7010102@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: | On 15/01/2008, --[ UxBoD ]-- wrote: |> nice one hugo; increase the bot traffic ;) |> |> Regards, | | | Methinks that Hugo is working on the Evil Bunny awards... In the | absence of Noel (Res)...:-). Well. I have a reputation of being a nice guy in general and a PITA if I think you made a terrible mistake. I had to be rather angry recently on a manufacturer who managed to break a customer setup while they did not even get clearance to do anything on the cluster. Those are the rare moments I eat Evil Bunnies for breakfast, lunch and dinner. And I will not even bother to cook them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHjTT2BvzDRVjxmYERAjVSAJ9xH7IO4m8IpQizR73kOlsvm23irQCeLCEB IrgDPZywkLuF+CGw77FR27k= =xpou -----END PGP SIGNATURE----- From peter at farrows.org Tue Jan 15 23:42:38 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Jan 15 23:42:49 2008 Subject: [OT] Help Desk Software In-Reply-To: References: <00db01c85771$58ab9560$0202fea9@support01> Message-ID: <478D44EE.5090304@farrows.org> Edward Dekkers wrote: >> | Whoa - how about some features/needs analysis and an evaluation >> process >> | first!!?? >> | >> Sounds like a government job. Lets do a million dollar analysis to see >> if we >> want to use free software! ;-P >> > > Sorry - when I said "OTRS it is", I didn't mean it was set in concrete, it > meant I'd install it and use it in an evaluation capacity, then if we like > it open it up for general use. > > Better? :) > > Regards, > Ed. > > > > Hey, sounds like these that are not free... Look, 6.2Billion pounds in 2004 becomes 20billion in 2007, now thats an overspend worthy of a headline... http://news.bbc.co.uk/1/hi/uk/3613220.stm http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/02/13/ncomputer13.xml From waytotheweb at googlemail.com Tue Jan 15 23:57:59 2008 From: waytotheweb at googlemail.com (Sarah Michaelson) Date: Tue Jan 15 23:58:09 2008 Subject: PathTools 3.26 breaks MailScanner In-Reply-To: <478D33CC.8010703@vanderkooij.org> References: <478D33CC.8010703@vanderkooij.org> Message-ID: On 15/01/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sarah Michaelson wrote: > | MailScanner stopped working overnight on a number of our servers and > | client servers (running cPanel). We have tracked the problem down to > | an upgrade to the latest version of the PathTools perl module. It > | results in a segmentation fault. > | > | Downgrading PathTools to version 3.2501 fixes the problem. > > Are you using automated installation of RPM's? In that case you have a > timebomb installed with a dodgy timer. I would recommend never to > automagically install patches/updates. Warn if they are available > automagicall, download them automagically if you want but a human should > make the decision to install them. cPanel automatically updates perl modules from CPAN. Fortunately, it looks like they have rolled back the PathTools upgrade so this will mitigate the problem for people using MailScanner on cPanel servers. -- Regards, Sarah Michaelson Way to the Web Ltd Server Management Services: http://www.configserver.com From smlists at shaw.ca Wed Jan 16 01:45:16 2008 From: smlists at shaw.ca (Steve Mason) Date: Wed Jan 16 01:45:39 2008 Subject: [OT] Help Desk Software In-Reply-To: References: Message-ID: <000301c857e1$71a25020$1424010a@mcscore> Another vote for RT. Took some doing to get it installed on Centos 5, but once it was in everyone loved it! From mstandish at gmail.com Wed Jan 16 06:03:55 2008 From: mstandish at gmail.com (Matt Standish) Date: Wed Jan 16 06:04:07 2008 Subject: Web Mail Client In-Reply-To: <200801151929.m0FJTYUS005614@mxt.1bigthink.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <200801151929.m0FJTYUS005614@mxt.1bigthink.com> Message-ID: <39e688060801152203o3578dda6g7be74c96483dc319@mail.gmail.com> I think you are referring to nutsmail. http://www.nutsmail.com/ On Jan 15, 2008 2:29 PM, dnsadmin 1bigthink.com wrote: > > Someone had posted a link to a paid software/skins front-end to > Squirrelmail that fits the bill entirely. Why not stay with something you > know and works well?! > > Sorry, I can't remember what it was. Some one else will post it if you > keep this thread alive. > > > > At 02:01 PM 1/15/2008, you wrote: > > > > Can anyone suggest a Web Mail Client. I have been using SquirrelMail for > years. > Management wants a client with a Outlook fell. > > Anyway, I was looking at openwebmail but don;t really know that much about > it. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Matt Standish http://www.mattstandish.org From mstandish at gmail.com Wed Jan 16 06:07:24 2008 From: mstandish at gmail.com (Matt Standish) Date: Wed Jan 16 06:07:34 2008 Subject: [OT] Help Desk Software In-Reply-To: References: Message-ID: <39e688060801152207q1d33bfy4ca96d8e1eaba046@mail.gmail.com> Another vote for RT. This product is great if your main correspondence with the customer is through email. http://bestpractical.com/rt/ On Jan 15, 2008 5:45 AM, Edward Dekkers wrote: > Sorry to bounce this off you guys, but I've googled and there seem to be too > many free php based help desk software for me to go through all of them. > > Do you guys use web based help desk software and if so what can you > recommend? > > Regards, > Ed. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Matt Standish http://www.mattstandish.org From R.Sterenborg at netsourcing.nl Wed Jan 16 07:44:01 2008 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Wed Jan 16 07:45:22 2008 Subject: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2488E352@WISENT.dcyb.net> > Can anyone suggest a Web Mail Client. I have been > using SquirrelMail for years. > Management wants a client with a Outlook fell. If you want a close Outlook 2003 look and feel, checkout Zarafa (http://www.zarafa.com/). It will cost you money, but not as much as Exchange and it runs on Linux. Updates are, so far, free. There's an online demo. Grts, Rob From J.Ede at birchenallhowden.co.uk Wed Jan 16 08:24:59 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jan 16 08:25:17 2008 Subject: Office files again... Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D26@server02.bhl.local> We have someone sending word documents through our MailScanner and although the documents were written on office 2007 they assure me that the files were saved in 97-2003 format and from investigation it does look like the file in the email had a .doc extension as opposed to a .docx. However, it seems like mailscanner seems to think its an archive still and is finding 2 .rel files for each doc file attached to an email. What is the best way round this? I'm trying to decide between changing Maximum Archive Depth to 0 or adding a rule(s) to the filetypes file to allow these .rel files. If the Archive depth is 0 then I assume the files are still scanned for viruses as long as the virus scanner has access to the compression libraries at compile time (thinking more of clamav there). Are there any other problems with setting this value to 0? Below are the reports from MailScanner for 2 emails. The first contained one word doc and the second contained 2. Jason The virus detector said this about the message: Report: Report: MailScanner: Attempt to hide real filename extension (themeManager.x10.rel) Report: MailScanner: Attempt to hide real filename extension (themeManager.x11.rel) ---------------------------------- The virus detector said this about the message: Report: Report: MailScanner: Attempt to hide real filename extension (themeManager.x10.rel) Report: MailScanner: Attempt to hide real filename extension (themeManager.x13.rel) Report: MailScanner: Attempt to hide real filename extension (themeManager.x11.rel) Report: MailScanner: Attempt to hide real filename extension (themeManager.x12.rel) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080116/20e068f3/attachment.html From neilw at dcdata.co.za Wed Jan 16 08:24:27 2008 From: neilw at dcdata.co.za (Neil Wilson) Date: Wed Jan 16 08:28:50 2008 Subject: Web Mail Client In-Reply-To: <478D24FB.2090601@blacknight.ie> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D24FB.2090601@blacknight.ie> Message-ID: <478DBF3B.6010902@dcdata.co.za> Paul Kelly:: Blacknight wrote: > @Mail, it isn't free but it'll fit in nicely with any existing imap/smtp > system. > > It can also be rolled out with its own mail server, which costs more. > > We've deployed it for our clients and hope to put it and many other cool > new toys live shortly. > > It's already running on a 50k user site that we run aswell. The > interface has several styles including a mobile client for phones, pda's > etc. > I use IMP from the Horde framework, it's free looks better that squirrel mail and is very configurable. -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html From uxbod at splatnix.net Wed Jan 16 08:44:26 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 16 08:44:54 2008 Subject: email from Colonial Real Estate, Inc. In-Reply-To: <478D34F8.7010102@vanderkooij.org> Message-ID: <31488646.5701200473066989.JavaMail.root@office.splatnix.net> Well. I have a reputation of being a nice guy in general and a PITA if I think you made a terrible mistake. I had to be rather angry recently on a manufacturer who managed to break a customer setup while they did not even get clearance to do anything on the cluster. Those are the rare moments I eat Evil Bunnies for breakfast, lunch and dinner. And I will not even bother to cook them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. Yum yum, with some chilli ;) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From micoots at yahoo.com Wed Jan 16 10:34:29 2008 From: micoots at yahoo.com (Michael Mansour) Date: Wed Jan 16 10:34:39 2008 Subject: [OT] Help Desk Software In-Reply-To: <20080115191345.GC8253@mikea.ath.cx> Message-ID: <702781.17292.qm@web33307.mail.mud.yahoo.com> Hi, --- mikea wrote: > On Tue, Jan 15, 2008 at 09:01:02AM -0500, Ugo > Bellavance wrote: > > Brendan Pirie wrote: > > >We've been looking into > http://bestpractical.com/rt/ as a result of > > >recommendations from several people. > > > > I use it and love it. Not trivial to install > though. > > RT is excellent for helpdesk service, but needs > configuration. > > The helpdesk products I'm familiar with are: > > Request Tracker - www.bestpractical.com/rt/ > Kana - www.kana.com/ > Remedy - www.remedy.com/ > > and a tiny bit with > > Open source Ticket Request System - otrs.org/ I can vouch for OTRS as we use it at a managed services firm where I consult periodically (one of my first projects there was to set it up for them). It's a very good system and works very well. With helpdesk systems however, it all comes down to what you wish to achieve and how you wish to achieve it. All Helpdesk systems require configuration and are flexible enough to be able to do "weird" things with cases and group assignments (let your imagination run wild here). I've used many paid and open source solutions over the years but the ones I prefer are OTRS and RT (again, depending on customers requirements). Regards, Michael. > For complaint/abuse desk service, where you need to > play things > closer to your chest. they're not so good. If you > want abuse desk > software, look at Abacus from wordtothewise.com. > > > -- > Mike Andrews, W5EGO > mikea@mikea.ath.cx > Tired old sysadmin > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From Kit at simplysites.co.uk Wed Jan 16 11:16:00 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Wed Jan 16 11:16:22 2008 Subject: Mailscanner gateway using sendmail (are there rules for individual domains) SOLVED In-Reply-To: <478BB5C7.6060801@vanderkooij.org> References: <4787D545.4040303@balanceconsult.com> <478BB5C7.6060801@vanderkooij.org> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij Sent: 14 January 2008 19:20 To: MailScanner discussion Subject: Re: Mailscanner gateway using sendmail (are there rules for individual domains) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kit Wong wrote: | Hi All Kit, please do not hijack a thread. It makes a mess of mailinglist archives. Identified by your headers: Message-ID: X-MimeOLE: Produced By Microsoft Exchange V6.5 In-Reply-To: <4787D545.4040303@balanceconsult.com> Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHi7XEBvzDRVjxmYERAqfkAKCcJyuXvYM/85VK9HCPfLnMc0UfZwCeKQ/w QYwifrUPnutogSooRDx5Ovc= =XtP9 -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------------ Sorry about hijacking the thread. I have found a solution The tutorial on http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta :sendmail:how_to:setup_a_gateway is correct but missing a few important steps which are found here http://freebsd.peon.net/tutorials/16/ Thanks From jplorier at montecarlotv.com.uy Wed Jan 16 13:09:49 2008 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Wed Jan 16 12:18:09 2008 Subject: How to know if I'm blacklisted In-Reply-To: <200801141802.m0EI10rI018678@safir.blacknight.ie> Message-ID: Hi everybody, I think that maybe our domain is blacklisted as spam because some people told us we are being filtered as spam. So the question is how do I find out where I'm listed as spam and how do I change this. Thanks, From jplorier at montecarlotv.com.uy Wed Jan 16 13:16:11 2008 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Wed Jan 16 12:24:17 2008 Subject: Mailscanner gateway using sendmail In-Reply-To: <200801141802.m0EI10rI018678@safir.blacknight.ie> Message-ID: Hi kit, I just made a gateway and I think that what you should do is edit /etc/mail/mailertable and add the domains with their IPs so sendmail knows how to relay the mails. Domain.1.com smtp:[ip.addr.mail.srv1] Domain.2.com smtp:[ip.addr.mail.srv2] I think this way, the mails to domain.1.com are sent to mailserver 1 and those to domain.2.com are sent to mailserver 2. Check it and tell me if this is correct. Regards From jaearick at colby.edu Wed Jan 16 12:46:09 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Jan 16 12:46:27 2008 Subject: How to know if I'm blacklisted In-Reply-To: References: Message-ID: Check your mail server IP numbers against these sites: http://www.declude.com/ http://www.moensted.dk/spam/ Jeff Earickson Colby College On Wed, 16 Jan 2008, Juan Pablo Lorier wrote: > Date: Wed, 16 Jan 2008 10:09:49 -0300 > From: Juan Pablo Lorier > Reply-To: MailScanner discussion > To: mailscanner@lists.mailscanner.info > Subject: How to know if I'm blacklisted > > Hi everybody, > > I think that maybe our domain is blacklisted as spam because some people > told us we are being filtered as spam. So the question is how do I find > out where I'm listed as spam and how do I change this. > Thanks, > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ajos1 at onion.demon.co.uk Wed Jan 16 13:06:36 2008 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Wed Jan 16 13:06:47 2008 Subject: Mail-ClamAV-0.21.tar.gz Message-ID: - Rock and roll, Mail-ClamAV-0.21 is out and about... http://search.cpan.org/CPAN/authors/id/S/SA/SABECK/Mail-ClamAV-0.21.tar.gz From campbell at cnpapers.com Wed Jan 16 13:11:40 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Wed Jan 16 13:11:54 2008 Subject: OT: Web Mail Client In-Reply-To: <478D05A6.5060508@ecs.soton.ac.uk> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D05A6.5060508@ecs.soton.ac.uk> Message-ID: <478E028C.6070602@cnpapers.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > OT as ever :-) > Check out roundcube. Lots of very clever Javascript. > Julian, Have you used this before as it's very new , and do you feel it's suitable for enterprise/production sites? Thanks Steve Campbell > Phil Udel wrote: > >> Can anyone suggest a Web Mail Client. I have been using SquirrelMail >> for years. >> Management wants a client with a Outlook fell. >> >> Anyway, I was looking at openwebmail but don;t really know that much >> about it. >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > From admin at lctn.org Wed Jan 16 13:29:40 2008 From: admin at lctn.org (admin@lctn.org) Date: Wed Jan 16 13:31:04 2008 Subject: Web Mail Client In-Reply-To: <74ACEB3E6A055643A89B8CEC74C7BF2488E352@WISENT.dcyb.net> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <74ACEB3E6A055643A89B8CEC74C7BF2488E352@WISENT.dcyb.net> Message-ID: <1871.10.10.10.70.1200490180.squirrel@lctn.org> >> Can anyone suggest a Web Mail Client. I have been >> using SquirrelMail for years. >> Management wants a client with a Outlook fell. For $200.00 you can buy a squirrel mail skin that looks very close to the Outlook web interface. From support-lists at petdoctors.co.uk Wed Jan 16 15:26:28 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Wed Jan 16 15:27:04 2008 Subject: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <019801c85854$2a2564d0$3c65a8c0@support01> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Phil Udel Sent: Tuesday, January 15, 2008 7:01 PM To: mailscanner@lists.mailscanner.info Subject: Web Mail Client Can anyone suggest a Web Mail Client. I have been using SquirrelMail for years. Management wants a client with a Outlook fell. Anyway, I was looking at openwebmail but don;t really know that much about it. I've been playing with Scalix and the version of RoundCube that's been modified to run from within Joomla (for our Staff Intranet). Both quite nice. Just sayin' Nigel From mkettler at evi-inc.com Wed Jan 16 15:27:59 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jan 16 15:28:37 2008 Subject: How to know if I'm blacklisted In-Reply-To: References: Message-ID: <478E227F.1040201@evi-inc.com> Juan Pablo Lorier wrote: > Hi everybody, > > I think that maybe our domain is blacklisted as spam because some people > told us we are being filtered as spam. So the question is how do I find > out where I'm listed as spam and how do I change this. > Thanks, First, try to find out from those "some people" what filter they're using, and if that filter provides any more results than just yes/no. Tools like MailScanner provide a list of reasons why a message was filtered, such as this: X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=35.787, required 5, autolearn=spam, BAYES_99 3.50, DCC_CHECK 1.50, DIGEST_MULTIPLE 0.77, HELO_DYNAMIC_DHCP 3.07, HELO_DYNAMIC_IPADDR 4.20, INFO_GREYLIST_DELAYED 0.40, NO_REAL_NAME 0.96, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.56, RCVD_IN_PBL 0.00, RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, SURBL_MULTI1 -0.50, SURBL_MULTI2 -0.20, URIBL_BLACK 1.50, URIBL_BLACK_OVERLAP -1.00, URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SC_SURBL 4.50) If they're no help, then you'll have to start digging on your own. Most blacklists don't work on domains, they work on IP addresses. So, punch your mailserver's IP into an RBL checker, like this one: http://openrbl.org/client/ Assuming this message was sent from your normal mailserver, that's 200.40.139.178, which isn't blacklisted anywhere I can tell. You can also hit the "host" button at the same RBL lookup site, and enter your mailserver's hostname: 178.139.40.200.static.netgate.com.uy All of .uy is blacklisted by rfc-ignorant.org for failing to follow proper whois standards. However, I doubt many sites trust RFCI sufficiently to filter mail on it alone. mis-registered domains are so common you'd end up blocking the world. For example, all of yahoo.com is also listed in RFCI for the same reason. It's also listed in APEWS, but APEWS isn't credible as a blacklist. Nobody in their right mind would be using it for mail filtering. As best I can tell over half the IP addresses in use globally are listed in APEWS, and their list management is horrid. Even the quite rabid and false-positive prone uceprotect.net stopped hosting a mirror of it. So, neither of those are likely your problem, as both are high-false-positive blacklists of poor reputation that no sane admin uses because they'd cut off most of the world from emailing them. Another good shot is to search google groups for your IP, see if there's any abuse reports on NANAE/NANAS http://groups.google.com/groups/search?hl=en&q=200.40.139.178&qt_s=Search+Groups nothing there.. From there, it's not blacklists, but just looking for malformed garbage: Looking at your mail headers, the only things that jump out at me are two bits: Received: from mail2.CANAL4 (178.139.40.200.static.netgate.com.uy [200.40.139.178]) one, your reverse dns: 178.139.40.200.static.netgate.com.uy is fairly generic and IP based.. a lot of sites will filter such mail, assuming that any legitimate mailserver will have its reverse dns set to something like mail.montecarlotv.com.uy. Contact your ISP and ask them to update the PTR records for that IP address. The other part is your HELO is mail2.CANAL4. That really should be a valid hostname. It's technically not against the RFC's to spew garbage here, but it does show poor server administration, and some misguided sites seem to think HELO must be a valid hostname and filter such things (the RFC's merely say SHOULD, not MUST). You might want to fix the hostname your mailserver thinks of itself as. From gerard at seibercom.net Wed Jan 16 15:29:53 2008 From: gerard at seibercom.net (Gerard) Date: Wed Jan 16 15:30:14 2008 Subject: Web Mail Client In-Reply-To: <1871.10.10.10.70.1200490180.squirrel@lctn.org> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <74ACEB3E6A055643A89B8CEC74C7BF2488E352@WISENT.dcyb.net> <1871.10.10.10.70.1200490180.squirrel@lctn.org> Message-ID: <20080116102953.24588454@scorpio> On Wed, 16 Jan 2008 07:29:40 -0600 (CST) admin@lctn.org wrote: > For $200.00 you can buy a squirrel mail skin that looks very close to > the Outlook web interface. For approximately half that amount, you can buy Microsoft Outlook. I find it strange that a 'skin' would cost more than a commercial program that it is evidently attempting to copy. -- Gerard gerard@seibercom.net E = MC ** 2 +- 3db -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080116/72ffaf99/signature.bin From admin at lctn.org Wed Jan 16 15:48:26 2008 From: admin at lctn.org (admin@lctn.org) Date: Wed Jan 16 15:49:34 2008 Subject: Web Mail Client In-Reply-To: <20080116102953.24588454@scorpio> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <74ACEB3E6A055643A89B8CEC74C7BF2488E352@WISENT.dcyb.net> <1871.10.10.10.70.1200490180.squirrel@lctn.org> <20080116102953.24588454@scorpio> Message-ID: <4570.10.10.10.70.1200498506.squirrel@lctn.org> > For approximately half that amount, you can buy Microsoft Outlook. I > find it strange that a 'skin' would cost more than a commercial program > that it is evidently attempting to copy. The skin is for the entire site, not one client. From bpirie at rma.edu Wed Jan 16 15:56:40 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Wed Jan 16 15:52:45 2008 Subject: Web Mail Client In-Reply-To: <20080116102953.24588454@scorpio> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <74ACEB3E6A055643A89B8CEC74C7BF2488E352@WISENT.dcyb.net> <1871.10.10.10.70.1200490180.squirrel@lctn.org> <20080116102953.24588454@scorpio> Message-ID: <478E2938.4010709@rma.edu> Gerard wrote: > On Wed, 16 Jan 2008 07:29:40 -0600 (CST) > admin@lctn.org wrote: > >> For $200.00 you can buy a squirrel mail skin that looks very close to >> the Outlook web interface. > > For approximately half that amount, you can buy Microsoft Outlook. I > find it strange that a 'skin' would cost more than a commercial program > that it is evidently attempting to copy. > > Outlook represents a per-user cost. The Squirrelmail skin runs on the server and does not require per-user licensing, so it's a fixed cost regardless of the number of users. Brendan From Kit at simplysites.co.uk Wed Jan 16 16:03:22 2008 From: Kit at simplysites.co.uk (Kit Wong) Date: Wed Jan 16 16:03:37 2008 Subject: Mailscanner gateway using sendmail In-Reply-To: References: <200801141802.m0EI10rI018678@safir.blacknight.ie> Message-ID: -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Juan Pablo Lorier Sent: 16 January 2008 13:16 To: mailscanner@lists.mailscanner.info Subject: RE: Mailscanner gateway using sendmail Hi kit, I just made a gateway and I think that what you should do is edit /etc/mail/mailertable and add the domains with their IPs so sendmail knows how to relay the mails. Domain.1.com smtp:[ip.addr.mail.srv1] Domain.2.com smtp:[ip.addr.mail.srv2] I think this way, the mails to domain.1.com are sent to mailserver 1 and those to domain.2.com are sent to mailserver 2. Check it and tell me if this is correct. Regards -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ---------------------------------------------------- Yes that is correct. Setting up 'mailertable' To set up 'mailertable', you need to edit your sendmail .mc file and add the following line: FEATURE(`mailertable') After doing this, you need to using the script supplied with the Sendmail source to rebuild your configuration file. Now, open your new Sendmail configuration file and look for this (it should be in the first couple hundred lines of the file): Kmailertable hash /etc/mail/mailertable This defines where the 'mailertable' file should be, and in this case it is in /etc/mail. Now let's go back to my previous example of being a secondary MX host for friendsdomain.com. If I wanted to do this with 'mailertable', I could add the following line to my /etc/mail/mailertable: friendsdomain.com smtp:[mx1.friendsdomain.com] After editing this file, you must create a database map of this file for Sendmail to read. Do this by running: /usr/sbin/makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable Now all that's left to be a secondary MX host for friendsdomain.com is to add the domain to your relay domains file. In my case, that file is /etc/mail/relay-domains. Add the following line: friendsdomain.com Then you must make sure that local-host-names do not have friendsdomain.com in it From jonas at vrt.dk Wed Jan 16 16:24:18 2008 From: jonas at vrt.dk (Jonas A. Larsen) Date: Wed Jan 16 16:24:29 2008 Subject: Exim verify recipient and MailScanner In-Reply-To: <200801121636.m0CGakGZ002694@safir.blacknight.ie> References: <200801121200.m0CC0Iff029116@safir.blacknight.ie> <200801121636.m0CGakGZ002694@safir.blacknight.ie> Message-ID: <009701c8585c$3e852d90$bb8f88b0$@dk> Hi Paul I have the exact same setup as you do, except I don?t scan their outgoing mail, and I do this for several domains. Exim can verify receipients by doing a, what exim refers to as a, "callout" to the remote recipient SMTP. You can look up how to enable this in the exim manual, or if your lucky it will be commented out in your config file and you just have to enable it. I unfortunately can't remember off the top of my head how to enable it. But if you want to you can come to #mailscanner on the freenode irc network and I am sure me or somebody else can help you. Alternatiuve you can ask for help from some exim people, since the problem isn?t really mailscanner related. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 33369974 Fax: 7020 0978 Mobile: 51201096 Web: www.techbiz.dk >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Paul Welsh >Sent: 12. januar 2008 17:36 >To: mailscanner@lists.mailscanner.info >Subject: Exim verify recipient and MailScanner > >Hi all > >I'm running MailScanner 4.64.3 with Exim 4.6. Apologies in advance if >this >is deemed off-topic. > >The problem is, I can't get Exim's verify recipient functionality >working, >even though my exim.conf specifies it. > >The reason I would like this to work is that my server relays for one >domain >in particular that is getting thousands of dictionary based spam messages >(tens of thousands per day). My server relays to their smtp server after >checking for spam and viruses using MailScanner and SpamAssassin. The >public DNS for the domain points to my server as the MX and my server's >DNS >has an MX of their SMTP server. Their server sends their outbound mail >via >mine so it gets scanned. > >The domain is in my /etc/virtual/relay_domains file and the IP of their >mail >server is in my /etc/virtual/relay_hosts file. > >Has anyone any ideas? I've spent hours banging my head against a brick >wall >on this one. > >What I expect to happen is for exim to contact the remote smtp server to >validate the address as soon as it gets the "rcpt to" command and then >issue >an "unknown user" response. What is happening instead is that the >messages >are being accepted, scanned by MailScanner and passed to the remote smtp >server which rejects them. This is a real waste of resources. > >One theory I have is that because there's an inbound and outbound >instance >of exim to allow it to work with MailScanner then the verify recipient >functionality is effectively disabled. > >The /etc/exim.conf which is the instance of exim used for inbound mail >has >these settings: > ># accept if address is in a local domain as long as recipient can be >verified >accept domains = +local_domains >endpass >message = unknown user >verify = recipient > ># accept if address is in a domain for which we relay as long as >recipient ># can be verified >accept domains = +relay_domains >endpass >message = unknown user >verify = recipient > >accept hosts = +relay_hosts >endpass >message = unknown user >verify = recipient >accept hosts = +auth_relay_hosts >endpass >message = authentication required >verify = recipient > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 16 17:09:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 16 17:09:40 2008 Subject: Mail-ClamAV-0.21.tar.gz In-Reply-To: References: Message-ID: <478E3A3E.50904@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you let us all know if it works or not? ajos1@onion.demon.co.uk wrote: > - > > Rock and roll, Mail-ClamAV-0.21 is out and about... > > http://search.cpan.org/CPAN/authors/id/S/SA/SABECK/Mail-ClamAV-0.21.tar.gz > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHjjo/EfZZRxQVtlQRAisjAJ9FtlrHhenoozRuYfjkyQtLNRLqIgCglsur eITFzhrg8Q0Kz52MwM5hvn4= =PmIT -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jan 16 17:27:54 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 16 17:28:16 2008 Subject: OT: Web Mail Client In-Reply-To: <478E028C.6070602@cnpapers.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D05A6.5060508@ecs.soton.ac.uk> <478E028C.6070602@cnpapers.com> Message-ID: on 1/16/2008 5:11 AM Steve Campbell spake the following: > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> OT as ever :-) >> Check out roundcube. Lots of very clever Javascript. >> > > Julian, > > Have you used this before as it's very new , and do you feel it's > suitable for enterprise/production sites? > I see reports of a PHP vulnerability that is as yet unpatched, but there is a patch available. http://lists.roundcube.net/mail-archive/users/2007-12/0000012.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455840 Supposedly only affects users of MSIE, so it is only 90% of the world. ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080116/980d8131/signature.bin From ssilva at sgvwater.com Wed Jan 16 17:35:28 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 16 17:35:51 2008 Subject: How to know if I'm blacklisted In-Reply-To: <478E227F.1040201@evi-inc.com> References: <478E227F.1040201@evi-inc.com> Message-ID: on 1/16/2008 7:27 AM Matt Kettler spake the following: > Juan Pablo Lorier wrote: >> Hi everybody, >> >> I think that maybe our domain is blacklisted as spam because some >> people told us we are being filtered as spam. So the question is how >> do I find out where I'm listed as spam and how do I change this. >> Thanks, > > First, try to find out from those "some people" what filter they're > using, and if that filter provides any more results than just yes/no. > Tools like MailScanner provide a list of reasons why a message was > filtered, such as this: > > X-EVI-MailScanner-SpamCheck: spam, SpamAssassin (score=35.787, required 5, > autolearn=spam, BAYES_99 3.50, DCC_CHECK 1.50, DIGEST_MULTIPLE 0.77, > HELO_DYNAMIC_DHCP 3.07, HELO_DYNAMIC_IPADDR 4.20, > INFO_GREYLIST_DELAYED 0.40, NO_REAL_NAME 0.96, > RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, > RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET 1.56, RCVD_IN_PBL 0.00, > RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90, SURBL_MULTI1 -0.50, > SURBL_MULTI2 -0.20, URIBL_BLACK 1.50, URIBL_BLACK_OVERLAP -1.00, > URIBL_JP_SURBL 4.09, URIBL_OB_SURBL 3.01, URIBL_SC_SURBL 4.50) > > > > If they're no help, then you'll have to start digging on your own. > > Most blacklists don't work on domains, they work on IP addresses. So, > punch your mailserver's IP into an RBL checker, like this one: > http://openrbl.org/client/ > > Assuming this message was sent from your normal mailserver, that's > 200.40.139.178, which isn't blacklisted anywhere I can tell. > > You can also hit the "host" button at the same RBL lookup site, and > enter your mailserver's hostname: 178.139.40.200.static.netgate.com.uy > > All of .uy is blacklisted by rfc-ignorant.org for failing to follow > proper whois standards. However, I doubt many sites trust RFCI > sufficiently to filter mail on it alone. mis-registered domains are so > common you'd end up blocking the world. For example, all of yahoo.com is > also listed in RFCI for the same reason. > > It's also listed in APEWS, but APEWS isn't credible as a blacklist. > Nobody in their right mind would be using it for mail filtering. As best > I can tell over half the IP addresses in use globally are listed in > APEWS, and their list management is horrid. Even the quite rabid and > false-positive prone uceprotect.net stopped hosting a mirror of it. > > So, neither of those are likely your problem, as both are > high-false-positive blacklists of poor reputation that no sane admin > uses because they'd cut off most of the world from emailing them. > > Another good shot is to search google groups for your IP, see if there's > any abuse reports on NANAE/NANAS > > http://groups.google.com/groups/search?hl=en&q=200.40.139.178&qt_s=Search+Groups > > > nothing there.. > > From there, it's not blacklists, but just looking for malformed garbage: > > Looking at your mail headers, the only things that jump out at me are > two bits: > > Received: from mail2.CANAL4 (178.139.40.200.static.netgate.com.uy > [200.40.139.178]) > > one, your reverse dns: 178.139.40.200.static.netgate.com.uy is fairly > generic and IP based.. a lot of sites will filter such mail, assuming > that any legitimate mailserver will have its reverse dns set to > something like mail.montecarlotv.com.uy. Contact your ISP and ask them > to update the PTR records for that IP address. > > The other part is your HELO is mail2.CANAL4. That really should be a > valid hostname. It's technically not against the RFC's to spew garbage > here, but it does show poor server administration, and some misguided > sites seem to think HELO must be a valid hostname and filter such things > (the RFC's merely say SHOULD, not MUST). You might want to fix the > hostname your mailserver thinks of itself as. > > > He also hits in uceprotect level 3, but it is his ISP that makes that happen. Administracion Nacional de Telecomunicaciones is a safe haven to a lot of abusers. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080116/6e1b87c1/signature.bin From prandal at herefordshire.gov.uk Wed Jan 16 17:55:35 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jan 16 17:55:52 2008 Subject: Mail-ClamAV-0.21.tar.gz In-Reply-To: <478E3A3E.50904@ecs.soton.ac.uk> References: <478E3A3E.50904@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02BE8E43@HC-MBX02.herefordshire.gov.uk> It seems to on my test box. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 16 January 2008 17:09 > To: MailScanner discussion > Subject: Re: Mail-ClamAV-0.21.tar.gz > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can you let us all know if it works or not? > > ajos1@onion.demon.co.uk wrote: > > - > > > > Rock and roll, Mail-ClamAV-0.21 is out and about... > > > > > http://search.cpan.org/CPAN/authors/id/S/SA/SABECK/Mail-ClamAV -0.21.tar.gz > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHjjo/EfZZRxQVtlQRAisjAJ9FtlrHhenoozRuYfjkyQtLNRLqIgCglsur > eITFzhrg8Q0Kz52MwM5hvn4= > =PmIT > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From shuttlebox at gmail.com Wed Jan 16 18:03:51 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jan 16 18:04:00 2008 Subject: Happy Birthday Julian Message-ID: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> Thank you for an excellent product and even better support. -- /peter From drew.marshall at technologytiger.net Wed Jan 16 18:09:37 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Wed Jan 16 18:09:53 2008 Subject: Happy Birthday Julian In-Reply-To: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> Message-ID: On Wed, 16 Jan 2008 19:03:51 +0100, shuttlebox wrote: > Thank you for an excellent product and even better support. > I hadn't realised! Happy Birthday Jules and Hear, Hear to your comments Peter! Kind regards Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Tiger Mail www.technologytiger.net/tigermail from Technology Tiger. Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From uxbod at splatnix.net Wed Jan 16 18:12:09 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 16 18:12:38 2008 Subject: Happy Birthday Julian In-Reply-To: Message-ID: <24375056.7251200507129728.JavaMail.root@office.splatnix.net> Happy Birthday Jules :) Hope you are having a great day and spending all your time watching this list :D Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Drew Marshall" wrote: > On Wed, 16 Jan 2008 19:03:51 +0100, shuttlebox > wrote: > > Thank you for an excellent product and even better support. > > > > I hadn't realised! Happy Birthday Jules and Hear, Hear to your > comments > Peter! > > Kind regards > > Drew > > > -- > In line with our policy, this message has been scanned for viruses and > dangerous > content by Tiger Mail www.technologytiger.net/tigermail from > Technology Tiger. > Our email policy can be found at www.technologytiger.net/policy > > Technology Tiger Limited is registered in Scotland with registration > number: 310997 > Registered Office 55-57 West High Street Inverurie AB51 3QQ > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Wed Jan 16 18:44:08 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jan 16 18:44:28 2008 Subject: Happy Birthday Julian In-Reply-To: <24375056.7251200507129728.JavaMail.root@office.splatnix.net> References: <24375056.7251200507129728.JavaMail.root@office.splatnix.net> Message-ID: <200801161344.09371.dyioulos@firstbhph.com> On Wednesday 16 January 2008 1:12 pm, --[ UxBoD ]-- wrote: > Happy Birthday Jules :) Hope you are having a great day and spending all > your time watching this list -- From a pub! Best wishes, Julian. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From KGoods at AIAInsurance.com Wed Jan 16 18:52:20 2008 From: KGoods at AIAInsurance.com (=?UTF-8?B?S2VuIEdvb2Rz?=) Date: Wed Jan 16 18:56:56 2008 Subject: Happy Birthday Julian Message-ID: <13C0059880FDD3118DC600508B6D4A6D01C297BD@aiainsurance.com> Have a pint for me Jules ;) ...and have a great Birthday! Thanks so much for all you do for the MailScanner community! Ken Goods Network Administrator CropUSA Insurance, Inc. From Kevin_Miller at ci.juneau.ak.us Wed Jan 16 19:00:30 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Jan 16 18:59:48 2008 Subject: Happy Birthday Julian In-Reply-To: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> Message-ID: Indeed - and here's wishing you many many more for years to come... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ms-list at alexb.ch Wed Jan 16 19:08:02 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jan 16 19:08:19 2008 Subject: Happy Birthday Julian In-Reply-To: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> Message-ID: <478E5612.3060906@alexb.ch> Best wishes and many happy lines of code! Thanks for all + more! Alex From Denis.Beauchemin at USherbrooke.ca Wed Jan 16 19:38:18 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Jan 16 19:39:44 2008 Subject: Happy Birthday Julian In-Reply-To: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> Message-ID: <478E5D2A.2030507@USherbrooke.ca> shuttlebox a ?crit : > Thank you for an excellent product and even better support. > Happy Birthday Julian! I hope you can enjoy a nice Chablis (or any other good beverage)! Thanks again for everything you do to make our lives better!!! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Wed Jan 16 19:49:55 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 16 19:50:28 2008 Subject: Happy Birthday Julian In-Reply-To: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> Message-ID: <478E5FE3.4080504@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you all very much for your messages and kind comments, they're great to read. I'm going to crack open a certain bottle of cognac tonight :-) Currently tucking into a bottle of Chablis bought for me by my lodger, but that's not going to last long! If you are feeling particularly wealthy, my wish list is always available at http://www.amazon.co.uk/gp/registry/wishlist/1W99HT2WWW5PB :-) Thanks guys! P.S. Am currently testing Mail-ClamAV-0.21 and it seems to work okay so far, despite the "perl Makefile.PL" complaining that it couldn't find the library with -lclamav. "MailScanner --lint" works fine though, as does a batch with various hidden copies of Eicar in it. Once someone else confirms that it works, I'll update the ClamAV+SpamAssassin package. I'm testing it on a new install of a RedHat 5.1 system. shuttlebox wrote: > Thank you for an excellent product and even better support. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHjl/vEfZZRxQVtlQRAiSIAJsHeeoHMXkoFXt9ylkCWqrFwj/dJQCgtW/+ GDr8MTUxQzjNXZTrgymol9o= =gbp8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jan 16 19:57:20 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 16 19:57:38 2008 Subject: Happy Birthday Julian In-Reply-To: <13C0059880FDD3118DC600508B6D4A6D01C297BD@aiainsurance.com> References: <13C0059880FDD3118DC600508B6D4A6D01C297BD@aiainsurance.com> Message-ID: on 1/16/2008 10:52 AM Ken Goods spake the following: > Have a pint for me Jules ;) ...and have a great Birthday! Or a fine glass of the grape! > > Thanks so much for all you do for the MailScanner community! > > Ken Goods > Network Administrator > CropUSA Insurance, Inc. Many happy birthdays to you, Julian! "And may you be in heaven a half an hour before the devil knows you're gone!" -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080116/74693c76/signature.bin From MailScanner at ecs.soton.ac.uk Wed Jan 16 19:59:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 16 19:59:42 2008 Subject: Happy Birthday Julian In-Reply-To: <478E5FE3.4080504@ecs.soton.ac.uk> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> <478E5FE3.4080504@ecs.soton.ac.uk> Message-ID: <478E620D.7090109@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just published a new ClamAV+SpamAssassin package with Mail::ClamAV 0.21. Julian Field wrote: > * PGP Signed: 01/16/08 at 19:50:07 > > Thank you all very much for your messages and kind comments, they're > great to read. > > I'm going to crack open a certain bottle of cognac tonight :-) > Currently tucking into a bottle of Chablis bought for me by my lodger, > but that's not going to last long! > > If you are feeling particularly wealthy, my wish list is always > available at > http://www.amazon.co.uk/gp/registry/wishlist/1W99HT2WWW5PB > :-) > > Thanks guys! > > P.S. Am currently testing Mail-ClamAV-0.21 and it seems to work okay > so far, despite the "perl Makefile.PL" complaining that it couldn't > find the library with -lclamav. "MailScanner --lint" works fine > though, as does a batch with various hidden copies of Eicar in it. > Once someone else confirms that it works, I'll update the > ClamAV+SpamAssassin package. I'm testing it on a new install of a > RedHat 5.1 system. > > shuttlebox wrote: >> Thank you for an excellent product and even better support. >> > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHjmIZEfZZRxQVtlQRAiaPAKC/ylVc+hmssovHtoWjpKaqwDR/ywCcCpoR C5OodQWQP3rnRYyuLYJQUFk= =CU3z -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doc at maddoc.net Wed Jan 16 20:06:00 2008 From: doc at maddoc.net (Doc Schneider) Date: Wed Jan 16 20:06:43 2008 Subject: Happy Birthday Julian In-Reply-To: <478E5FE3.4080504@ecs.soton.ac.uk> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> <478E5FE3.4080504@ecs.soton.ac.uk> Message-ID: <478E63A8.1060107@maddoc.net> Julian Field wrote: > Thank you all very much for your messages and kind comments, they're > great to read. > > I'm going to crack open a certain bottle of cognac tonight :-) Currently > tucking into a bottle of Chablis bought for me by my lodger, but that's > not going to last long! > > If you are feeling particularly wealthy, my wish list is always available at > http://www.amazon.co.uk/gp/registry/wishlist/1W99HT2WWW5PB > :-) > > Thanks guys! > > P.S. Am currently testing Mail-ClamAV-0.21 and it seems to work okay so > far, despite the "perl Makefile.PL" complaining that it couldn't find > the library with -lclamav. "MailScanner --lint" works fine though, as > does a batch with various hidden copies of Eicar in it. Once someone > else confirms that it works, I'll update the ClamAV+SpamAssassin > package. I'm testing it on a new install of a RedHat 5.1 system. > > shuttlebox wrote: >> Thank you for an excellent product and even better support. > > Jules > Jules, Tested and works fine with my own servers. A collection of CentOS 4 and 5's i386 and x86_64's all work and build fine with this latest Mail-ClamAV-0.21 -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From uxbod at splatnix.net Wed Jan 16 20:12:14 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 16 20:12:53 2008 Subject: Happy Birthday Julian In-Reply-To: <9918845.7341200514309965.JavaMail.root@office.splatnix.net> Message-ID: <17573526.7361200514334786.JavaMail.root@office.splatnix.net> Cheap shot Jules ;) But a pressie on the way. Hope your Anthropology is up to date ;) Best Wishes, Phil -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Julian Field" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Thank you all very much for your messages and kind comments, they're > great to read. > > I'm going to crack open a certain bottle of cognac tonight :-) > Currently > tucking into a bottle of Chablis bought for me by my lodger, but > that's > not going to last long! > > If you are feeling particularly wealthy, my wish list is always > available at > http://www.amazon.co.uk/gp/registry/wishlist/1W99HT2WWW5PB > :-) > > Thanks guys! > > P.S. Am currently testing Mail-ClamAV-0.21 and it seems to work okay > so > far, despite the "perl Makefile.PL" complaining that it couldn't find > > the library with -lclamav. "MailScanner --lint" works fine though, as > > does a batch with various hidden copies of Eicar in it. Once someone > else confirms that it works, I'll update the ClamAV+SpamAssassin > package. I'm testing it on a new install of a RedHat 5.1 system. > > shuttlebox wrote: > > Thank you for an excellent product and even better support. > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration > help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHjl/vEfZZRxQVtlQRAiSIAJsHeeoHMXkoFXt9ylkCWqrFwj/dJQCgtW/+ > GDr8MTUxQzjNXZTrgymol9o= > =gbp8 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dgottsc at emory.edu Wed Jan 16 20:54:18 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Wed Jan 16 20:53:38 2008 Subject: Happy Birthday Julian In-Reply-To: <478E5612.3060906@alexb.ch> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com>, <478E5612.3060906@alexb.ch> Message-ID: Happy Birthday Julian! We love MailScanner here at Emory!!!! David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From MailScanner at ecs.soton.ac.uk Wed Jan 16 22:23:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 16 22:27:56 2008 Subject: PathTools 3.26 issues Message-ID: <478E83E1.5050103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've done a diff of the code changes between 3.2501 (which works) and 3.26 (which doesn't). The change is basically 1 line that calls a function which uses "strlcpy()" several times. In 3.2501, this line is not compiled, with the result that all the strlcpy() code is totally optimised out by the compiler and then the linker. In 3.26, this line is used, so all the strlcpy() code is compiled and linked in. Unfortunately, strlcpy() is not included in the GNU C library. According to a Mac, strlcpy() does this: The strlcpy() and strlcat() functions copy and concatenate strings respectively. They are designed to be safer, more consistent, and less error prone replacements for strncpy(3) and strncat(3). Unlike those functions, strlcpy() and strlcat() take the full size of the buffer (not just the length) and guarantee to NUL-terminate the result (as long as size is larger than 0 or, in the case of strlcat(), as long as there is at least one byte free in dst). Note that you should include a byte for the NUL in size. Also note that strlcpy() and strlcat() only operate on true ``C'' strings. This means that for strlcpy() src must be NUL-termi- nated and for strlcat() both src and dst must be NUL-terminated. The strlcpy() function copies up to size - 1 characters from the NUL-ter- minated string src to dst, NUL-terminating the result. But Linux, for example, does not include strlcpy(). Oops. There is no simple work-around that I can write in MailScanner to avoid calling this code. The Perl function 'cwd' (read the current working directory) now doesn't work in 3.26, and will cause Perl to bomb out with this error: /usr/bin/perl: symbol lookup error: /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/auto/Cwd/Cwd.so: undefined symbol: strlcpy I really do need to read the current working directory once in a while. So until the author of PathTools (File::Spec) chooses to include source for strlcpy() in his module source code, this is going to stay broken. Sorry, but that's it. He broke it. I would be grateful if someone could contact the author of PathTools and ask him to fix his code so that it works on rather more systems than it does now (which is not many). Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHjoPjEfZZRxQVtlQRAjPdAJ4rhJB9NoVJ4PJ53l6rJR1SrGjzcACg+K97 eQTTRsKuhMV5ZOAkOXeGcg4= =iV10 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at mckerrs.net Thu Jan 17 02:46:03 2008 From: mailscanner at mckerrs.net (mailscanner@mckerrs.net) Date: Thu Jan 17 02:40:35 2008 Subject: OT: Web Mail Client In-Reply-To: <17925897.1541200537836197.JavaMail.root@zimbra.mckerrs.net> Message-ID: <32521535.1561200537963250.JavaMail.root@zimbra.mckerrs.net> I use the open source version of zimbra. It kicks outlook's ass. http://zimbra.com ----- "Julian Field" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > OT as ever :-) > Check out roundcube. Lots of very clever Javascript. > > Phil Udel wrote: > > Can anyone suggest a Web Mail Client. I have been using > SquirrelMail > > for years. > > Management wants a client with a Outlook fell. > > > > Anyway, I was looking at openwebmail but don;t really know that much > > > about it. > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration > help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHjQWyEfZZRxQVtlQRAkGCAKDKCmW699Qp4BNAMCXTzYBUEh0fugCg0MKW > KjMUPInOPBSkuhcNHmohLgo= > =xP0j > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ajos1 at onion.demon.co.uk Thu Jan 17 08:38:34 2008 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Thu Jan 17 08:38:45 2008 Subject: Mail-ClamAV-0.21.tar.gz Message-ID: - Mail-ClamAV-0.21.tar.gz It works with: clamav-0.92.tar.gz From P.G.M.Peters at utwente.nl Thu Jan 17 09:08:25 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Thu Jan 17 09:08:37 2008 Subject: PathTools 3.26 issues In-Reply-To: <478E83E1.5050103@ecs.soton.ac.uk> References: <478E83E1.5050103@ecs.soton.ac.uk> Message-ID: <478F1B09.9000708@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote on 16-1-2008 23:23: | But Linux, for example, does not include strlcpy(). Oops. Some interesting information: http://en.wikipedia.org/wiki/Strlcpy And I also found http://www.linux.com/base/ldp/howto/Secure-Programs-HOWTO/library-c.html which states "In glib these functions are named g_strlcpy and g_strlcat (not strlcpy or strlcat) to be consistent with the glib library naming conventions." and "One minor disadvantage of strlcpy(3) and strlcat(3) is that they are not, by default, installed in most Unix-like systems." - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHjxsIelLo80lrIdIRAlPvAJ9DlI/RtsO+L3YOXb7x4W9gkaluZwCbBo6G DBxYp2BqWYzXY9q0NWvPTSw= =GFhD -----END PGP SIGNATURE----- From micoots at yahoo.com Thu Jan 17 09:38:59 2008 From: micoots at yahoo.com (Michael Mansour) Date: Thu Jan 17 09:39:09 2008 Subject: OT: Web Mail Client In-Reply-To: <32521535.1561200537963250.JavaMail.root@zimbra.mckerrs.net> Message-ID: <160213.80655.qm@web33302.mail.mud.yahoo.com> Hi, --- mailscanner@mckerrs.net wrote: > I use the open source version of zimbra. It kicks > outlook's ass. > > http://zimbra.com > > > ----- "Julian Field" > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > OT as ever :-) > > Check out roundcube. Lots of very clever > Javascript. > > > > Phil Udel wrote: > > > Can anyone suggest a Web Mail Client. I have > been using > > SquirrelMail > > > for years. > > > Management wants a client with a Outlook fell. > > > > > > Anyway, I was looking at openwebmail but don;t > > > really know that much about it. I've been using OpenWebmail (OWM) for the last 7 years and still use it to this day. There's not much to really know about it. It's perl-based, works with mbox files directly (no imap), it fast, has a web calendar, web disk and can integrate virus scanning (like clamav f.e.) into the system. I don't care too much for "fat" clients and heaps of bells and whistles. The web brings us the ability to access data from anywhere in the world, and my priority is speed, saving time in my life to do other things than see eye candy. That's not to say OWM doesn't look good, it does, but that is to say it's fast, been around for so long, is mature, stable and handles Webmail for clients of the largest ISP's and ASP's in Australia (100,000+ email accounts is normal). Regards, Michael. > > Jules > > > > - -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at > www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system > administration > > help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 > 5947 1415 B654 > > PGP public key: http://www.jules.fm/julesfm.asc > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.7.0 (Build 1012) > > Comment: Use Thunderbird's Enigmail add-on to > verify this message > > Charset: ISO-8859-1 > > > > > wj8DBQFHjQWyEfZZRxQVtlQRAkGCAKDKCmW699Qp4BNAMCXTzYBUEh0fugCg0MKW > > KjMUPInOPBSkuhcNHmohLgo= > > =xP0j > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read > http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From MailScanner at ecs.soton.ac.uk Thu Jan 17 09:42:45 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 17 09:43:11 2008 Subject: PathTools 3.26 issues In-Reply-To: <478F1B09.9000708@utwente.nl> References: <478E83E1.5050103@ecs.soton.ac.uk> <478F1B09.9000708@utwente.nl> Message-ID: <478F2315.1020103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fortunately the author of PathTools has already fixed it, and there is now PathTools-3.27 which works again. Peter Peters wrote: > * PGP Signed by an unverified key: 01/17/08 at 09:08:24 > > Julian Field wrote on 16-1-2008 23:23: > > | But Linux, for example, does not include strlcpy(). Oops. > > Some interesting information: http://en.wikipedia.org/wiki/Strlcpy > > And I also found > http://www.linux.com/base/ldp/howto/Secure-Programs-HOWTO/library-c.html > which states "In glib these functions are named g_strlcpy and g_strlcat > (not strlcpy or strlcat) to be consistent with the glib library naming > conventions." and "One minor disadvantage of strlcpy(3) and strlcat(3) > is that they are not, by default, installed in most Unix-like systems." > > -- > Peter Peters, Teamleider Unix/Linux-Beheer > ICT-Servicecentrum > Universiteit Twente, Postbus 217, 7500 AE Enschede > Telefoon 053 489 2301, Fax 053 489 2383, > P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts > > * Peter Peters > * 0x496B21D2 - Unverified(L) > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHjyMVEfZZRxQVtlQRAnRHAKDAH7rGx3Ifx2NMDsOzF5tA1S/EWwCgzMSZ oDQdW+SYhoR6UT+j/AmgmXU= =B4bO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From micoots at yahoo.com Thu Jan 17 09:58:12 2008 From: micoots at yahoo.com (Michael Mansour) Date: Thu Jan 17 09:58:22 2008 Subject: Mail-ClamAV-0.21.tar.gz In-Reply-To: <478E3A3E.50904@ecs.soton.ac.uk> Message-ID: <407561.43320.qm@web33305.mail.mud.yahoo.com> Hi Julian, > Can you let us all know if it works or not? I'll be testing it shortly on my servers (Red Hat based) and will let you know the results. Regards, Michael. > ajos1@onion.demon.co.uk wrote: > > - > > > > Rock and roll, Mail-ClamAV-0.21 is out and > about... > > > > > http://search.cpan.org/CPAN/authors/id/S/SA/SABECK/Mail-ClamAV-0.21.tar.gz > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at > www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new > requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 > 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHjjo/EfZZRxQVtlQRAisjAJ9FtlrHhenoozRuYfjkyQtLNRLqIgCglsur > eITFzhrg8Q0Kz52MwM5hvn4= > =PmIT > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read > http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off > the website! > Make the switch to the world's best email. Get the new Yahoo!7 Mail now. www.yahoo7.com.au/worldsbestemail From glenn.steen at gmail.com Thu Jan 17 10:26:33 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 17 10:26:44 2008 Subject: How to know if I'm blacklisted In-Reply-To: <478E227F.1040201@evi-inc.com> References: <478E227F.1040201@evi-inc.com> Message-ID: <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> On 16/01/2008, Matt Kettler wrote: (snip) > The other part is your HELO is mail2.CANAL4. That really should be a valid > hostname. It's technically not against the RFC's to spew garbage here, but it > does show poor server administration, and some misguided sites seem to think > HELO must be a valid hostname and filter such things (the RFC's merely say > SHOULD, not MUST). You might want to fix the hostname your mailserver thinks of > itself as. > Um, not misguided as in "that could be anything". At least 2821 is pretty clear that the argument to EHLO (use of which is only a SHOULD in conjunction with the stipulation that "if you don't use EHLO you MUST use HELO", more or less) need be a FQDN, unless you are operating in a situation where such isn't valid (no valid reverse lookup or dynamic allocation of IP etc), in which case it "should" be an address literal... So rejecting on an invalid domain (or address literal) SHOULD be quite OK;-). In reality, there might be a few admins that get this wrong. Bah, couldn't care less, this drops a huge amount of spam for me. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brian.okeeffe at kepak.com Thu Jan 17 11:28:19 2008 From: brian.okeeffe at kepak.com (Brian O'Keeffe) Date: Thu Jan 17 11:28:36 2008 Subject: Storing Duplicate Copies of Quarantine Message-ID: <478F3BD3.5070605@kepak.com> Hi all, I'm running two mail gateways with MailScanner and MailWatch, I've trying to give users access to release their quarantined mails using MailWatch's quarantine report but want to give users a single point of contact rather than getting reports from both gateways and releasing mails from both. I've set up NFS shares so that the gateways can write to each other and set up Master-Master replication on the MySql databases on both. Where I'm having a problem is getting MailScanner to write Quarantined files to the quarantine folder on the box that its running on and also to the quarantine on the other gateway. I've got it writing to the archive on both machines but just can't get the quarantine to do the same. Is there some way I can write a ruleset to achieve this? Any assistance, ideas or comments would be very gratefully received. Regards Brian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Jan 17 11:42:12 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 17 11:42:26 2008 Subject: How to know if I'm blacklisted In-Reply-To: <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> Message-ID: <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> On 17/01/2008, Glenn Steen wrote: > On 16/01/2008, Matt Kettler wrote: > (snip) > > The other part is your HELO is mail2.CANAL4. That really should be a valid > > hostname. It's technically not against the RFC's to spew garbage here, but it > > does show poor server administration, and some misguided sites seem to think > > HELO must be a valid hostname and filter such things (the RFC's merely say > > SHOULD, not MUST). You might want to fix the hostname your mailserver thinks of > > itself as. > > > Um, not misguided as in "that could be anything". At least 2821 is > pretty clear that the argument to EHLO (use of which is only a SHOULD > in conjunction with the stipulation that "if you don't use EHLO you > MUST use HELO", more or less) need be a FQDN, unless you are operating > in a situation where such isn't valid (no valid reverse lookup or > dynamic allocation of IP etc), in which case it "should" be an address > literal... So rejecting on an invalid domain (or address literal) > SHOULD be quite OK;-). > > In reality, there might be a few admins that get this wrong. Bah, > couldn't care less, this drops a huge amount of spam for me. > > Cheers Further... As you know, RFC821 isn't too specific about the argument to HELO (which is all there is for older specs), but this is ... rectified in RFC1123 (along with a few other protocols that weren't that well defined from the start:-). Below is a quote of the section about the HELO command, where it clearly states a MUST (which isn't that clearly stated in the definition of EHLO in RFC2821, I'll grant that:-). And in the DISCUSSION you see that the standard even suggest rejection on *pure bad formatting* as a very viable option, with a well-defined return. 2821 obsoletes (among others) and updates 1123, so ... this is clearly a MUST and not SHOULD. Go ahead and start using this Matt, it is very effective;-). ------------ 5.2.5 HELO Command: RFC-821 Section 3.5 The sender-SMTP MUST ensure that the parameter in a HELO command is a valid principal host domain name for the client host. As a result, the receiver-SMTP will not have to perform MX resolution on this name in order to validate the HELO parameter. The HELO receiver MAY verify that the HELO parameter really Internet Engineering Task Force [Page 50] RFC1123 MAIL -- SMTP & RFC-822 October 1989 corresponds to the IP address of the sender. However, the receiver MUST NOT refuse to accept a message, even if the sender's HELO command fails verification. DISCUSSION: Verifying the HELO parameter requires a domain name lookup and may therefore take considerable time. An alternative tool for tracking bogus mail sources is suggested below (see "DATA Command"). Note also that the HELO argument is still required to have valid syntax, since it will appear in a Received: line; otherwise, a 501 error is to be sent. IMPLEMENTATION: When HELO parameter validation fails, a suggested procedure is to insert a note about the unknown authenticity of the sender into the message header (e.g., in the "Received:" line). -------------- Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Howard at harper-adams.ac.uk Thu Jan 17 12:17:26 2008 From: Howard at harper-adams.ac.uk (Howard Robinson) Date: Thu Jan 17 12:19:45 2008 Subject: Notifying blocked passworded attachments problem In-Reply-To: <478F3BD3.5070605@kepak.com> References: <478F3BD3.5070605@kepak.com> Message-ID: <478F4755.20E8.005B.0@harper-adams.ac.uk> Hello We use MailScanner on our mail gateway and all 'none GroupWise' mail goes via it. Email coming from my hotmail account with a password protected file has the attachment blocked as set. On GroupWise I get an email telling me this. So far this is good If I add rule to notify my Hotmail account (for testing) the attachment is blocked, my GroupWise account still gets a message saying it is blocked AND I get an email on my hotmail account telling me it has been block. Again good so far. It's doing exactly what it says in the Mailscanner documentation (I have the book) HOWEVER If I want to do this in reverse ie From my GroupWise account via mailscanner to my hotmail account, the email is blocked, I get a message saying so on Hotmail BUT I don't get an email sent back to my GroupWise account. Just to clarify MailScanner isn't sending one - well it's not showing it is on MailWatch I have checked the rules (several times!) for typos etc and the addresses are in the right format etc etc. As it is actually checking the attachment I am assuming that is a notification problem. Is there another setting that would overrule this for emails coming from an internal system? I have a feeling there is but the 'little grey cells' are not releasing the information at the moment. Thanks Regards Howard Robinson Harper Adams University College From glenn.steen at gmail.com Thu Jan 17 12:23:04 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 17 12:23:14 2008 Subject: Storing Duplicate Copies of Quarantine In-Reply-To: <478F3BD3.5070605@kepak.com> References: <478F3BD3.5070605@kepak.com> Message-ID: <223f97700801170423q86504d1x9bbce5b00023e481@mail.gmail.com> On 17/01/2008, Brian O'Keeffe wrote: > Hi all, > > I'm running two mail gateways with MailScanner and MailWatch, I've > trying to give users access to release their quarantined mails using > MailWatch's quarantine report but want to give users a single point of > contact rather than getting reports from both gateways and releasing > mails from both. > I've set up NFS shares so that the gateways can write to each other and > set up Master-Master replication on the MySql databases on both. Where > I'm having a problem is getting MailScanner to write Quarantined files > to the quarantine folder on the box that its running on and also to the > quarantine on the other gateway. I've got it writing to the archive on > both machines but just can't get the quarantine to do the same. Is there > some way I can write a ruleset to achieve this? > > Any assistance, ideas or comments would be very gratefully received. > > Regards > > Brian > Why go through all this, when MailWatch can log to one DB and release (through XML-RPC) from both? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gsjarvis at infoservers.net Thu Jan 17 13:00:21 2008 From: gsjarvis at infoservers.net (Graham S. Jarvis) Date: Thu Jan 17 12:59:55 2008 Subject: OT: Building Newsletters In-Reply-To: <160213.80655.qm@web33302.mail.mud.yahoo.com> References: <160213.80655.qm@web33302.mail.mud.yahoo.com> Message-ID: <478F5165.6000804@infoservers.net> Hello All, I've noticed the few "OT" postings recently and - please excuse the nerve - I thought people might not mind if I joined in with my own "OT" request. I'm looking for an nice way of building simple text/html e-mail newsletters using template files and a web interface. If anyone has any info./suggestions (clean one please) please contact me of-list: no.spam@pt.lu I will not post this "OT" here again! Thanks in advance, -Graham S. Jarvis- From brian.okeeffe at kepak.com Thu Jan 17 13:06:48 2008 From: brian.okeeffe at kepak.com (Brian O'Keeffe) Date: Thu Jan 17 13:07:00 2008 Subject: Storing Duplicate Copies of Quarantine In-Reply-To: <223f97700801170423q86504d1x9bbce5b00023e481@mail.gmail.com> References: <478F3BD3.5070605@kepak.com> <223f97700801170423q86504d1x9bbce5b00023e481@mail.gmail.com> Message-ID: <478F52E8.4010003@kepak.com> Glenn Steen wrote: > On 17/01/2008, Brian O'Keeffe wrote: > >> Hi all, >> >> I'm running two mail gateways with MailScanner and MailWatch, I've >> trying to give users access to release their quarantined mails using >> MailWatch's quarantine report but want to give users a single point of >> contact rather than getting reports from both gateways and releasing >> mails from both. >> I've set up NFS shares so that the gateways can write to each other and >> set up Master-Master replication on the MySql databases on both. Where >> I'm having a problem is getting MailScanner to write Quarantined files >> to the quarantine folder on the box that its running on and also to the >> quarantine on the other gateway. I've got it writing to the archive on >> both machines but just can't get the quarantine to do the same. Is there >> some way I can write a ruleset to achieve this? >> >> Any assistance, ideas or comments would be very gratefully received. >> >> Regards >> >> Brian >> >> > Why go through all this, when MailWatch can log to one DB and release > (through XML-RPC) from both? > > Cheers > Thanks Glenn but I'm trying to build in redundancy as well, so if one gateway drops then the other still has everything necessary and at most all i need do is activate the MailWatch Quarantine report. Am I misreading the MailWatch documentation or can I use the XML-RPC to do this. Regards Brian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From support-lists at petdoctors.co.uk Thu Jan 17 13:55:48 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 17 13:56:21 2008 Subject: Searching mail archives Message-ID: <000301c85910$aa02d400$3c65a8c0@support01> Hi, I need to search a months-worth of mail archives (/var/spool/MailScanner/archive/200611**) for a specific sender, subject and attachment. I have had a play with grep and awk but I am not doing very well!! Are there any utilities to help or can anyone suggest a sensible command line that will do the job? Thanks Nigel Kendrick From lists at hbcs.org Thu Jan 17 14:05:56 2008 From: lists at hbcs.org (Dave C) Date: Thu Jan 17 14:06:16 2008 Subject: Searching mail archives In-Reply-To: <000301c85910$aa02d400$3c65a8c0@support01> References: <000301c85910$aa02d400$3c65a8c0@support01> Message-ID: <478F60C4.9000607@hbcs.org> Nigel Kendrick wrote: > Hi, > > I need to search a months-worth of mail archives > (/var/spool/MailScanner/archive/200611**) for a specific sender, subject and > attachment. I have had a play with grep and awk but I am not doing very > well!! > > Are there any utilities to help or can anyone suggest a sensible command > line that will do the job? > > Thanks > > Nigel Kendrick > This works pretty good for me.. (watch the word wrap and the searchterm needs to be in single quotes) find /var/spool/MailScanner/archive/200611?? -type f -name df\* -exec grep -il 'searchterm' {} \; -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Jan 17 14:20:32 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 17 14:20:43 2008 Subject: Storing Duplicate Copies of Quarantine In-Reply-To: <478F52E8.4010003@kepak.com> References: <478F3BD3.5070605@kepak.com> <223f97700801170423q86504d1x9bbce5b00023e481@mail.gmail.com> <478F52E8.4010003@kepak.com> Message-ID: <223f97700801170620g421a5064y767e05aeee2538a1@mail.gmail.com> On 17/01/2008, Brian O'Keeffe wrote: > Glenn Steen wrote: > > On 17/01/2008, Brian O'Keeffe wrote: > > > >> Hi all, > >> > >> I'm running two mail gateways with MailScanner and MailWatch, I've > >> trying to give users access to release their quarantined mails using > >> MailWatch's quarantine report but want to give users a single point of > >> contact rather than getting reports from both gateways and releasing > >> mails from both. > >> I've set up NFS shares so that the gateways can write to each other and > >> set up Master-Master replication on the MySql databases on both. Where > >> I'm having a problem is getting MailScanner to write Quarantined files > >> to the quarantine folder on the box that its running on and also to the > >> quarantine on the other gateway. I've got it writing to the archive on > >> both machines but just can't get the quarantine to do the same. Is there > >> some way I can write a ruleset to achieve this? > >> > >> Any assistance, ideas or comments would be very gratefully received. > >> > >> Regards > >> > >> Brian > >> > >> > > Why go through all this, when MailWatch can log to one DB and release > > (through XML-RPC) from both? > > > > Cheers > > > Thanks Glenn but I'm trying to build in redundancy as well, so if one > gateway drops then the other still has everything necessary and at most > all i need do is activate the MailWatch Quarantine report. Am I > misreading the MailWatch documentation or can I use the XML-RPC to do this. > Hi Brian, Hm, nah I don'tmthink you are, not wrt redundacy. Thing is you'll have to take XML-RPC and how this all is implemented in MW into account anyway, since the release functions look at where the quarantined item is stored (on which machine). Not that big a deal, just something that need be handled, if one (like you) plan to have the machines be completely redundant. The XML-RPC stuff simply place a call to do the action on the "other host" as needed, so ... not exactly what you are trying to do. What I meant was that your approach is rather more complex than using the simple thing that is already present, for data that mostly is very ... "losable":-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ian-list at securitypimp.com Thu Jan 17 14:25:51 2008 From: ian-list at securitypimp.com (Ian Lists) Date: Thu Jan 17 14:26:06 2008 Subject: Check SpamAssassin If On Spam List Question In-Reply-To: <8345215.171200579871269.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <3022862.191200579951615.JavaMail.root@postal.insourcedsecurity.com> If I have the "Spam Lists To Reach High Score" set to 1, is it still necessary to set "Check SpamAssassin If On Spam List" to yes. I am pretty sure it isn't necessary, but I'm confused about this sentence in the comment, "Setting this to "no" will reduce the load on your server, but will stop the High Scoring Spam Actions from ever happening." I'm having an issue with SpamAssassin timeouts and have tried looking at everything else. Thanks, Ian # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as "High Scoring Spam" and so # the "High Scoring Spam Actions" will happen. You probably want to set # this to 2 if you are actually using this feature. 5 is high enough that # it will never happen unless you use lots of "Spam Lists". # This can also be the filename of a ruleset. Spam Lists To Reach High Score = 1 # If the message sender is on any of the Spam Lists, do you still want # to do the SpamAssassin checks? Setting this to "no" will reduce the load # on your server, but will stop the High Scoring Spam Actions from ever # happening. # This can also be the filename of a ruleset. Check SpamAssassin If On Spam List = yes From martinh at solidstatelogic.com Thu Jan 17 14:34:43 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Jan 17 14:34:56 2008 Subject: Check SpamAssassin If On Spam List Question In-Reply-To: <3022862.191200579951615.JavaMail.root@postal.insourcedsecurity.com> Message-ID: Ian There's several things to help with SA timeouts. Bayes Dns For bayes make sure you're expiring within MS and have the wait during cleanup set in mailscanner.conf For DNS this is usually related to RBL's and the fact my default SA checks all its RBL's. So turn them all off (except for a couple you want) by giving that test a zero score in /etc/mail/spamassassin/mailscanner.cf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ian Lists > Sent: 17 January 2008 14:26 > To: mailscanner@lists.mailscanner.info > Subject: Check SpamAssassin If On Spam List Question > > If I have the "Spam Lists To Reach High Score" set to 1, is it still > necessary to set "Check SpamAssassin If On Spam List" to yes. I am pretty > sure it isn't necessary, but I'm confused about this sentence in the > comment, "Setting this to "no" will reduce the load on your server, but > will stop the High Scoring Spam Actions from ever happening." I'm having > an issue with SpamAssassin timeouts and have tried looking at everything > else. > > Thanks, > > Ian > > > # If a message appears in at least this number of "Spam Lists" (as defined > # above), then the message will be treated as "High Scoring Spam" and so > # the "High Scoring Spam Actions" will happen. You probably want to set > # this to 2 if you are actually using this feature. 5 is high enough that > # it will never happen unless you use lots of "Spam Lists". > # This can also be the filename of a ruleset. > Spam Lists To Reach High Score = 1 > > > # If the message sender is on any of the Spam Lists, do you still want > # to do the SpamAssassin checks? Setting this to "no" will reduce the load > # on your server, but will stop the High Scoring Spam Actions from ever > # happening. > # This can also be the filename of a ruleset. > Check SpamAssassin If On Spam List = yes > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Jan 17 14:57:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 17 14:57:40 2008 Subject: Searching mail archives In-Reply-To: <478F60C4.9000607@hbcs.org> References: <000301c85910$aa02d400$3c65a8c0@support01> <478F60C4.9000607@hbcs.org> Message-ID: <478F6CCD.2080102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave C wrote: > Nigel Kendrick wrote: >> Hi, >> >> I need to search a months-worth of mail archives >> (/var/spool/MailScanner/archive/200611**) for a specific sender, >> subject and >> attachment. I have had a play with grep and awk but I am not doing very >> well!! >> >> Are there any utilities to help or can anyone suggest a sensible command >> line that will do the job? >> >> Thanks >> >> Nigel Kendrick >> > This works pretty good for me.. (watch the word wrap and the > searchterm needs to be in single quotes) > > find /var/spool/MailScanner/archive/200611?? -type f -name df\* -exec > grep -il 'searchterm' {} \; What is enormously faster is find /var/spool/MailScanner/archive/200611?? -type f -name df\* -print | xargs grep -il 'searchterm' Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHj2zOEfZZRxQVtlQRAsDWAJ9LrgtMVZxZ/IzAsc8tgwBvNeNmEgCgvZPD +InZ5WUBxS2N1em1pfWUFtk= =ytrC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ian-list at securitypimp.com Thu Jan 17 14:58:04 2008 From: ian-list at securitypimp.com (Ian Lists) Date: Thu Jan 17 14:58:21 2008 Subject: Check SpamAssassin If On Spam List Question In-Reply-To: <25961846.221200581195340.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <22107897.241200581884763.JavaMail.root@postal.insourcedsecurity.com> In MailScanner.conf I have the following Spam Checks = yes Spam List = NJABL SORBS-SPAM spamhaus-ZEN spamcop.net SORBS-DUL ( I have tested this with only 1, but still saw the timeouts.) Rebuild Bayes Every = 86400 ( I just set this one, it was set to 0) Wait During Bayes Rebuild = yes In mailscanner.cf # skip_rbl_checks 1 rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 For the DNS piece, are you suggesting I set the "skip_rbl_checks" to 0, or is it a different option you are referring to? Thanks, Ian ----- "Martin.Hepworth" wrote: > Ian > > There's several things to help with SA timeouts. > > Bayes > > Dns > > For bayes make sure you're expiring within MS and have the wait during > cleanup set in mailscanner.conf > > For DNS this is usually related to RBL's and the fact my default SA > checks all its RBL's. So turn them all off (except for a couple you > want) by giving that test a zero score in > /etc/mail/spamassassin/mailscanner.cf. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Ian Lists > > Sent: 17 January 2008 14:26 > > To: mailscanner@lists.mailscanner.info > > Subject: Check SpamAssassin If On Spam List Question > > > > If I have the "Spam Lists To Reach High Score" set to 1, is it > still > > necessary to set "Check SpamAssassin If On Spam List" to yes. I am > pretty > > sure it isn't necessary, but I'm confused about this sentence in > the > > comment, "Setting this to "no" will reduce the load on your server, > but > > will stop the High Scoring Spam Actions from ever happening." I'm > having > > an issue with SpamAssassin timeouts and have tried looking at > everything > > else. > > > > Thanks, > > > > Ian > > > > > > # If a message appears in at least this number of "Spam Lists" (as > defined > > # above), then the message will be treated as "High Scoring Spam" > and so > > # the "High Scoring Spam Actions" will happen. You probably want to > set > > # this to 2 if you are actually using this feature. 5 is high enough > that > > # it will never happen unless you use lots of "Spam Lists". > > # This can also be the filename of a ruleset. > > Spam Lists To Reach High Score = 1 > > > > > > # If the message sender is on any of the Spam Lists, do you still > want > > # to do the SpamAssassin checks? Setting this to "no" will reduce > the load > > # on your server, but will stop the High Scoring Spam Actions from > ever > > # happening. > > # This can also be the filename of a ruleset. > > Check SpamAssassin If On Spam List = yes > > > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From lists at hbcs.org Thu Jan 17 15:04:45 2008 From: lists at hbcs.org (Dave C) Date: Thu Jan 17 15:05:01 2008 Subject: Searching mail archives In-Reply-To: <478F6CCD.2080102@ecs.soton.ac.uk> References: <000301c85910$aa02d400$3c65a8c0@support01> <478F60C4.9000607@hbcs.org> <478F6CCD.2080102@ecs.soton.ac.uk> Message-ID: <478F6E8D.3010903@hbcs.org> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Dave C wrote: >> Nigel Kendrick wrote: >>> Hi, >>> >>> I need to search a months-worth of mail archives >>> (/var/spool/MailScanner/archive/200611**) for a specific sender, >>> subject and >>> attachment. I have had a play with grep and awk but I am not doing very >>> well!! >>> >>> Are there any utilities to help or can anyone suggest a sensible command >>> line that will do the job? >>> >>> Thanks >>> >>> Nigel Kendrick >>> >> This works pretty good for me.. (watch the word wrap and the >> searchterm needs to be in single quotes) >> >> find /var/spool/MailScanner/archive/200611?? -type f -name df\* -exec >> grep -il 'searchterm' {} \; > What is enormously faster is > find /var/spool/MailScanner/archive/200611?? -type f -name df\* -print | > xargs grep -il 'searchterm' > > Jules > And the Master teaches another apprentice. ( I really need to stop lurking on here ;-) ) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Jan 17 15:17:35 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 17 15:17:45 2008 Subject: How to know if I'm blacklisted In-Reply-To: <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> Message-ID: <223f97700801170717r5106b23cx6e60e931c3ee8331@mail.gmail.com> On 17/01/2008, Glenn Steen wrote: (snip) > well-defined return. 2821 obsoletes (among others) and updates 1123, That should've been: 2821 obsoletes 821 (among others) and updates 1123 ... Sorry about that. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brian.okeeffe at kepak.com Thu Jan 17 15:18:37 2008 From: brian.okeeffe at kepak.com (Brian O'Keeffe) Date: Thu Jan 17 15:18:53 2008 Subject: Storing Duplicate Copies of Quarantine In-Reply-To: <223f97700801170620g421a5064y767e05aeee2538a1@mail.gmail.com> References: <478F3BD3.5070605@kepak.com> <223f97700801170423q86504d1x9bbce5b00023e481@mail.gmail.com> <478F52E8.4010003@kepak.com> <223f97700801170620g421a5064y767e05aeee2538a1@mail.gmail.com> Message-ID: <478F71CD.9090601@kepak.com> Glenn Steen wrote: > On 17/01/2008, Brian O'Keeffe wrote: > >> Glenn Steen wrote: >> >>> On 17/01/2008, Brian O'Keeffe wrote: >>> >>> >>>> Hi all, >>>> >>>> I'm running two mail gateways with MailScanner and MailWatch, I've >>>> trying to give users access to release their quarantined mails using >>>> MailWatch's quarantine report but want to give users a single point of >>>> contact rather than getting reports from both gateways and releasing >>>> mails from both. >>>> I've set up NFS shares so that the gateways can write to each other and >>>> set up Master-Master replication on the MySql databases on both. Where >>>> I'm having a problem is getting MailScanner to write Quarantined files >>>> to the quarantine folder on the box that its running on and also to the >>>> quarantine on the other gateway. I've got it writing to the archive on >>>> both machines but just can't get the quarantine to do the same. Is there >>>> some way I can write a ruleset to achieve this? >>>> >>>> Any assistance, ideas or comments would be very gratefully received. >>>> >>>> Regards >>>> >>>> Brian >>>> >>>> >>>> >>> Why go through all this, when MailWatch can log to one DB and release >>> (through XML-RPC) from both? >>> >>> Cheers >>> >>> >> Thanks Glenn but I'm trying to build in redundancy as well, so if one >> gateway drops then the other still has everything necessary and at most >> all i need do is activate the MailWatch Quarantine report. Am I >> misreading the MailWatch documentation or can I use the XML-RPC to do this. >> >> > Hi Brian, > > Hm, nah I don'tmthink you are, not wrt redundacy. > Thing is you'll have to take XML-RPC and how this all is implemented > in MW into account anyway, since the release functions look at where > the quarantined item is stored (on which machine). Not that big a > deal, just something that need be handled, if one (like you) plan to > have the machines be completely redundant. > The XML-RPC stuff simply place a call to do the action on the "other > host" as needed, so ... not exactly what you are trying to do. > > What I meant was that your approach is rather more complex than using > the simple thing that is already present, for data that mostly is very > ... "losable":-):-). > > Cheers > Hi Glenn Seemed like a reasonably straightforward idea when I started out, might just try using rsync to handle the quarantine files. Thanks Brian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Thu Jan 17 15:35:21 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 17 15:36:19 2008 Subject: Searching mail archives In-Reply-To: <478F6CCD.2080102@ecs.soton.ac.uk> References: <000301c85910$aa02d400$3c65a8c0@support01> <478F60C4.9000607@hbcs.org> <478F6CCD.2080102@ecs.soton.ac.uk> Message-ID: <478F75B9.1080800@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Dave C wrote: > >> Nigel Kendrick wrote: >> >>> Hi, >>> >>> I need to search a months-worth of mail archives >>> (/var/spool/MailScanner/archive/200611**) for a specific sender, >>> subject and >>> attachment. I have had a play with grep and awk but I am not doing very >>> well!! >>> >>> Are there any utilities to help or can anyone suggest a sensible command >>> line that will do the job? >>> >>> Thanks >>> >>> Nigel Kendrick >>> >>> >> This works pretty good for me.. (watch the word wrap and the >> searchterm needs to be in single quotes) >> >> find /var/spool/MailScanner/archive/200611?? -type f -name df\* -exec >> grep -il 'searchterm' {} \; >> > What is enormously faster is > find /var/spool/MailScanner/archive/200611?? -type f -name df\* -print | > xargs grep -il 'searchterm' > > Jules > > If you are using Linux, grep can do recursive searches by itself: -R, -r, --recursive Read all files under each directory, recursively; this is equiva- lent to the -d recurse option. So, "cd /var/spool/MailScanner/archive/200611?? && grep -ril 'searchterm' $PWD" should also do it. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Denis.Beauchemin at USherbrooke.ca Thu Jan 17 15:40:56 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 17 15:43:05 2008 Subject: Searching mail archives In-Reply-To: <478F6CCD.2080102@ecs.soton.ac.uk> References: <000301c85910$aa02d400$3c65a8c0@support01> <478F60C4.9000607@hbcs.org> <478F6CCD.2080102@ecs.soton.ac.uk> Message-ID: <478F7708.9000602@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Dave C wrote: > >> Nigel Kendrick wrote: >> >>> Hi, >>> >>> I need to search a months-worth of mail archives >>> (/var/spool/MailScanner/archive/200611**) for a specific sender, >>> subject and >>> attachment. I have had a play with grep and awk but I am not doing very >>> well!! >>> >>> Are there any utilities to help or can anyone suggest a sensible command >>> line that will do the job? >>> >>> Thanks >>> >>> Nigel Kendrick >>> >>> >> This works pretty good for me.. (watch the word wrap and the >> searchterm needs to be in single quotes) >> >> find /var/spool/MailScanner/archive/200611?? -type f -name df\* -exec >> grep -il 'searchterm' {} \; >> > What is enormously faster is > find /var/spool/MailScanner/archive/200611?? -type f -name df\* -print | > xargs grep -il 'searchterm' > > Jules > > If you are using Linux, grep can do recursive searches by itself: -R, -r, --recursive Read all files under each directory, recursively; this is equiva- lent to the -d recurse option. And, "grep -ril 'searchterm' /var/spool/MailScanner/archive/200611??" would be shorter. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From support-lists at petdoctors.co.uk Thu Jan 17 16:00:32 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 17 16:01:01 2008 Subject: Searching mail archives In-Reply-To: <478F7708.9000602@USherbrooke.ca> Message-ID: <001601c85922$16cddf10$3c65a8c0@support01> Thanks to all those who replied - I will have a play, but I just wanted to make sure that these searches will support multiple criteria - for example, I am looking for an email sent by 'joe.bloggs@...' that probably has 'expenses' in the subject line and was sent to 'sue.smith@..' with an .xls spreadsheet attached. Can you do that in one pass? Nigel From gsjarvis at infoservers.net Thu Jan 17 16:06:47 2008 From: gsjarvis at infoservers.net (Graham S. Jarvis) Date: Thu Jan 17 16:06:21 2008 Subject: Searching mail archives In-Reply-To: <478F7708.9000602@USherbrooke.ca> References: <000301c85910$aa02d400$3c65a8c0@support01> <478F60C4.9000607@hbcs.org> <478F6CCD.2080102@ecs.soton.ac.uk> <478F7708.9000602@USherbrooke.ca> Message-ID: <478F7D17.7020400@infoservers.net> Hello, MANY thanks !!!! This is what I've been looking for for a while now - So, how does "one" I expand this to remove all the spam from my archives? i.e. Each day have cron run a job to remove the df (and qf) files where the df file contains "Spam?". (Or be more clever and use the spam score header). Anyone prepared to code this for us non-programmer types ;-) Again, thanks for the idea! -Graham- Denis Beauchemin wrote on 17/01/2008 16:40: > Julian Field a ?crit : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Dave C wrote: >> >>> Nigel Kendrick wrote: >>> >>>> Hi, >>>> >>>> I need to search a months-worth of mail archives >>>> (/var/spool/MailScanner/archive/200611**) for a specific sender, >>>> subject and >>>> attachment. I have had a play with grep and awk but I am not doing >>>> very >>>> well!! >>>> >>>> Are there any utilities to help or can anyone suggest a sensible >>>> command >>>> line that will do the job? >>>> >>>> Thanks >>>> >>>> Nigel Kendrick >>>> >>>> >>> This works pretty good for me.. (watch the word wrap and the >>> searchterm needs to be in single quotes) >>> >>> find /var/spool/MailScanner/archive/200611?? -type f -name df\* >>> -exec grep -il 'searchterm' {} \; >> What is enormously faster is >> find /var/spool/MailScanner/archive/200611?? -type f -name df\* >> -print | xargs grep -il 'searchterm' >> >> Jules >> >> > If you are using Linux, grep can do recursive searches by itself: > -R, -r, --recursive > Read all files under each directory, recursively; this is equiva- > lent to the -d recurse option. > > And, "grep -ril 'searchterm' /var/spool/MailScanner/archive/200611??" > would be shorter. > > Denis > From hvdkooij at vanderkooij.org Thu Jan 17 16:06:34 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jan 17 16:07:04 2008 Subject: OT: Building Newsletters In-Reply-To: <478F5165.6000804@infoservers.net> References: <160213.80655.qm@web33302.mail.mud.yahoo.com> <478F5165.6000804@infoservers.net> Message-ID: <478F7D0A.9060807@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Graham S. Jarvis wrote: | Hello All, | | I've noticed the few "OT" postings recently and - please excuse the | nerve - I thought people might not mind if I joined in with my own "OT" | request. Bring on the horses and chains. Let's quarter this one for starting a new OT thread as response to another OT thread. Flying with B.A. might also suffice as punishment. (Happy landings ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHj30IBvzDRVjxmYERAvWEAKC3wu1jp+QfEAxwjmFKc4frqLyvigCgjlgS FIh16kuTGKeZ+I44fiS5AoY= =XJPO -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Thu Jan 17 16:24:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 17 16:25:11 2008 Subject: Check SpamAssassin If On Spam List Question In-Reply-To: <3022862.191200579951615.JavaMail.root@postal.insourcedsecurity.com> References: <3022862.191200579951615.JavaMail.root@postal.insourcedsecurity.com> Message-ID: <478F8152.6030504@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ian Lists wrote: > If I have the "Spam Lists To Reach High Score" set to 1, is it still necessary to set "Check SpamAssassin If On Spam List" to yes. I am pretty sure it isn't necessary, but I'm confused about this sentence in the comment, "Setting this to "no" will reduce the load on your server, but will stop the High Scoring Spam Actions from ever happening." Looks like I need to improve the comment there. That last bit is no longer quite true, as enough spam list hits will cause it to hit high-scoring spam actions. Can you suggest some better wording for it? The description in The Book suffers from exactly the same problem. > I'm having an issue with SpamAssassin timeouts and have tried looking at everything else. > > Thanks, > > Ian > > > # If a message appears in at least this number of "Spam Lists" (as defined > # above), then the message will be treated as "High Scoring Spam" and so > # the "High Scoring Spam Actions" will happen. You probably want to set > # this to 2 if you are actually using this feature. 5 is high enough that > # it will never happen unless you use lots of "Spam Lists". > # This can also be the filename of a ruleset. > Spam Lists To Reach High Score = 1 > > > # If the message sender is on any of the Spam Lists, do you still want > # to do the SpamAssassin checks? Setting this to "no" will reduce the load > # on your server, but will stop the High Scoring Spam Actions from ever > # happening. > # This can also be the filename of a ruleset. > Check SpamAssassin If On Spam List = yes > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFHj4FSEfZZRxQVtlQRAgC8AKCX7L0Q3B1qicE6G72ulrGWpcBmMwCeL681 qCKkPtynz9btmyxyo6UImQg= =KrFU -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Jan 17 16:26:36 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 17 16:26:48 2008 Subject: Searching mail archives In-Reply-To: <478F7D17.7020400@infoservers.net> References: <000301c85910$aa02d400$3c65a8c0@support01> <478F60C4.9000607@hbcs.org> <478F6CCD.2080102@ecs.soton.ac.uk> <478F7708.9000602@USherbrooke.ca> <478F7D17.7020400@infoservers.net> Message-ID: <223f97700801170826j1cb11f34w56965bf80800bd5d@mail.gmail.com> On 17/01/2008, Graham S. Jarvis wrote: > Hello, > > MANY thanks !!!! > > This is what I've been looking for for a while now - > So, how does "one" I expand this to remove all the spam from my archives? > > i.e. Each day have cron run a job to remove the df (and qf) files where > the df file contains "Spam?". > (Or be more clever and use the spam score header). > > Anyone prepared to code this for us non-programmer types ;-) > > Again, thanks for the idea! > > -Graham- The solution is much simpler than that. Don't use the Archive Mail funtion to do your archiving, since that will contain every spam and virus you receive... Use the Non Spam Actions instead. Add "store" to that one, and presto, you will get an "archive" in the quarantine (in the nonspam subdirectory/each day). Add in MailWatch and you have a very simple and elegant solution;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Jan 17 16:27:55 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 17 16:28:40 2008 Subject: Searching mail archives In-Reply-To: <478F7D17.7020400@infoservers.net> References: <000301c85910$aa02d400$3c65a8c0@support01> <478F60C4.9000607@hbcs.org> <478F6CCD.2080102@ecs.soton.ac.uk> <478F7708.9000602@USherbrooke.ca> <478F7D17.7020400@infoservers.net> Message-ID: <478F820B.10006@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Graham S. Jarvis wrote: > Hello, > > MANY thanks !!!! > > This is what I've been looking for for a while now - > So, how does "one" I expand this to remove all the spam from my archives? > > i.e. Each day have cron run a job to remove the df (and qf) files > where the df file contains "Spam?". > (Or be more clever and use the spam score header). But how are you creating the archive? If it's MailScanner doing it, then normally the archive will be the original messages, without any MailScanner additions to them at all. So you won't be able to tell if they were spam or not, unless you grep the maillog to pull out the message queue ids of all the spam found. > > Anyone prepared to code this for us non-programmer types ;-) > > Again, thanks for the idea! > > -Graham- > > > > Denis Beauchemin wrote on 17/01/2008 16:40: >> Julian Field a ?crit : >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Dave C wrote: >>> >>>> Nigel Kendrick wrote: >>>> >>>>> Hi, >>>>> >>>>> I need to search a months-worth of mail archives >>>>> (/var/spool/MailScanner/archive/200611**) for a specific sender, >>>>> subject and >>>>> attachment. I have had a play with grep and awk but I am not doing >>>>> very >>>>> well!! >>>>> >>>>> Are there any utilities to help or can anyone suggest a sensible >>>>> command >>>>> line that will do the job? >>>>> >>>>> Thanks >>>>> >>>>> Nigel Kendrick >>>>> >>>>> >>>> This works pretty good for me.. (watch the word wrap and the >>>> searchterm needs to be in single quotes) >>>> >>>> find /var/spool/MailScanner/archive/200611?? -type f -name df\* >>>> -exec grep -il 'searchterm' {} \; >>> What is enormously faster is >>> find /var/spool/MailScanner/archive/200611?? -type f -name df\* >>> -print | xargs grep -il 'searchterm' >>> >>> Jules >>> >>> >> If you are using Linux, grep can do recursive searches by itself: >> -R, -r, --recursive >> Read all files under each directory, recursively; this is equiva- >> lent to the -d recurse option. >> >> And, "grep -ril 'searchterm' /var/spool/MailScanner/archive/200611??" >> would be shorter. >> >> Denis >> > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHj4ILEfZZRxQVtlQRArzcAJ99K2DazoGlEY/OO/FNRmWKWGhXBwCfYR6G 6qWOV1t1dWjdqdQunkXwg2I= =LWcq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 17 16:42:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 17 16:42:58 2008 Subject: OT: Web Mail Client In-Reply-To: <478E028C.6070602@cnpapers.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D05A6.5060508@ecs.soton.ac.uk> <478E028C.6070602@cnpapers.com> Message-ID: <478F8579.9000905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Campbell wrote: > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> OT as ever :-) >> Check out roundcube. Lots of very clever Javascript. >> > > Julian, > > Have you used this before as it's very new , and do you feel it's > suitable for enterprise/production sites? I've used it since it was very first launched. It's certainly suitable for us, works very nicely and the users like it too. My 2p worth. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHj4V6EfZZRxQVtlQRAj9iAJ44QzKqCypJUKuc+AdtdiLKmiWnqQCgmzly Ac9HEmOMBT8l/Azkon88PYI= =soC0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 17 17:20:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 17 17:20:44 2008 Subject: OT BarricadeMX 2.0 is released Message-ID: <478F8E55.4050306@ecs.soton.ac.uk> Fort Systems Ltd. is pleased to announce BarricadeMX 2.0, the new release of SnertSoft's smtpf filtering proxy software. In addition to speed, accuracy, and interface improvements, the new version also provides improved email DDOS protection. Release notes for this new version may be found at: http://www.fsl.com/docs/BMX_Smtpf%202%200%20Release%20Notes.pdf Distributions are available for CentOS and Red Hat 4.x, i386 and x86_64 CentOS and Red Hat 5.x, i386 and x86_64 SuSE 10.x FreeBSD 4.x and 6.x (without web interface) OpenBSD (without web Interface) Fort Systems is now able to offer a completely rpm based installation and with an update process for creating the ?simple to install and maintain anti-spam gateway? that has been discussed in this forum. Keeping this entire system and all applications up to date is now as simple as running `yum update`. An ISO download is available which installs CentOS 5 and the BarricadeMX server or you can create a basic Install of CentOS 5 and run the attached script after installation. This script will install and configure: BarricadeMX (the web interface) smtpf (The SMTP filtering proxy) SpamAssassin SARE rules DCC Razor Bayes MySQL starter database Please contact info@fsl.com if you need more information regarding the ISO download, the CentOS basic install instructions or to obtain the free, fully functional 30-day trial license key. Some advantages to running this simple gateway configuration include: ? No quarantine required: Mail is either delivered or returned to the sender with customized Non-Delivery Receipt. ? Very High Capacity: A single CPU, dual core system with 2 GB Of memory can easily handle over 1,000,000 connection attempts per day ? Web interface: A web interface is provided for configuration and statistics All of these advantages are also available when running BarricadeMX in front of MailScanner. Pre-filtering with BarricadeMX on an existing MailScanner server is as easy as running the basic BarricadeMX installation script. After installation BarricadeMX listens on port 25 and the MTA used by MailScanner is re-configured to listen on port 26. BarricadeMX is then configured to route mail for all domains to 127.0.0.1, port 26. This simple anti-spam gateway is so effective at accurately detecting spam that we will be the first company to offer a simple anti-spam guarantee. If BarricadeMX plus our customized version of SpamAssassin does not stop over 99% of the incoming spam with less than 0.1% false positives, we will return the cost of purchase. More details are available at our web sites: www.fsl.com www.snertsoft.com Thank you Julian Field Steve Freegard Steve Swaney -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- #!/bin/sh ############################################################################## # Fort Systems - BarricaderMX # BarricadeMX Installer ############################################################################## adduser fsl sleep 2 cd ~fsl wget http://fslupdate.com/test/fsl.repo cp fsl.repo /etc/yum.repos.d/ yum install BMXGold chkconfig clamd on service clamd restart chkconfig mysqld on service mysqld restart chkconfig httpd on service httpd restart wget http://fslupdate.com/test/bayesinstall.sh wget http://fslupdate.com/test/bayes_starter_db.tar.gz wget http://fslupdate.com/test/bayes.cf cp bayes.cf /etc/mail/spamassassin/ chmod 755 bayesinstall.sh /home/fsl/bayesinstall.sh wget http://fslupdate.com/SARE/sa-updater.tar.gz tar xzf sa-updater.tar.gz cd sa-update-pkg ./install.sh ./install.sh perl -pi - /etc/mail/spamassassin/v320.pre < Message-ID: <32126006.291200590492803.JavaMail.root@postal.insourcedsecurity.com> ----- "Julian Field" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Ian Lists wrote: > > If I have the "Spam Lists To Reach High Score" set to 1, is it still > necessary to set "Check SpamAssassin If On Spam List" to yes. I am > pretty sure it isn't necessary, but I'm confused about this sentence > in the comment, "Setting this to "no" will reduce the load on your > server, but will stop the High Scoring Spam Actions from ever > happening." > Looks like I need to improve the comment there. That last bit is no > longer quite true, as enough spam list hits will cause it to hit > high-scoring spam actions. Can you suggest some better wording for it? > Maybe just saying something like "Setting this to "no" will reduce the load on your server, but will prevent any additional points being added to the spam score. > The description in The Book suffers from exactly the same problem. > > > I'm having an issue with SpamAssassin timeouts and have tried > looking at everything else. > > > > Thanks, > > > > Ian > > > > > > # If a message appears in at least this number of "Spam Lists" (as > defined > > # above), then the message will be treated as "High Scoring Spam" > and so > > # the "High Scoring Spam Actions" will happen. You probably want to > set > > # this to 2 if you are actually using this feature. 5 is high enough > that > > # it will never happen unless you use lots of "Spam Lists". > > # This can also be the filename of a ruleset. > > Spam Lists To Reach High Score = 1 > > > > > > # If the message sender is on any of the Spam Lists, do you still > want > > # to do the SpamAssassin checks? Setting this to "no" will reduce > the load > > # on your server, but will stop the High Scoring Spam Actions from > ever > > # happening. > > # This can also be the filename of a ruleset. > > Check SpamAssassin If On Spam List = yes > > > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your > boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: UTF-8 > > wj8DBQFHj4FSEfZZRxQVtlQRAgC8AKCX7L0Q3B1qicE6G72ulrGWpcBmMwCeL681 > qCKkPtynz9btmyxyo6UImQg= > =KrFU > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From theodrake at comcast.net Thu Jan 17 17:32:40 2008 From: theodrake at comcast.net (Ed Bruce) Date: Thu Jan 17 17:32:41 2008 Subject: Happy Birthday Julian In-Reply-To: <478E5FE3.4080504@ecs.soton.ac.uk> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> <478E5FE3.4080504@ecs.soton.ac.uk> Message-ID: <478F9138.30607@comcast.net> Julian Field wrote: > Thank you all very much for your messages and kind comments, they're > great to read. > > I'm going to crack open a certain bottle of cognac tonight :-) Currently > tucking into a bottle of Chablis bought for me by my lodger, but that's > not going to last long! Missed the initial round but a belated Happy Birthday and I will lift a toast to you tonight. Cheers. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080117/236d3167/signature.bin From list-mailscanner at linguaphone.com Thu Jan 17 18:27:10 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Jan 17 18:27:19 2008 Subject: OT BarricadeMX 2.0 is released In-Reply-To: <478F8E55.4050306@ecs.soton.ac.uk> Message-ID: Sounds good. Is the press release on the main website somewhere? I often participate on experts-exchange and often point people to the defendermx appliance and mailscanner sites. This press release has all the info a lot of people are looking for so it would be a good thing to point people towards. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 17 January 2008 17:20 > To: MailScanner discussion > Subject: OT BarricadeMX 2.0 is released > > > Fort Systems Ltd. is pleased to announce BarricadeMX 2.0, the new > release of SnertSoft's smtpf filtering proxy software. In addition to > speed, accuracy, and interface improvements, the new version also > provides improved email DDOS protection. Release notes for this new > version may be found at: > > http://www.fsl.com/docs/BMX_Smtpf%202%200%20Release%20Notes.pdf > > Distributions are available for > > CentOS and Red Hat 4.x, i386 and x86_64 > CentOS and Red Hat 5.x, i386 and x86_64 > SuSE 10.x > FreeBSD 4.x and 6.x (without web interface) > OpenBSD (without web Interface) > > Fort Systems is now able to offer a completely rpm based installation > and with an update process for creating the ?simple to install and > maintain anti-spam gateway? that has been discussed in this forum. > Keeping this entire system and all applications up to date is now as > simple as running `yum update`. > > An ISO download is available which installs CentOS 5 and the BarricadeMX > server or you can create a basic Install of CentOS 5 and run the > attached script after installation. This script will install and > configure: > > BarricadeMX (the web interface) > smtpf (The SMTP filtering proxy) > SpamAssassin > SARE rules > DCC > Razor > Bayes MySQL starter database > > Please contact info@fsl.com if you need more information regarding the > ISO download, the CentOS basic install instructions or to obtain the > free, fully functional 30-day trial license key. > > Some advantages to running this simple gateway configuration include: > > ? No quarantine required: Mail is either delivered or returned to the > sender with customized Non-Delivery Receipt. > > ? Very High Capacity: A single CPU, dual core system with 2 GB Of memory > can easily handle over 1,000,000 connection attempts per day > > ? Web interface: A web interface is provided for configuration and > statistics > > All of these advantages are also available when running BarricadeMX in > front of MailScanner. > > Pre-filtering with BarricadeMX on an existing MailScanner server is as > easy as running the basic BarricadeMX installation script. After > installation BarricadeMX listens on port 25 and the MTA used by > MailScanner is re-configured to listen on port 26. BarricadeMX is then > configured to route mail for all domains to 127.0.0.1, port 26. > > This simple anti-spam gateway is so effective at accurately detecting > spam that we will be the first company to offer a simple anti-spam > guarantee. If BarricadeMX plus our customized version of SpamAssassin > does not stop over 99% of the incoming spam with less than 0.1% false > positives, we will return the cost of purchase. > > More details are available at our web sites: > > www.fsl.com > www.snertsoft.com > > Thank you > > Julian Field > Steve Freegard > Steve Swaney > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > From steve at fsl.com Thu Jan 17 18:41:57 2008 From: steve at fsl.com (Stephen Swaney) Date: Thu Jan 17 18:42:07 2008 Subject: OT BarricadeMX 2.0 is released In-Reply-To: References: Message-ID: <478FA175.8010408@fsl.com> Gareth wrote: > Sounds good. Is the press release on the main website somewhere? > I often participate on experts-exchange and often point people to the > defendermx appliance and mailscanner sites. > This press release has all the info a lot of people are looking for so it > would be a good thing to point people towards. > > The press release will be on the web site in a day or two. We typically give the MailScanner List the early release announcement. I'll let you know off list when it's available. Thanks, Steve Steve Swaney steve@fsl.com Cell: 202 352.3262 Office: 202 595.7760, ext 601 www.fsl.com From jplorier at montecarlotv.com.uy Thu Jan 17 19:38:52 2008 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Thu Jan 17 18:47:28 2008 Subject: How to know if I'm blacklisted (SOLVED) In-Reply-To: <200801162013.m0GKBN4q030833@safir.blacknight.ie> Message-ID: Hi everybody, Thanks for your help, especially to Matt Kettler who really took some time to research things for me. Matt, I know the header is wrong, but in fact is a testing server that made it's way to production when we had our mail server to crash, so configs are not what should be. As I use Scalix as mail server, it's not that easy to change hostname and settings so what we are doing is building a real server to change the emergency one. Thanks again for the great info you gave me, I'm also quite new in this mail stuff and I've been realizing for some time that is a world in it's own, so the best of your answer is that I learnt a lot from it. Thanks and regards. From uxbod at splatnix.net Thu Jan 17 18:55:26 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 17 18:59:23 2008 Subject: How to know if I'm blacklisted (SOLVED) In-Reply-To: Message-ID: <28272352.9261200596126102.JavaMail.root@office.splatnix.net> Hi Juan, If you have learnt something then fantastic :) we all start somewhere and everybody on this list is at a different level. End of the day somebody will always know more than yourself, and as a community which shares knowledge we all benefit and help others. That is the the sheer beauty of OSS. I am sure Matt will appreciate your public comments of thanks. Nice one Matt. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Thu Jan 17 20:00:23 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 17 20:01:39 2008 Subject: Searching mail archives In-Reply-To: <001601c85922$16cddf10$3c65a8c0@support01> References: <001601c85922$16cddf10$3c65a8c0@support01> Message-ID: <478FB3D7.5020806@USherbrooke.ca> Nigel Kendrick a ?crit : > Thanks to all those who replied - I will have a play, but I just wanted to > make sure that these searches will support multiple criteria - for example, > I am looking for an email sent by 'joe.bloggs@...' that probably has > 'expenses' in the subject line and was sent to 'sue.smith@..' with an .xls > spreadsheet attached. > > Can you do that in one pass? > > Nigel > > Nigel, You could do something like this: grep -il 'crit3' $(grep -il 'crit2' $(grep -ril 'crit1' /var/spool/MailScanner/archive/200611??)) Basically the output of one search (the list of matching files) is used as the file list to search for the next search. You can nest this as deep as you want. It would probably be faster if the first search criteria returned a small number of hits. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From mkettler at evi-inc.com Thu Jan 17 22:46:23 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jan 17 22:47:04 2008 Subject: How to know if I'm blacklisted In-Reply-To: <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> Message-ID: <478FDABF.2090601@evi-inc.com> Glenn Steen wrote: > On 16/01/2008, Matt Kettler wrote: > (snip) >> The other part is your HELO is mail2.CANAL4. That really should be a valid >> hostname. It's technically not against the RFC's to spew garbage here, but it >> does show poor server administration, and some misguided sites seem to think >> HELO must be a valid hostname and filter such things (the RFC's merely say >> SHOULD, not MUST). You might want to fix the hostname your mailserver thinks of >> itself as. >> > Um, not misguided as in "that could be anything". At least 2821 is > pretty clear that the argument to EHLO (use of which is only a SHOULD > in conjunction with the stipulation that "if you don't use EHLO you > MUST use HELO", more or less) need be a FQDN, unless you are operating > in a situation where such isn't valid (no valid reverse lookup or > dynamic allocation of IP etc), in which case it "should" be an address > literal... So rejecting on an invalid domain (or address literal) > SHOULD be quite OK;-). True, but if a system is using HELO instead of EHLO, anything goes. There's no MUST in the requirements for HELO, merely SHOULD. ie: it is 100% in RFC spec to issue: HELO somerandomgarbage Although it is not in-spec to do that for EHLO, as you point out. From mkettler at evi-inc.com Thu Jan 17 22:48:45 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jan 17 22:49:04 2008 Subject: How to know if I'm blacklisted In-Reply-To: <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> Message-ID: <478FDB4D.5060900@evi-inc.com> Glenn Steen wrote: > On 17/01/2008, Glenn Steen wrote: >> On 16/01/2008, Matt Kettler wrote: >> (snip) >>> The other part is your HELO is mail2.CANAL4. That really should be a valid >>> hostname. It's technically not against the RFC's to spew garbage here, but it >>> does show poor server administration, and some misguided sites seem to think >>> HELO must be a valid hostname and filter such things (the RFC's merely say >>> SHOULD, not MUST). You might want to fix the hostname your mailserver thinks of >>> itself as. >>> >> Um, not misguided as in "that could be anything". At least 2821 is >> pretty clear that the argument to EHLO (use of which is only a SHOULD >> in conjunction with the stipulation that "if you don't use EHLO you >> MUST use HELO", more or less) need be a FQDN, unless you are operating >> in a situation where such isn't valid (no valid reverse lookup or >> dynamic allocation of IP etc), in which case it "should" be an address >> literal... So rejecting on an invalid domain (or address literal) >> SHOULD be quite OK;-). >> >> In reality, there might be a few admins that get this wrong. Bah, >> couldn't care less, this drops a huge amount of spam for me. >> >> Cheers > > Further... As you know, RFC821 isn't too specific about the argument > to HELO (which is all there is for older specs), but this is ... > rectified in RFC1123 (along with a few other protocols that weren't > that well defined from the start:-). Below is a quote of the section > about the HELO command, where it clearly states a MUST (which isn't > that clearly stated in the definition of EHLO in RFC2821, I'll grant > that:-). And in the DISCUSSION you see that the standard even suggest > rejection on *pure bad formatting* as a very viable option, with a > well-defined return. 2821 obsoletes (among others) and updates 1123, > so ... this is clearly a MUST and not SHOULD. > Go ahead and start using this Matt, it is very effective;-). One thing, by your own citation, you MUST NOT use the verification of the HELO to refuse a message. So, using such validation to refuse mail is RFC non-compliant. > ------------ > However, the > receiver MUST NOT refuse to accept a message, even if the > sender's HELO command fails verification. > From mkettler at evi-inc.com Thu Jan 17 23:24:54 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jan 17 23:25:21 2008 Subject: How to know if I'm blacklisted In-Reply-To: <478FDABF.2090601@evi-inc.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <478FDABF.2090601@evi-inc.com> Message-ID: <478FE3C6.5060500@evi-inc.com> Matt Kettler wrote: > Glenn Steen wrote: >> On 16/01/2008, Matt Kettler wrote: >> (snip) >>> The other part is your HELO is mail2.CANAL4. That really should be a >>> valid >>> hostname. It's technically not against the RFC's to spew garbage >>> here, but it >>> does show poor server administration, and some misguided sites seem >>> to think >>> HELO must be a valid hostname and filter such things (the RFC's >>> merely say >>> SHOULD, not MUST). You might want to fix the hostname your mailserver >>> thinks of >>> itself as. >>> >> Um, not misguided as in "that could be anything". At least 2821 is >> pretty clear that the argument to EHLO (use of which is only a SHOULD >> in conjunction with the stipulation that "if you don't use EHLO you >> MUST use HELO", more or less) need be a FQDN, unless you are operating >> in a situation where such isn't valid (no valid reverse lookup or >> dynamic allocation of IP etc), in which case it "should" be an address >> literal... So rejecting on an invalid domain (or address literal) >> SHOULD be quite OK;-). > > True, but if a system is using HELO instead of EHLO, anything goes. > There's no MUST in the requirements for HELO, merely SHOULD. > > ie: it is 100% in RFC spec to issue: > > HELO somerandomgarbage > > Although it is not in-spec to do that for EHLO, as you point out. > Note: I retract this based on RFC 1123, however, RFC 1123 does prohibit refusing mail based on HELO verifications. From lists at openenterprise.ca Thu Jan 17 23:37:29 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Thu Jan 17 23:37:39 2008 Subject: False Positives with Email Signatures Message-ID: <478FE6B9.2050202@openenterprise.ca> We are running defenderMX on a clients gateway machine and there are many emails getting tagged as "FRAUD" which I believe are the various phishing checks. What is triggering these are messages where people have a web site url in their signatures. What is the best way to eliminate these false positives without reducing the number/level of checks? We tried adding the senders email address in 'Is Definately Not Spam" but this didnt make any difference. We are also asking this of FSL but thought there may be other MX users here not to mention some "general" suggestions from the MS community From steve.freegard at fsl.com Fri Jan 18 01:00:10 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Jan 18 00:56:40 2008 Subject: False Positives with Email Signatures In-Reply-To: <478FE6B9.2050202@openenterprise.ca> References: <478FE6B9.2050202@openenterprise.ca> Message-ID: <478FFA1A.1060908@fsl.com> Johnny Stork wrote: > We are running defenderMX on a clients gateway machine and there are > many emails getting tagged as "FRAUD" which I believe are the various > phishing checks. What is triggering these are messages where people have > a web site url in their signatures. What is the best way to eliminate > these false positives without reducing the number/level of checks? > > We tried adding the senders email address in 'Is Definately Not Spam" > but this didnt make any difference. Spam != Phishing, so whitelisting will not have any effect. The whitelist is for Spam checks only. > We are also asking this of FSL but thought there may be other MX users > here not to mention some "general" suggestions from the MS community The issue and solution are simple, make sure that the domain inside the href matches the link text if you are repeating the domain text e.g. www.fsl.com In your case, there is a typo in the href which reads 'wwww' instead of 'www', so the text is different and therefore the phishing checks catch this and the subject gets tagged with [Fraud?]. Fix the typo and all will be well. Kind regards, Steve. From glenn.steen at gmail.com Fri Jan 18 08:32:43 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 18 08:32:53 2008 Subject: How to know if I'm blacklisted In-Reply-To: <478FE3C6.5060500@evi-inc.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <478FDABF.2090601@evi-inc.com> <478FE3C6.5060500@evi-inc.com> Message-ID: <223f97700801180032i57446f88rad4d6e8fa1127cb6@mail.gmail.com> On 18/01/2008, Matt Kettler wrote: > Matt Kettler wrote: > > Glenn Steen wrote: > >> On 16/01/2008, Matt Kettler wrote: > >> (snip) > >>> The other part is your HELO is mail2.CANAL4. That really should be a > >>> valid > >>> hostname. It's technically not against the RFC's to spew garbage > >>> here, but it > >>> does show poor server administration, and some misguided sites seem > >>> to think > >>> HELO must be a valid hostname and filter such things (the RFC's > >>> merely say > >>> SHOULD, not MUST). You might want to fix the hostname your mailserver > >>> thinks of > >>> itself as. > >>> > >> Um, not misguided as in "that could be anything". At least 2821 is > >> pretty clear that the argument to EHLO (use of which is only a SHOULD > >> in conjunction with the stipulation that "if you don't use EHLO you > >> MUST use HELO", more or less) need be a FQDN, unless you are operating > >> in a situation where such isn't valid (no valid reverse lookup or > >> dynamic allocation of IP etc), in which case it "should" be an address > >> literal... So rejecting on an invalid domain (or address literal) > >> SHOULD be quite OK;-). > > > > True, but if a system is using HELO instead of EHLO, anything goes. > > There's no MUST in the requirements for HELO, merely SHOULD. > > > > ie: it is 100% in RFC spec to issue: > > > > HELO somerandomgarbage > > > > Although it is not in-spec to do that for EHLO, as you point out. > > > > Note: I retract this based on RFC 1123, however, RFC 1123 does prohibit refusing > mail based on HELO verifications. > On the contrary, if the domain name is malformed ... the return is 501;-). Look at the DISCUSSION, the second paragraph starting "Note...". The blurb about not rejecting based on verification is in regard to (IP) address verification ... You're not prohibited to do an MX lookup on the HELO string, but you're not allowed to reject based on that. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jan 18 08:35:58 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 18 08:36:08 2008 Subject: How to know if I'm blacklisted In-Reply-To: <478FDB4D.5060900@evi-inc.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> <478FDB4D.5060900@evi-inc.com> Message-ID: <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> On 17/01/2008, Matt Kettler wrote: > Glenn Steen wrote: > > On 17/01/2008, Glenn Steen wrote: > >> On 16/01/2008, Matt Kettler wrote: > >> (snip) > >>> The other part is your HELO is mail2.CANAL4. That really should be a valid > >>> hostname. It's technically not against the RFC's to spew garbage here, but it > >>> does show poor server administration, and some misguided sites seem to think > >>> HELO must be a valid hostname and filter such things (the RFC's merely say > >>> SHOULD, not MUST). You might want to fix the hostname your mailserver thinks of > >>> itself as. > >>> > >> Um, not misguided as in "that could be anything". At least 2821 is > >> pretty clear that the argument to EHLO (use of which is only a SHOULD > >> in conjunction with the stipulation that "if you don't use EHLO you > >> MUST use HELO", more or less) need be a FQDN, unless you are operating > >> in a situation where such isn't valid (no valid reverse lookup or > >> dynamic allocation of IP etc), in which case it "should" be an address > >> literal... So rejecting on an invalid domain (or address literal) > >> SHOULD be quite OK;-). > >> > >> In reality, there might be a few admins that get this wrong. Bah, > >> couldn't care less, this drops a huge amount of spam for me. > >> > >> Cheers > > > > Further... As you know, RFC821 isn't too specific about the argument > > to HELO (which is all there is for older specs), but this is ... > > rectified in RFC1123 (along with a few other protocols that weren't > > that well defined from the start:-). Below is a quote of the section > > about the HELO command, where it clearly states a MUST (which isn't > > that clearly stated in the definition of EHLO in RFC2821, I'll grant > > that:-). And in the DISCUSSION you see that the standard even suggest > > rejection on *pure bad formatting* as a very viable option, with a > > well-defined return. 2821 obsoletes (among others) and updates 1123, > > so ... this is clearly a MUST and not SHOULD. > > Go ahead and start using this Matt, it is very effective;-). > > One thing, by your own citation, you MUST NOT use the verification of the HELO > to refuse a message. > > So, using such validation to refuse mail is RFC non-compliant. The magic is in: ----- Note also that the HELO argument is still required to have valid syntax, since it will appear in a Received: line; otherwise, a 501 error is to be sent. ----- ... which is a bit further down. Your quote below is in regard to doing an MX lookup on the string. > > ------------ > > However, the > > receiver MUST NOT refuse to accept a message, even if the > > sender's HELO command fails verification. > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jan 18 10:30:34 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 18 10:30:45 2008 Subject: How to know if I'm blacklisted (SOLVED) In-Reply-To: <28272352.9261200596126102.JavaMail.root@office.splatnix.net> References: <28272352.9261200596126102.JavaMail.root@office.splatnix.net> Message-ID: <223f97700801180230l2824193dv4e17e36b0e351fd9@mail.gmail.com> On 17/01/2008, --[ UxBoD ]-- wrote: > Hi Juan, > > If you have learnt something then fantastic :) we all start somewhere and everybody on this list is at a different level. End of the day somebody will always know more than yourself, and as a community which shares knowledge we all benefit and help others. That is the the sheer beauty of OSS. I am sure Matt will appreciate your public comments of thanks. Nice one Matt. > > Regards, > CC on that Phil! Although Matt hasn't seen the light (yet) when it comes to rejecting based on malformed/incorrect domain names and/or domain literals in the HELO/EHLO (he'll get there eventually:-), there is no argument from me that the rest of his post is very useful for a beginner mail adm. You've got a lot of reading ahead Juan, hope you enjoy it! Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jplorier at montecarlotv.com.uy Fri Jan 18 13:23:22 2008 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Fri Jan 18 12:31:47 2008 Subject: How to know if I'm blacklisted In-Reply-To: <200801181201.m0IC0HjB026194@safir.blacknight.ie> Message-ID: Hi Glenn, Thank you too for the advise. In fact, I've got lots to read in many other areas too, so I think I just get to a middle knowledge in thins mail matter because other things need to be attended too. But as Phil pointed out, I hope I can keep helping other beginners with my low level knowledge and relay in all you guys for the hard ones. Thanks again for the effort you all did to "enlighten" me. From P.G.M.Peters at utwente.nl Fri Jan 18 12:53:05 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Fri Jan 18 12:53:20 2008 Subject: Happy Birthday Julian In-Reply-To: <478E5FE3.4080504@ecs.soton.ac.uk> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> <478E5FE3.4080504@ecs.soton.ac.uk> Message-ID: <4790A131.8030100@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote on 16-1-2008 20:49: | If you are feeling particularly wealthy, my wish list is always available at | http://www.amazon.co.uk/gp/registry/wishlist/1W99HT2WWW5PB I checked it out but found some strange things on the site (next to not accepting my login credentials). A book I was looking at for a friend was 115 Pounds while amazon.com sold the same book for $16. I'll try again later. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHkKExelLo80lrIdIRAsuDAJ9iEY0/Z3mDphxnIIx8aui4zDuKlACfX1pY yoXKlKuK2Ki3n3LQt0oW1C0= =GLWT -----END PGP SIGNATURE----- From ajos1 at onion.demon.co.uk Fri Jan 18 13:00:35 2008 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Fri Jan 18 13:00:47 2008 Subject: How to know if I'm blacklisted Message-ID: - Re: How to know if I'm blacklisted I used this... "Spam Database Lookup" on http://member.dnsstuff.com/pages/tools.php == ===================================================================== = = "What's it called when you put off procrastinating?" = ===================================================================== = Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid??? = Call... +44 8457 90 90 90 http://www.samaritans.org/ ===================================================================== From MailScanner at ecs.soton.ac.uk Fri Jan 18 13:51:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 18 13:51:41 2008 Subject: Happy Birthday Julian In-Reply-To: <4790A131.8030100@utwente.nl> References: <625385e30801161003o7f6ebb36l9f32e3d751ef54e9@mail.gmail.com> <478E5FE3.4080504@ecs.soton.ac.uk> <4790A131.8030100@utwente.nl> Message-ID: <4790AED4.2080307@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Peters wrote: > * PGP Signed by an unverified key: 01/18/08 at 12:53:05 > > Julian Field wrote on 16-1-2008 20:49: > > | If you are feeling particularly wealthy, my wish list is always > available at > | http://www.amazon.co.uk/gp/registry/wishlist/1W99HT2WWW5PB > > I checked it out but found some strange things on the site (next to not > accepting my login credentials). A book I was looking at for a friend > was 115 Pounds while amazon.com sold the same book for $16. All looks okay for me at the moment, presumably they've fixed whatever was wrong. > > I'll try again later. Thanks! > > -- > Peter Peters, Teamleider Unix/Linux-Beheer > ICT-Servicecentrum > Universiteit Twente, Postbus 217, 7500 AE Enschede > Telefoon 053 489 2301, Fax 053 489 2383, > P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts > > * Peter Peters > * 0x496B21D2 - Unverified(L) > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHkK7VEfZZRxQVtlQRAvksAJoDVKM4b/at+hABrKkQ3g4Njjy/jgCgtMaZ kwGpuLGHtAcgK+Wo0zJg1Ds= =kNjh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rpoe at plattesheriff.org Fri Jan 18 17:30:56 2008 From: rpoe at plattesheriff.org (Rob Poe) Date: Fri Jan 18 17:31:35 2008 Subject: Web Mail Client In-Reply-To: <478D0596.5020403@vanderkooij.org> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D0596.5020403@vanderkooij.org> Message-ID: <47908E69.65ED.00A2.0@plattesheriff.org> There is a Squirrelmail Outlook skin .. It makes SM almost tolerable .. :) But I think it's an older version of SM ...... >>> Hugo van der Kooij 1/15/2008 1:12 PM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Phil Udel wrote: | Can anyone suggest a Web Mail Client. I have been using SquirrelMail | for years. | Management wants a client with a Outlook fell. Then install Outlook Web Access. Of course you need to run Exchange for this. But what the heck. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHjQWUBvzDRVjxmYERApaAAJwOnMzqYA7K8yXkN/s9XYqvMqqDwQCgjyT1 mTHD0X0NmM4vJj/7YFpvlk0= =lbcq -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From rpoe at plattesheriff.org Fri Jan 18 17:31:44 2008 From: rpoe at plattesheriff.org (Rob Poe) Date: Fri Jan 18 17:32:08 2008 Subject: Web Mail Client In-Reply-To: <478D085B.5080406@konsultex.com.br> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> <478D085B.5080406@konsultex.com.br> Message-ID: <47908E9A.65ED.00A2.0@plattesheriff.org> My problem with OWM is that there have been a few pretty big problems (not security, but more functionality wise), and last I saw it seemed as though development (bug fixes) were slow... >>> "Miguel Koren O'Brien de Lacy" 1/15/2008 1:24 PM >>> I can recommend Openwebmail We use it in a few locations and have been using it for about 6 years. Phil Udel escreveu: Can anyone suggest a Web Mail Client. I have been using SquirrelMail for years. Management wants a client with a Outlook fell. Anyway, I was looking at openwebmail but don;t really know that much about it. -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -- Esta mensagem foi verificada pelo sistema de antivrus e acredita-se estar livre de perigo. From mkettler at evi-inc.com Fri Jan 18 18:18:47 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jan 18 18:19:09 2008 Subject: How to know if I'm blacklisted In-Reply-To: <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> <478FDB4D.5060900@evi-inc.com> <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> Message-ID: <4790ED87.7030709@evi-inc.com> Glenn Steen wrote: >> >> So, using such validation to refuse mail is RFC non-compliant. > > The magic is in: > ----- > Note also that the HELO argument is still required to have > valid syntax, since it will appear in a Received: > line; otherwise, a 501 error is to be sent. > ----- Fair enough, so you can deny it if it doesn't conform to the domain syntax. Note this doesn't mean it must be resolvable, or even be a valid domain, it just has to logically conform to the syntax requirements of a domain. "mail2.canal4" is valid domain syntax, even if it's not a valid domain. > ... which is a bit further down. Your quote below is in regard to > doing an MX lookup on the string. Or any DNS lookup. It would appear the only time you can refuse is if it's syntactically invalid. > >>> ------------ >>> However, the >>> receiver MUST NOT refuse to accept a message, even if the >>> sender's HELO command fails verification. >>> > > Cheers From mkettler at evi-inc.com Fri Jan 18 18:26:20 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Jan 18 18:26:39 2008 Subject: How to know if I'm blacklisted (SOLVED) In-Reply-To: References: Message-ID: <4790EF4C.9020607@evi-inc.com> Juan Pablo Lorier wrote: > Hi everybody, > > Thanks for your help, especially to Matt Kettler who really took some > time to research things for me. > Matt, I know the header is wrong, but in fact is a testing server that > made it's way to production when we had our mail server to crash, so > configs are not what should be. As I use Scalix as mail server, it's not > that easy to change hostname and settings so what we are doing is > building a real server to change the emergency one. > Thanks again for the great info you gave me, I'm also quite new in this > mail stuff and I've been realizing for some time that is a world in it's > own, so the best of your answer is that I learnt a lot from it. > Thanks and regards. You're welcome, and thank you. It's also given me an opportunity to explore some of the actual requirements with Glenn. Which is good. I've now learned it is legal to refuse them if they're syntactically invalid, because such a HELO would cause your server to violate format requirements for Received: headers. The rest, we're still exploring. It will be interesting to see where we end up. From uxbod at splatnix.net Fri Jan 18 20:34:29 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Fri Jan 18 20:34:49 2008 Subject: Web Mail Client In-Reply-To: <47908E9A.65ED.00A2.0@plattesheriff.org> Message-ID: <8416705.9591200688469625.JavaMail.root@office.splatnix.net> If you want full collaboration then the FOSS of Zimbra all the way for me! Put MS infront and what a combination :D Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Rob Poe" wrote: > My problem with OWM is that there have been a few pretty big problems > (not security, but more functionality wise), and last I saw it seemed > as > though development (bug fixes) were slow... > > > > >>> "Miguel Koren O'Brien de Lacy" > 1/15/2008 > 1:24 PM >>> > I can recommend Openwebmail We use it in a few locations and have > been > using it for about 6 years. > > Phil Udel escreveu: > > Can anyone suggest a Web Mail Client. I have been using SquirrelMail > for years. > Management wants a client with a Outlook fell. > > Anyway, I was looking at openwebmail but don;t really know that much > about it. > > > -- > Esta mensagem foi verificada pelo sistema de antiv?rus e > acredita-se estar livre de perigo. > -- > Esta mensagem foi verificada pelo sistema de antivrus e > acredita-se estar livre de perigo. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rpotter at rpcs.net Sat Jan 19 04:03:43 2008 From: rpotter at rpcs.net (rpotter) Date: Sat Jan 19 04:04:11 2008 Subject: OT: Web Mail Client In-Reply-To: <478F8579.9000905@ecs.soton.ac.uk> References: <478F8579.9000905@ecs.soton.ac.uk> Message-ID: On Thu, 17 Jan 2008 16:42:33 +0000, Julian Field wrote: >> Julian Field wrote: >>> OT as ever :-) >>> Check out roundcube. Lots of very clever Javascript. >>> >> >> Julian, >> >> Have you used this before as it's very new , and do you feel it's >> suitable for enterprise/production sites? > I've used it since it was very first launched. It's certainly suitable > for us, works very nicely and the users like it too. My 2p worth. I setup a spare server today, with roundcube. I'm going to give my users the option to test it out and compare it to squirrelmail. To be honest, I never really gave much thought to changing from squirrelmail. After reading comments on this list, I decided to check it out. The "eye candy" seems nicer, setup was a breeze, so we will see. This is after 1 hour of testing, so don't take my word for it. :-) Me, I use mutt over ssh so I really don't care. But.... I am posting this from roundcube as part of my testing. Richard From glenn.steen at gmail.com Sat Jan 19 08:52:47 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jan 19 08:53:00 2008 Subject: How to know if I'm blacklisted In-Reply-To: <4790ED87.7030709@evi-inc.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> <478FDB4D.5060900@evi-inc.com> <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> <4790ED87.7030709@evi-inc.com> Message-ID: <223f97700801190052q4f494d37k11a2d972ef3339bf@mail.gmail.com> On 18/01/2008, Matt Kettler wrote: > Glenn Steen wrote: > > >> > >> So, using such validation to refuse mail is RFC non-compliant. > > > > The magic is in: > > ----- > > Note also that the HELO argument is still required to have > > valid syntax, since it will appear in a Received: > > line; otherwise, a 501 error is to be sent. > > ----- > > Fair enough, so you can deny it if it doesn't conform to the domain syntax. > > > Note this doesn't mean it must be resolvable, or even be a valid domain, it just > has to logically conform to the syntax requirements of a domain. "mail2.canal4" > is valid domain syntax, even if it's not a valid domain. > > > > ... which is a bit further down. Your quote below is in regard to > > doing an MX lookup on the string. > > Or any DNS lookup. It would appear the only time you can refuse is if it's > syntactically invalid. > Yes. Exactly. One such invalidity is to use an email address syntax (...@....), which an amazing amount of spam senders use that. One can argue about what is deemed a valid domain name, from a syntactical viewpoint.... For instance, a bare word (xxxxx) isn't syntactically correct either. Fortunate that the RFCs are pretty clear on that too:-) Hm. Perhaps one shouldn't be talking about this in a public forum.... the B*stards might get a clue:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Jan 19 09:02:58 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jan 19 09:03:08 2008 Subject: How to know if I'm blacklisted (SOLVED) In-Reply-To: <4790EF4C.9020607@evi-inc.com> References: <4790EF4C.9020607@evi-inc.com> Message-ID: <223f97700801190102r102c8fc7nf248a309f36fd024@mail.gmail.com> On 18/01/2008, Matt Kettler wrote: > Juan Pablo Lorier wrote: > > Hi everybody, > > > > Thanks for your help, especially to Matt Kettler who really took some > > time to research things for me. > > Matt, I know the header is wrong, but in fact is a testing server that > > made it's way to production when we had our mail server to crash, so > > configs are not what should be. As I use Scalix as mail server, it's not > > that easy to change hostname and settings so what we are doing is > > building a real server to change the emergency one. > > Thanks again for the great info you gave me, I'm also quite new in this > > mail stuff and I've been realizing for some time that is a world in it's > > own, so the best of your answer is that I learnt a lot from it. > > Thanks and regards. > > > You're welcome, and thank you. > > It's also given me an opportunity to explore some of the actual requirements > with Glenn. Which is good. > > I've now learned it is legal to refuse them if they're syntactically invalid, > because such a HELO would cause your server to violate format requirements for > Received: headers. > > The rest, we're still exploring. It will be interesting to see where we end up. > Unfortunately, that is likely as far as we'll get... But that in and of itself isn't bad... That one can use a cheap syntactical check to refuse crud is ... very good indeed. I'll give you some numbers, come Monday... There used to be quite a few valid senders falling afoul of stuff like this, but ... a friendly reminder to be RFC-compliant to the admin usually sorted that, so now... It's (almost) only spammers falling afoul of this. We'll see, perhaps there is more to be found in the treasure trove of RFCs:-):-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.freegard at fsl.com Sat Jan 19 11:42:11 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Sat Jan 19 11:38:33 2008 Subject: How to know if I'm blacklisted (SOLVED) In-Reply-To: <223f97700801190102r102c8fc7nf248a309f36fd024@mail.gmail.com> References: <4790EF4C.9020607@evi-inc.com> <223f97700801190102r102c8fc7nf248a309f36fd024@mail.gmail.com> Message-ID: <4791E213.30302@fsl.com> Glenn Steen wrote: >> I've now learned it is legal to refuse them if they're syntactically invalid, >> because such a HELO would cause your server to violate format requirements for >> Received: headers. >> >> The rest, we're still exploring. It will be interesting to see where we end up. >> > Unfortunately, that is likely as far as we'll get... But that in and > of itself isn't bad... That one can use a cheap syntactical check to > refuse crud is ... very good indeed. > I'll give you some numbers, come Monday... There used to be quite a > few valid senders falling afoul of stuff like this, but ... a friendly > reminder to be RFC-compliant to the admin usually sorted that, so > now... It's (almost) only spammers falling afoul of this. This isn't too prevalent any more - these stats are from a large hosting provider for almost the last 2 days: 214-2.0.0 age=148851 (01 17:20:51) 214-2.0.0 004 CLIENTS=584847 (100.00%) 214-2.0.0 031 rfc2821-strict-helo=1840 (0.31%) And the top 10 HELO strings over the same period: 63 HELO billgates argument must be a FQDN or IP-domain literal 28 HELO 193.138.156.135 argument must be a FQDN or IP-domain literal 25 HELO mailing argument must be a FQDN or IP-domain literal 25 HELO 7E440737996447C argument must be a FQDN or IP-domain literal 20 HELO ZZWLINE argument must be a FQDN or IP-domain literal 20 HELO xc5 argument must be a FQDN or IP-domain literal 20 HELO tr4juyu argument must be a FQDN or IP-domain literal 20 HELO OEM-MICRO argument must be a FQDN or IP-domain literal 20 HELO image argument must be a FQDN or IP-domain literal 15 HELO sr-forever argument must be a FQDN or IP-domain literal But - it is still a good, cheap test as that is potentially 1840 messages that didn't need to go through SpamAssassin. Greeting pause is still better though (and almost as cheap): 214-2.0.0 037 smtp-greet-pause=7309 (1.25%) Cheers, Steve. From lhaig at haigmail.com Sat Jan 19 15:16:56 2008 From: lhaig at haigmail.com (Lance Haig) Date: Sat Jan 19 15:16:00 2008 Subject: Web Mail Client In-Reply-To: <8416705.9591200688469625.JavaMail.root@office.splatnix.net> References: <8416705.9591200688469625.JavaMail.root@office.splatnix.net> Message-ID: <47921468.1070201@haigmail.com> --[ UxBoD ]-- wrote: > If you want full collaboration then the FOSS of Zimbra all the way for me! Put MS infront and what a combination :D > > Regards, > And Soon Bongo will be a a featured product :-) Lance From glenn.steen at gmail.com Sat Jan 19 16:30:59 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jan 19 16:31:10 2008 Subject: How to know if I'm blacklisted (SOLVED) In-Reply-To: <4791E213.30302@fsl.com> References: <4790EF4C.9020607@evi-inc.com> <223f97700801190102r102c8fc7nf248a309f36fd024@mail.gmail.com> <4791E213.30302@fsl.com> Message-ID: <223f97700801190830h51797dc6sd498ffa28923feae@mail.gmail.com> On 19/01/2008, Steve Freegard wrote: > Glenn Steen wrote: > >> I've now learned it is legal to refuse them if they're syntactically invalid, > >> because such a HELO would cause your server to violate format requirements for > >> Received: headers. > >> > >> The rest, we're still exploring. It will be interesting to see where we end up. > >> > > Unfortunately, that is likely as far as we'll get... But that in and > > of itself isn't bad... That one can use a cheap syntactical check to > > refuse crud is ... very good indeed. > > I'll give you some numbers, come Monday... There used to be quite a > > few valid senders falling afoul of stuff like this, but ... a friendly > > reminder to be RFC-compliant to the admin usually sorted that, so > > now... It's (almost) only spammers falling afoul of this. > > This isn't too prevalent any more - these stats are from a large hosting > provider for almost the last 2 days: > > 214-2.0.0 age=148851 (01 17:20:51) > 214-2.0.0 004 CLIENTS=584847 (100.00%) > 214-2.0.0 031 rfc2821-strict-helo=1840 (0.31%) > > And the top 10 HELO strings over the same period: > > 63 HELO billgates argument must be a FQDN or IP-domain literal > 28 HELO 193.138.156.135 argument must be a FQDN or IP-domain literal > 25 HELO mailing argument must be a FQDN or IP-domain literal > 25 HELO 7E440737996447C argument must be a FQDN or IP-domain literal > 20 HELO ZZWLINE argument must be a FQDN or IP-domain literal > 20 HELO xc5 argument must be a FQDN or IP-domain literal > 20 HELO tr4juyu argument must be a FQDN or IP-domain literal > 20 HELO OEM-MICRO argument must be a FQDN or IP-domain literal > 20 HELO image argument must be a FQDN or IP-domain literal > 15 HELO sr-forever argument must be a FQDN or IP-domain literal > > But - it is still a good, cheap test as that is potentially 1840 > messages that didn't need to go through SpamAssassin. Exactly my point:-). Sure, other things may drop more, but as long as it drops some (and yes, I've seen it declining in relative percentage too, although the general increase of volume keep the amount about the same), it's worth it. > Greeting pause is > still better though (and almost as cheap): > > 214-2.0.0 037 smtp-greet-pause=7309 (1.25%) But ... that was 1840 making it past greet_pause, so ... you really don't know how many of those 7309 would've run afoul of the rfc strictness... or not:-). The problem with stats, how to interprete 'em:-/. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.freegard at fsl.com Sat Jan 19 17:16:26 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Sat Jan 19 17:12:46 2008 Subject: How to know if I'm blacklisted (SOLVED) In-Reply-To: <223f97700801190830h51797dc6sd498ffa28923feae@mail.gmail.com> References: <4790EF4C.9020607@evi-inc.com> <223f97700801190102r102c8fc7nf248a309f36fd024@mail.gmail.com> <4791E213.30302@fsl.com> <223f97700801190830h51797dc6sd498ffa28923feae@mail.gmail.com> Message-ID: <4792306A.5050605@fsl.com> Glenn Steen wrote: >> But - it is still a good, cheap test as that is potentially 1840 >> messages that didn't need to go through SpamAssassin. > Exactly my point:-). > Sure, other things may drop more, but as long as it drops some (and > yes, I've seen it declining in relative percentage too, although the > general increase of volume keep the amount about the same), it's worth > it. > >> Greeting pause is >> still better though (and almost as cheap): >> >> 214-2.0.0 037 smtp-greet-pause=7309 (1.25%) > But ... that was 1840 making it past greet_pause, so ... you really > don't know how many of those 7309 would've run afoul of the rfc > strictness... or not:-). The problem with stats, how to interprete > 'em:-/. Yes - a very good point. We have the ability to 'delay' all pre-DATA test actions, so that they are reported for each RCPT (this is for whitelisting/reporting purposes); however this is new, so the stats quoted were on a site that doesn't use this (this beings it's own problem of interpretation issues where one connection trips lots of pre-DATA tests). Stats at the SMTP phase are *much* harder to report and interpret than post-queue (especially when you consider greylisting). Anyway - I digress, IMO greet-pause is a more reliable indicator than strict-helo testing and would recommend everybody to use both ;-) Cheers, Steve. From apu at nocservices.com Sun Jan 20 07:44:54 2008 From: apu at nocservices.com (Apu) Date: Sun Jan 20 07:45:10 2008 Subject: CL_SCAN_PHISHING_DOMAINLIST error Message-ID: <4792FBF6.4070206@nocservices.com> Hi, I upgraded our CentOS 4.6 system from MailScanner 4.58.9-1 to 4.66.5-3 tonight, following the instructions at http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm Now I am getting the following error in /var/log/maillog: Commercial virus checker failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm line 112. which seems similar to that Gareth, et. al. had back in August 2007 (see http://lists.mailscanner.info/pipermail/mailscanner/2007-August/077035.html) though I verified that CL_SCAN_PHISHING_DOMAINLIST does appear (in two places) in the new SweepViruses.pm. I'm sure I'm missing something simple - but I'm not sure what. Thanks in advance, -- Apu NOC Services Corp. www.nocservices.com From glenn.steen at gmail.com Sun Jan 20 11:00:31 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jan 20 11:00:41 2008 Subject: CL_SCAN_PHISHING_DOMAINLIST error In-Reply-To: <4792FBF6.4070206@nocservices.com> References: <4792FBF6.4070206@nocservices.com> Message-ID: <223f97700801200300v361b257em47915e596c3def75@mail.gmail.com> On 20/01/2008, Apu wrote: > Hi, > > I upgraded our CentOS 4.6 system from MailScanner 4.58.9-1 to 4.66.5-3 > tonight, following the instructions at > http://wiki.mailscanner.info/doku.php?id=maq:index#upgrade_rpm > > Now I am getting the following error in /var/log/maillog: > > Commercial virus checker failed with real error: Invalid function > CL_SCAN_PHISHING_DOMAINLIST at > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm > line 112. > > which seems similar to that Gareth, et. al. had back in August 2007 (see > http://lists.mailscanner.info/pipermail/mailscanner/2007-August/077035.html) > though I verified that CL_SCAN_PHISHING_DOMAINLIST does appear (in two > places) in the new SweepViruses.pm. > > I'm sure I'm missing something simple - but I'm not sure what. > > Thanks in advance, > Did you remember to upgrade Mail-ClamAV as well? Perhaps by way of Jules nice clam+SA package? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From apu at nocservices.com Sun Jan 20 17:45:09 2008 From: apu at nocservices.com (Apu) Date: Sun Jan 20 17:45:28 2008 Subject: CL_SCAN_PHISHING_DOMAINLIST error In-Reply-To: <223f97700801200300v361b257em47915e596c3def75@mail.gmail.com> References: <4792FBF6.4070206@nocservices.com> <223f97700801200300v361b257em47915e596c3def75@mail.gmail.com> Message-ID: <479388A5.5090200@nocservices.com> Glenn Steen wrote, On 1/20/08 6:00 AM: > Did you remember to upgrade Mail-ClamAV as well? Perhaps by way of > Jules nice clam+SA package? Installed install-Clam-0.92-SA-3.2.4 though I admit I overlooked it originally as it blended in with the packages of MailScanner for other OSes on the website. In retrospect, the problem was probably that I restarted MailScanner after its upgrade but while Clam+SA was still compiling/installing. I thought Clam was used in child processes for each batch of mail, not loaded by the main MailScanner process. Restarting MailScanner again after everything was in place solved the problem. -- Apu NOC Services Corp. www.nocservices.com From jlcostinha at halla.pt Mon Jan 21 08:46:11 2008 From: jlcostinha at halla.pt (Jorge Costinha) Date: Mon Jan 21 08:46:36 2008 Subject: Web Mail Client In-Reply-To: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> References: <000f01c857a9$0487d740$6102a8c0@salemcorp.com> Message-ID: <47945BD3.2060007@halla.pt> while ago i had the same problem. had to find a better webmail client. i found HORDE (http://www.horde.org) that completly solve my problem. very nice layout with a ton of features... 5 stars! easy to implement! good luck Jorge Phil Udel wrote: > Can anyone suggest a Web Mail Client. I have been using SquirrelMail > for years. > Management wants a client with a Outlook fell. > > Anyway, I was looking at openwebmail but don;t really know that much > about it. > > ------------------------------------------------------------------------ > > This message has been scanned for viruses and dangerous content by HCC > Mailscanner, and is believed to be clean. > Server: mail.halla.pt > ------------------------------------------------------------------------ > > This message has been scanned for viruses and dangerous content by HCC > MailScanner, and is believed to be clean. > Server: mx.halla.pt (mailbox) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080121/4da570ea/attachment.html From mkettler at evi-inc.com Mon Jan 21 16:49:52 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jan 21 16:50:19 2008 Subject: How to know if I'm blacklisted In-Reply-To: <223f97700801190052q4f494d37k11a2d972ef3339bf@mail.gmail.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> <478FDB4D.5060900@evi-inc.com> <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> <4790ED87.7030709@evi-inc.com> <223f97700801190052q4f494d37k11a2d972ef3339bf@mail.gmail.com> Message-ID: <4794CD30.2000906@evi-inc.com> Glenn Steen wrote: > Yes. Exactly. One such invalidity is to use an email address syntax > (...@....), which an amazing amount of spam senders use that. > One can argue about what is deemed a valid domain name, from a > syntactical viewpoint.... For instance, a bare word (xxxxx) isn't > syntactically correct either. Fortunate that the RFCs are pretty clear > on that too:-) I see a lot of spam and viruses with the bare hostname, but haven't seen any with the @ sign.. maybe I'll have to look harder.. > Hm. Perhaps one shouldn't be talking about this in a public forum.... > the B*stards might get a clue:-). Well, first we need the legitimate server operators to get a clue. Unfortunately, a quick glance at my own email finds several legitimate senders that are using bare hostnames. Many I don't really care about normally, but I sometimes need email from them when using their tech support. (ie: APC) From paul at blacknight.ie Mon Jan 21 21:25:29 2008 From: paul at blacknight.ie (Paul Kelly:: Blacknight) Date: Mon Jan 21 21:25:49 2008 Subject: SA 3.2.4 lint output oddity Message-ID: <47950DC9.2040202@blacknight.ie> Hi All, On the last 2 machines I've installed I'm seeing the following output from running: MailScanner --debug --debug-sa [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency 'URIBL_SBL' [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency 'URIBL_SC_SURBL' [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency 'URIBL_WS_SURBL' [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency 'URIBL_PH_SURBL' [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency 'URIBL_OB_SURBL' [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency 'URIBL_AB_SURBL' [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency 'URIBL_JP_SURBL' [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency 'RCVD_IN_SORBS_DUL' There are more, but I said there's isn't much point in pasting them all. Any idea a) why they are appearing and what I might be missing? I've satisfied mailscanners perl module tastes, i.e. output from MailScanner -V is happy that most perl modules are installed. I also note, I've not seen any URIBL hits at all in the logs but this could easily be because there isn't huge volumes of mail going through the system yet. But again I could be missing something. For reference MailScanner -V output is here: http://pastebin.com/m28041620 Any thoughts? thanks, Paul -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Tel: +353 (0) 59 9183072 Lo-call: 1850 929 929 DDI: +353 (0) 59 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From MailScanner at ecs.soton.ac.uk Mon Jan 21 21:50:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 21 21:50:48 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: <47950DC9.2040202@blacknight.ie> References: <47950DC9.2040202@blacknight.ie> Message-ID: <4795139D.9070708@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is your debug output showing that it's reading /usr/share/spamassassin or /var/lib/spamassassin? The output is caused by this rule in KAM.cf: meta KAM_RPTR_PASSED (__KAM_RPTR_PASSED && (URIBL_SBL + URIBL_SC_SURBL + URIBL_WS_SURBL + URIBL_PH_SURBL + URIBL_OB_SURBL + URIBL_AB_SURBL + URIBL_JP_SURBL + RCVD_IN_BL_SPAMCOP_NET + RCVD_IN_SORBS_DUL + RCVD_IN_XBL + KAM_SPAMJDR < 1)) and for some reason it isn't finding the URIBL_SBL definition in 25_uribl.cf:body URIBL_SBL eval:check_uridnsbl('URIBL_SBL') Is anyone else seeing the same behaviour? Paul Kelly:: Blacknight wrote: > Hi All, > > On the last 2 machines I've installed I'm seeing the following output > from running: > > MailScanner --debug --debug-sa > > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_SBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_SC_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_WS_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_PH_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_OB_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_AB_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_JP_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'RCVD_IN_SORBS_DUL' > > There are more, but I said there's isn't much point in pasting them all. > > Any idea a) why they are appearing and what I might be missing? I've > satisfied mailscanners perl module tastes, i.e. output from > MailScanner -V is happy that most perl modules are installed. > > I also note, I've not seen any URIBL hits at all in the logs but this > could easily be because there isn't huge volumes of mail going through > the system yet. But again I could be missing something. > > For reference MailScanner -V output is here: > http://pastebin.com/m28041620 > > Any thoughts? > > thanks, > > Paul Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHlROkEfZZRxQVtlQRAnjKAJ41hoETittNWFpdYMomOX81k0cXRQCfegW2 EDMWKIqsWcjIoPej73pO//0= =P5Ro -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doc at maddoc.net Mon Jan 21 21:52:24 2008 From: doc at maddoc.net (Doc Schneider) Date: Mon Jan 21 21:53:02 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: <47950DC9.2040202@blacknight.ie> References: <47950DC9.2040202@blacknight.ie> Message-ID: <47951418.804@maddoc.net> Paul Kelly:: Blacknight wrote: > Hi All, > > On the last 2 machines I've installed I'm seeing the following output > from running: > > MailScanner --debug --debug-sa > > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_SBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_SC_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_WS_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_PH_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_OB_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_AB_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'URIBL_JP_SURBL' > [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency > 'RCVD_IN_SORBS_DUL' > > There are more, but I said there's isn't much point in pasting them all. > > Any idea a) why they are appearing and what I might be missing? I've > satisfied mailscanners perl module tastes, i.e. output from MailScanner > -V is happy that most perl modules are installed. > > I also note, I've not seen any URIBL hits at all in the logs but this > could easily be because there isn't huge volumes of mail going through > the system yet. But again I could be missing something. > > For reference MailScanner -V output is here: > http://pastebin.com/m28041620 > > Any thoughts? > > thanks, > > Paul Paul, Make sure you're /etc/mail/spamassassin/init.pre has loadplugin Mail::SpamAssassin::Plugin::URIDNSBL Then I'd also restart MailScanner. FWIW: Those are in 25_uribl.cf in the standard location for SpamAssassin. -- -Doc Lincoln, NE. http://www.fsl.com http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From doc at maddoc.net Mon Jan 21 22:07:45 2008 From: doc at maddoc.net (Doc Schneider) Date: Mon Jan 21 22:08:28 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: <4795139D.9070708@ecs.soton.ac.uk> References: <47950DC9.2040202@blacknight.ie> <4795139D.9070708@ecs.soton.ac.uk> Message-ID: <479517B1.5030003@maddoc.net> Julian Field wrote: > Is your debug output showing that it's reading /usr/share/spamassassin > or /var/lib/spamassassin? > The output is caused by this rule in KAM.cf: > meta KAM_RPTR_PASSED (__KAM_RPTR_PASSED && (URIBL_SBL + > URIBL_SC_SURBL + URIBL_WS_SURBL + URIBL_PH_SURBL + URIBL_OB_SURBL + > URIBL_AB_SURBL + URIBL_JP_SURBL + RCVD_IN_BL_SPAMCOP_NET + > RCVD_IN_SORBS_DUL + RCVD_IN_XBL + KAM_SPAMJDR < 1)) > > and for some reason it isn't finding the URIBL_SBL definition in > 25_uribl.cf:body URIBL_SBL eval:check_uridnsbl('URIBL_SBL') > > Is anyone else seeing the same behaviour? > > > Jules > Not seeing it here. And I do run the KAM.cf. -- -Doc Lincoln, NE. http://www.fsl.com http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From ms-list at alexb.ch Mon Jan 21 22:10:25 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Jan 21 22:10:52 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: <47951418.804@maddoc.net> References: <47950DC9.2040202@blacknight.ie> <47951418.804@maddoc.net> Message-ID: <47951851.30300@alexb.ch> On 1/21/2008 10:52 PM, Doc Schneider wrote: > Paul Kelly:: Blacknight wrote: >> Hi All, >> >> On the last 2 machines I've installed I'm seeing the following output >> from running: >> >> MailScanner --debug --debug-sa >> >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_SBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_SC_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_WS_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_PH_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_OB_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_AB_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_JP_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'RCVD_IN_SORBS_DUL' >> >> There are more, but I said there's isn't much point in pasting them all. >> >> Any idea a) why they are appearing and what I might be missing? I've >> satisfied mailscanners perl module tastes, i.e. output from MailScanner >> -V is happy that most perl modules are installed. >> >> I also note, I've not seen any URIBL hits at all in the logs but this >> could easily be because there isn't huge volumes of mail going through >> the system yet. But again I could be missing something. >> >> For reference MailScanner -V output is here: >> http://pastebin.com/m28041620 >> >> Any thoughts? >> >> thanks, >> >> Paul > > Paul, > > Make sure you're /etc/mail/spamassassin/init.pre has > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > Then I'd also restart MailScanner. > > FWIW: Those are in 25_uribl.cf in the standard location for SpamAssassin. afaik, network tests are disable during --lint - would this be the issue? Alex From paul at blacknight.ie Mon Jan 21 22:58:17 2008 From: paul at blacknight.ie (Paul Kelly:: Blacknight) Date: Mon Jan 21 22:58:35 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: <4795139D.9070708@ecs.soton.ac.uk> References: <47950DC9.2040202@blacknight.ie> <4795139D.9070708@ecs.soton.ac.uk> Message-ID: <47952389.9020302@blacknight.ie> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is your debug output showing that it's reading /usr/share/spamassassin > or /var/lib/spamassassin? > The output is caused by this rule in KAM.cf: > meta KAM_RPTR_PASSED (__KAM_RPTR_PASSED && (URIBL_SBL + > URIBL_SC_SURBL + URIBL_WS_SURBL + URIBL_PH_SURBL + URIBL_OB_SURBL + > URIBL_AB_SURBL + URIBL_JP_SURBL + RCVD_IN_BL_SPAMCOP_NET + > RCVD_IN_SORBS_DUL + RCVD_IN_XBL + KAM_SPAMJDR < 1)) > > and for some reason it isn't finding the URIBL_SBL definition in > 25_uribl.cf:body URIBL_SBL eval:check_uridnsbl('URIBL_SBL') > > Is anyone else seeing the same behaviour? > > Paul Kelly:: Blacknight wrote: >> Hi All, >> >> On the last 2 machines I've installed I'm seeing the following output >> from running: >> >> MailScanner --debug --debug-sa >> >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_SBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_SC_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_WS_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_PH_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_OB_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_AB_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'URIBL_JP_SURBL' >> [8786] dbg: rules: meta test KAM_RPTR_PASSED has undefined dependency >> 'RCVD_IN_SORBS_DUL' >> >> There are more, but I said there's isn't much point in pasting them all. >> >> Any idea a) why they are appearing and what I might be missing? I've >> satisfied mailscanners perl module tastes, i.e. output from >> MailScanner -V is happy that most perl modules are installed. >> >> I also note, I've not seen any URIBL hits at all in the logs but this >> could easily be because there isn't huge volumes of mail going through >> the system yet. But again I could be missing something. >> >> For reference MailScanner -V output is here: >> http://pastebin.com/m28041620 After some fiddling I found I've not run sa-update, which in turn didn't have the correct GPG key installed. After installing the correct GPG key and running sa-update, followed by sa-compile all is now well. Mostly anyways. I'm seeing lots of URIBL, Razor2 and stuff in the logs on 3 machines that were recently updated to SA 3.2.4. My own fault for rushing through upgrades :) Paul >> >> Any thoughts? >> >> thanks, >> >> Paul > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHlROkEfZZRxQVtlQRAnjKAJ41hoETittNWFpdYMomOX81k0cXRQCfegW2 > EDMWKIqsWcjIoPej73pO//0= > =P5Ro > -----END PGP SIGNATURE----- > -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Tel: +353 (0) 59 9183072 Lo-call: 1850 929 929 DDI: +353 (0) 59 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From glenn.steen at gmail.com Tue Jan 22 09:27:52 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jan 22 09:28:03 2008 Subject: How to know if I'm blacklisted In-Reply-To: <4794CD30.2000906@evi-inc.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> <478FDB4D.5060900@evi-inc.com> <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> <4790ED87.7030709@evi-inc.com> <223f97700801190052q4f494d37k11a2d972ef3339bf@mail.gmail.com> <4794CD30.2000906@evi-inc.com> Message-ID: <223f97700801220127y54587a6k89b7a6597d94f52d@mail.gmail.com> On 21/01/2008, Matt Kettler wrote: > Glenn Steen wrote: > > Yes. Exactly. One such invalidity is to use an email address syntax > > (...@....), which an amazing amount of spam senders use that. > > One can argue about what is deemed a valid domain name, from a > > syntactical viewpoint.... For instance, a bare word (xxxxx) isn't > > syntactically correct either. Fortunate that the RFCs are pretty clear > > on that too:-) > > I see a lot of spam and viruses with the bare hostname, but haven't seen any > with the @ sign.. maybe I'll have to look harder.. > I promised some figures, so here they are: Yesterday I rejected 109 HELO/EHLO strings that contained an @. Compare this to the 2687 rejects on a bare word HELO/EHLO, and it doesn't seem much, agreed. But all simple things count;-). I also reject access to 77 attempts to HELO/EHLO with my servers domain name or IP address (NOT a domain literal, but the actual address), from "unknown" hosts on the Internet... This all on a total influx of approximately 7700 messages (of the ~4500 that get to MailScanner, 52% are deemed SPAM, ~98% of which are high scoring. There has been a shift... from rejections due to unknown recipient, to rejections due to malformed/invalid HELO/EHLO strings fro me... I've had this running for a few years now:-) I know, not that huge a volume, but think what this would mean for an SP...:-) > > Hm. Perhaps one shouldn't be talking about this in a public forum.... > > the B*stards might get a clue:-). > > > Well, first we need the legitimate server operators to get a clue. True. > Unfortunately, a quick glance at my own email finds several legitimate senders > that are using bare hostnames. > > Many I don't really care about normally, but I sometimes need email from them > when using their tech support. (ie: APC) Seems that all the remaining cases I do have where they simply get this wrong is from some kind of newsletter sender program, or badly botched mailing list software. Yesterday, WatchGuard (the FW company) got rejected for a bare word HELO/EHLO. Turns out one of their senders use the bare word MX4 while the rest use MX5.WATCHGUARD.COM etc. But the good thing is that with a rejection like this, the real MTAs and the real admins will get a notice, and will be able to do something about it. And if they persist, a friendly nudge (through a business channel, perhaps) usually take care of things:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gborders at balanceconsult.com Tue Jan 22 18:14:09 2008 From: gborders at balanceconsult.com (Greg Borders) Date: Tue Jan 22 18:16:09 2008 Subject: File name/type actions? Message-ID: <47963271.1010301@balanceconsult.com> Greetings fellow MailScanners! I've got an interesting question that was brought to my attention by a user. They recently had a file attachment that triggered one of the file type rules. (filename.rules.conf) And it was of course sent to the quarantine. In general, TheCompany doesn't want to block files, they want a notification that it triggered a rule, and still deliver it, just like the system can do for spam: Use SpamAssassin = yes # # What to do with spam # -------------------- # notify - Send the recipients a short notification Spam Actions = store deliver header "X-Spam-Status: Yes" Would it be possible to emulate this same action on the other set of filters/checks? (Namely the file name/type checks in this case.) Correct me if I'm wrong, but I think the file name/type checks are governed by the dangerous content setting: # # Removing/Logging dangerous or potentially offensive content # ----------------------------------------------------------- # # Do you want to scan the messages for potentially dangerous content? # Setting this to "no" will disable all the content-based checks except # Virus Scanning, Allow Partial Messages and Allow External Message Bodies. # This can also be the filename of a ruleset. Dangerous Content Scanning = yes It would be nice to have a simple add-on such as a new directive: Dangerous Content Actions = store notify deliver Thus emulate the same logic as the Spam Actions, but I know how Jules hates to add more to the conf file than necessary. Perhaps adding in a ruleset that points to a custom function is an option? Thanks in advance for your advice. Greg. Borders -- This email message and any document accompanying it may contain information intended only for the person(s) named. Any use, distribution, copying or disclosure by another person is strictly prohibited. NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: DISCLOSURE UNDER TREASURY CIRCULAR 230: Any tax advice included in this written or electronic communication was not intended or written to be used, and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer by any governmental taxing authority or agency. This written or electronic communication does not represent legal advice. Persons in need of a legal opinion should seek competent counsel. From MailScanner at ecs.soton.ac.uk Tue Jan 22 18:56:11 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 22 18:56:35 2008 Subject: File name/type actions? In-Reply-To: <47963271.1010301@balanceconsult.com> References: <47963271.1010301@balanceconsult.com> Message-ID: <47963C4B.5050605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Would you want a separate email, or a message prepended to the start of the email containing the problem attachment? The latter, I suspect. Unfortunately, this really isn't at all easy to do. I doubt I can do it, but I will take a look even so. Best regards, Jules. Greg Borders wrote: > > Greetings fellow MailScanners! I've got an interesting question that > was brought > to my attention by a user. They recently had a file attachment that > triggered > one of the file type rules. (filename.rules.conf) And it was of course > sent to the quarantine. > > In general, TheCompany doesn't want to block files, > they want a notification that it triggered a rule, and still deliver it, > just like the system can do for spam: > > > Use SpamAssassin = yes > # > # What to do with spam > # -------------------- > # notify - Send the recipients a short notification > Spam Actions = store deliver header "X-Spam-Status: Yes" > > > Would it be possible to emulate this same action on the other set of > filters/checks? > (Namely the file name/type checks in this case.) > Correct me if I'm wrong, but I think the file name/type checks are > governed by > the dangerous content setting: > > # > # Removing/Logging dangerous or potentially offensive content > # ----------------------------------------------------------- > # > > # Do you want to scan the messages for potentially dangerous content? > # Setting this to "no" will disable all the content-based checks except > # Virus Scanning, Allow Partial Messages and Allow External Message > Bodies. > # This can also be the filename of a ruleset. > Dangerous Content Scanning = yes > > > > It would be nice to have a simple add-on such as a new directive: > > Dangerous Content Actions = store notify deliver > > Thus emulate the same logic as the Spam Actions, but I know how Jules > hates to add more to the conf file than necessary. > > Perhaps adding in a ruleset that points to a custom function is an > option? > > Thanks in advance for your advice. > > Greg. Borders > > > -- > > This email message and any document accompanying it may contain > information intended only for the person(s) named. Any use, > distribution, copying or disclosure by another person is strictly > prohibited. NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: > DISCLOSURE UNDER TREASURY CIRCULAR 230: > Any tax advice included in this written or electronic communication > was not intended or written to be used, and it cannot be used by the > taxpayer, for the purpose of avoiding any penalties that may be > imposed on the taxpayer by any governmental taxing authority or > agency. This written or electronic communication does not represent > legal advice. Persons in need of a legal opinion should seek competent > counsel. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHljxNEfZZRxQVtlQRAhOJAJ0fP3pnWAqK92r89lQTXRwvWyISOACeI1U0 oXvR/gFD+1/4PKclS+aFgwI= =f4ve -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gborders at balanceconsult.com Tue Jan 22 21:42:18 2008 From: gborders at balanceconsult.com (Greg Borders) Date: Tue Jan 22 21:44:21 2008 Subject: File name/type actions? In-Reply-To: <47963C4B.5050605@ecs.soton.ac.uk> References: <47963271.1010301@balanceconsult.com> <47963C4B.5050605@ecs.soton.ac.uk> Message-ID: <4796633A.1080608@balanceconsult.com> > > Greg Borders wrote: > >> Greetings fellow MailScanners! I've got an interesting question that >> was brought >> to my attention by a user. They recently had a file attachment that >> triggered >> one of the file type rules. (filename.rules.conf) And it was of course >> sent to the quarantine. >> >> In general, TheCompany doesn't want to block files, >> they want a notification that it triggered a rule, and still deliver it, >> just like the system can do for spam: >> >> >> Use SpamAssassin = yes >> # >> # What to do with spam >> # -------------------- >> # notify - Send the recipients a short notification >> Spam Actions = store deliver header "X-Spam-Status: Yes" >> >> >> Would it be possible to emulate this same action on the other set of >> filters/checks? >> (Namely the file name/type checks in this case.) >> Correct me if I'm wrong, but I think the file name/type checks are >> governed by >> the dangerous content setting: >> >> # >> # Removing/Logging dangerous or potentially offensive content >> # ----------------------------------------------------------- >> # >> >> # Do you want to scan the messages for potentially dangerous content? >> # Setting this to "no" will disable all the content-based checks except >> # Virus Scanning, Allow Partial Messages and Allow External Message >> Bodies. >> # This can also be the filename of a ruleset. >> Dangerous Content Scanning = yes >> >> >> >> It would be nice to have a simple add-on such as a new directive: >> >> Dangerous Content Actions = store notify deliver >> >> Thus emulate the same logic as the Spam Actions, but I know how Jules >> hates to add more to the conf file than necessary. >> >> Perhaps adding in a ruleset that points to a custom function is an >> option? >> >> Thanks in advance for your advice. >> >> Greg. Borders >> >> >> >> > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Would you want a separate email, or a message prepended to the start of >> the email containing the problem attachment? The latter, I suspect. >> >> Unfortunately, this really isn't at all easy to do. I doubt I can do it, >> but I will take a look even so. >> >> Best regards, >> Jules. Thanks for the look Julian! You would be correct on the assumption of a prepended message, exactly like the spam notify action. I can understand the added complexity of having to deal with an attachment as well as the message itself. I'm not familiar enough with the innerworkings of MailScanner to be able to suggest any GoodIdeas beyond the general flow. But here goes my best guestimate: Thinking through the flow for the program, following the logic from the documentation, the file type/name check happens all before the spam and virus checking. Tagging the header would have to come after that, probably at the time the signature and spam headers would be added. The crux is what kind of state is the message in in the interim? I vaguely recall that you have a "copy" in a temp location that gets the tests ran on it. If that "test copy" is still encoded in mime, it might not be too bad to deal with. Then the question of at what point do you check the store / notify / deliver options the user has selected? And what do we do for each choice. For the store action, tossing it into the quarantine as normal would be fine. For the delete action, /dev/null the beast! (evil bunny grin.) It gets tricky for the deliver and notify. If you do both, it would need the header added (or flag set to add later) and then send on to next test, or on out to the MTA. Deliver alone would be the same as not doing the the file check in the first place. Notify alone. Send just email with header? Send special notify message only? UGH! Plenty of scenarios to try to work through. Feel free to call on my assistance, I'll try to help as best I can. Sincerely, Greg. Borders -- This email message and any document accompanying it may contain information intended only for the person(s) named. Any use, distribution, copying or disclosure by another person is strictly prohibited. NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: DISCLOSURE UNDER TREASURY CIRCULAR 230: Any tax advice included in this written or electronic communication was not intended or written to be used, and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer by any governmental taxing authority or agency. This written or electronic communication does not represent legal advice. Persons in need of a legal opinion should seek competent counsel. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080122/d104c854/attachment.html From ssilva at sgvwater.com Tue Jan 22 22:01:04 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 22 22:01:29 2008 Subject: OT: Web Mail Client In-Reply-To: References: <478F8579.9000905@ecs.soton.ac.uk> Message-ID: on 1/18/2008 8:03 PM rpotter spake the following: > > On Thu, 17 Jan 2008 16:42:33 +0000, Julian Field > wrote: > > >>> Julian Field wrote: > >>>> OT as ever :-) >>>> Check out roundcube. Lots of very clever Javascript. >>>> >>> Julian, >>> >>> Have you used this before as it's very new , and do you feel it's >>> suitable for enterprise/production sites? >> I've used it since it was very first launched. It's certainly suitable >> for us, works very nicely and the users like it too. My 2p worth. > > I setup a spare server today, with roundcube. I'm going to give my users > the option > to test it out and compare it to squirrelmail. > > To be honest, I never really gave much thought to changing from > squirrelmail. After > reading comments on this list, I decided to check it out. The "eye candy" > seems nicer, > setup was a breeze, so we will see. This is after 1 hour of testing, so > don't take my > word for it. :-) > > Me, I use mutt over ssh so I really don't care. But.... I am posting this > from roundcube > as part of my testing. > > Richard > New message notifications would be nice, but it does look good! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080122/3687cbca/signature.bin From arturs at netvision.net.il Tue Jan 22 22:56:14 2008 From: arturs at netvision.net.il (Arthur Sherman) Date: Tue Jan 22 22:57:27 2008 Subject: OT: Web Mail Client In-Reply-To: Message-ID: <015c01c85d49$fdd9bc00$e5b418ac@dell> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Scott Silva > Sent: Wednesday, January 23, 2008 12:01 AM > To: mailscanner@lists.mailscanner.info > Subject: Re: OT: Web Mail Client > > on 1/18/2008 8:03 PM rpotter spake the following: > > > > On Thu, 17 Jan 2008 16:42:33 +0000, Julian Field > > wrote: > > > > > >>> Julian Field wrote: > > > >>>> OT as ever :-) > >>>> Check out roundcube. Lots of very clever Javascript. > >>>> > >>> Julian, > >>> > >>> Have you used this before as it's very new , and do you feel it's > >>> suitable for enterprise/production sites? > >> I've used it since it was very first launched. It's certainly > >> suitable for us, works very nicely and the users like it > too. My 2p worth. > > > > I setup a spare server today, with roundcube. I'm going to give my > > users the option to test it out and compare it to squirrelmail. > > > > To be honest, I never really gave much thought to changing from > > squirrelmail. After reading comments on this list, I > decided to check > > it out. The "eye candy" > > seems nicer, > > setup was a breeze, so we will see. This is after 1 hour of > testing, > > so don't take my word for it. :-) > > > > Me, I use mutt over ssh so I really don't care. But.... I > am posting > > this from roundcube as part of my testing. > > > > Richard > > > New message notifications would be nice, but it does look good! I'd like to know your further experience with roundcube. Seems as a good replacement for OWM (as stable as it is, OWM is also pretty ugly...no offense). I wish it could share contacts within a domain. Best, -- Arthur Sherman From ssilva at sgvwater.com Tue Jan 22 23:26:47 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 22 23:27:14 2008 Subject: OT: Web Mail Client In-Reply-To: <015c01c85d49$fdd9bc00$e5b418ac@dell> References: <015c01c85d49$fdd9bc00$e5b418ac@dell> Message-ID: on 1/22/2008 2:56 PM Arthur Sherman spake the following: >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Scott Silva >> Sent: Wednesday, January 23, 2008 12:01 AM >> To: mailscanner@lists.mailscanner.info >> Subject: Re: OT: Web Mail Client >> >> on 1/18/2008 8:03 PM rpotter spake the following: >>> On Thu, 17 Jan 2008 16:42:33 +0000, Julian Field >>> wrote: >>> >>> >>>>> Julian Field wrote: >>>>>> OT as ever :-) >>>>>> Check out roundcube. Lots of very clever Javascript. >>>>>> >>>>> Julian, >>>>> >>>>> Have you used this before as it's very new , and do you feel it's >>>>> suitable for enterprise/production sites? >>>> I've used it since it was very first launched. It's certainly >>>> suitable for us, works very nicely and the users like it >> too. My 2p worth. >>> I setup a spare server today, with roundcube. I'm going to give my >>> users the option to test it out and compare it to squirrelmail. >>> >>> To be honest, I never really gave much thought to changing from >>> squirrelmail. After reading comments on this list, I >> decided to check >>> it out. The "eye candy" >>> seems nicer, >>> setup was a breeze, so we will see. This is after 1 hour of >> testing, >>> so don't take my word for it. :-) >>> >>> Me, I use mutt over ssh so I really don't care. But.... I >> am posting >>> this from roundcube as part of my testing. >>> >>> Richard >>> >> New message notifications would be nice, but it does look good! > > > I'd like to know your further experience with roundcube. > Seems as a good replacement for OWM (as stable as it is, OWM is also pretty > ugly...no offense). > I wish it could share contacts within a domain. > > No shared contacts unless maybe you are using LDAP book. It doesn't share the sql contacts, although it looks as if it can be easily hacked to do so. It doesn't seem to notify you of new mail unless you click on a folder first. Interface is very attractive, and it seems very speedy. I have also tried egroupware and horde/imp, and they all have different shortcomings that my users will complain about. Squirrelmail seems to be the fastest, but it is butt ugly, and the plugins that need the compatibility plugin are a hit and miss proposition. Openwebmail's direct access of the mailspool restricts it to mbox only, and it gets slow on large mailboxes. Global addressbook without LDAP is a plus. I have a few others to look at before I decide, but I will probably leave squirrelmail up for those who value speed over substance. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080122/d3bd2bf5/signature.bin From ajos1 at onion.demon.co.uk Tue Jan 22 23:27:07 2008 From: ajos1 at onion.demon.co.uk (ajos1@onion.demon.co.uk) Date: Tue Jan 22 23:27:19 2008 Subject: SA 3.2.4 lint output oddity Message-ID: - Interesting... Slightly to one side of this topic... But when I run... MailScanner --debug --debug-sa It does lots of output (which is expected)... of which the last few lines are: ============== [20314] dbg: rules: running rawbody tests; score so far=2.865 [20314] dbg: rules: compiled rawbody tests [20314] dbg: rules: running full tests; score so far=2.865 [20314] dbg: rules: compiled full tests [20314] dbg: rules: running meta tests; score so far=2.865 [20314] dbg: rules: compiled meta tests [20314] dbg: check: is spam? score=2.865 required=5 [20314] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [20314] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID ============== Then it sits there... and... sits there... and sits there... I have to control-c out... Is the command not meant to exit by itself? From ajos1 at onion.demon.co.uk Wed Jan 23 00:36:01 2008 From: ajos1 at onion.demon.co.uk (ajos1_at_onion) Date: Wed Jan 23 00:36:14 2008 Subject: SA 3.2.4 lint output oddity Message-ID: - I hate it when I send a message... which I then have to correct later on! The correction is... ======== When I run the command "MailScanner --debug --debug-sa"... there is lots of output... then it waits and waits... FINALLY exiting approximately 16 minutes later... Start: Tue Jan 22 23:31:46 GMT 2008 Stops: Tue Jan 22 23:49:23 GMT 2008 ======== On a third run it is still sat there... waiting... 40 minutes on... ======== From uxbod at splatnix.net Wed Jan 23 05:04:18 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 23 05:04:42 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: Message-ID: <33390513.14721201064658402.JavaMail.root@office.splatnix.net> ----- "ajos1_at_onion" wrote: > - > > I hate it when I send a message... which I then have to correct later > on! > > The correction is... > ======== > > When I run the command "MailScanner --debug --debug-sa"... there is > lots of output... then it waits and waits... FINALLY exiting > approximately 16 minutes later... > > Start: Tue Jan 22 23:31:46 GMT 2008 > Stops: Tue Jan 22 23:49:23 GMT 2008 > > ======== > > On a third run it is still sat there... waiting... 40 minutes on... > > ======== what happens if you run a spamassassin -D --lint ? do you get the same wait time ? -- Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.anderlini at database.it Wed Jan 23 13:37:50 2008 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Jan 23 13:38:08 2008 Subject: CRM114 Plugin In-Reply-To: <33390513.14721201064658402.JavaMail.root@office.splatnix.net> References: <33390513.14721201064658402.JavaMail.root@office.splatnix.net> Message-ID: <005101c85dc5$25da8ec0$2e01a8c0@dbdomain.database.it> First, I beg your pardon for my worst English, but it's not my mother language and so, please a very easy English :-) I'm looking for a definitive plugin that could help me to stop spam. At the moment I'm using mailscanner + spamassassin-3.2.4-1.el4 on a centos 4.6 with various rules_set,pyzor,razor, fuzzy_ocr and two blacklist at mta level. Now this configuration has some troubles to detect some new spam in italian language. Looking at wiki mailscanner I've found this (for me) new plugin:CRM114. Someone has already use it ? It's not clear for me how does it work. It can be used with other plugin ? Someone could explain me (with easy and clear words :-) Thanks a lot Best regards Marcello -- Messaggio verificato dal servizio antivirus di Database Informatica From arturs at netvision.net.il Wed Jan 23 14:05:04 2008 From: arturs at netvision.net.il (Arthur Sherman) Date: Wed Jan 23 14:07:14 2008 Subject: roundcube Message-ID: <01c601c85dc8$f3ceae30$e5b418ac@dell> Thanks, Scott, for your feedback. Appreciated. Best, -- Arthur Sherman From jaearick at colby.edu Wed Jan 23 15:36:06 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Wed Jan 23 15:36:30 2008 Subject: perl 5.10.0 anybody? Message-ID: Gang, It looks like perl 5.10.0 has been released, please see perl.com. Anybody given this a test drive with MailScanner yet? Jeff Earickson Colby College From octaviomaiden at yahoo.com Wed Jan 23 15:38:14 2008 From: octaviomaiden at yahoo.com (Octavio) Date: Wed Jan 23 15:38:24 2008 Subject: smtp and pop3 proxy In-Reply-To: <01c601c85dc8$f3ceae30$e5b418ac@dell> Message-ID: <44683.17899.qm@web38910.mail.mud.yahoo.com> Hi there are some programs called pop proxies (perdition and P3Scan) Im reading about them but I think they cant wotk with mailscanner or they do? does anyone know how? or there is a way to do this with MS? with do this I mean have a MS in the firewall and it catch all the smtp/pop connection to outside and scan them transparently Thanks Octavio ____________________________________________________________________________________ ?Capacidad ilimitada de almacenamiento en tu correo! No te preocupes m?s por el espacio de tu cuenta con Correo Yahoo!: http://correo.espanol.yahoo.com/ From steve at fsl.com Wed Jan 23 15:51:02 2008 From: steve at fsl.com (Stephen Swaney) Date: Wed Jan 23 15:52:54 2008 Subject: smtp and pop3 proxy In-Reply-To: <44683.17899.qm@web38910.mail.mud.yahoo.com> References: <44683.17899.qm@web38910.mail.mud.yahoo.com> Message-ID: <47976266.1080109@fsl.com> Octavio wrote: > Hi > > there are some programs called pop proxies (perdition > and P3Scan) Im reading about them but I think they > cant wotk with mailscanner or they do? does anyone > know how? > > or there is a way to do this with MS? > > with do this I mean have a MS in the firewall and it > catch all the smtp/pop connection to outside and scan > them transparently > > Thanks > Octavio > > Octavio, MailScanner has nothing to do with POP. POP Is a protocol used by a user's mail client to download messages from the user's mailbox on a mail server. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From walter.muellner at noevers.at Wed Jan 23 15:55:21 2008 From: walter.muellner at noevers.at (Muellner, Walter) Date: Wed Jan 23 15:55:30 2008 Subject: Rules for Send Notices Message-ID: <95761973A0D5414BAAD5339E80D16CC52D4603@dc3.noe.vers> Hey all, is there really nobody that can help with my 'Send Notices' problem? Or is this a very stupid question? Thanks Walter > ----- Original Message ----- > > Hey all, > > first of all i'd like to thank you for this great piece of software. We are using it > since a while now and never had bigger problems. > > But since the release of clamav with enabled anti-phishing features I encountered > a small problem with my config: Before the newer clamav releases "Send Notices" > was set to yes and I only got messages about viruses, dangerous content, blocked > attachments an so on, but then I got a notice for all mails seen as spam by > clamav (many, many mails a day). > > > I searched the net and the list archive and tried to create a rules file for not getting > virus notices any more - this is the content of this rules file: > ---------------------------------------------- > Virus: default no > Filename: default yes > Dangerous Content: default yes > FromOrTo: default yes > ---------------------------------------------- > > > But when I start MailScanner the following log entries show off: > > Jan 8 12:26:12 mail MailScanner[10810]: Syntax error in first field in line 2 of ruleset /etc/MailScanner/sendnotices.rules.conf > Jan 8 12:26:12 mail MailScanner[10810]: Syntax error in first field in line 3 of ruleset /etc/MailScanner/sendnotices.rules.conf > > > I also tried a few modifications but with no luck, when I just used a file like > ---------------------------------------------- > Virus: default no > FromOrTo: default yes > ---------------------------------------------- > I still get virus notices. > > > My MailScanner version is 4.65.3 - clamav is at 0.92 > > > Could someone please help me with that configuration problem? > > Walter M?llner From list-mailscanner at linguaphone.com Wed Jan 23 16:03:10 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jan 23 16:03:25 2008 Subject: smtp and pop3 proxy In-Reply-To: <44683.17899.qm@web38910.mail.mud.yahoo.com> References: <44683.17899.qm@web38910.mail.mud.yahoo.com> Message-ID: <1201104190.8405.40.camel@gblades-suse.linguaphone-intranet.co.uk> For a proxy each message would need to be scanned in turn. This is the direct opposite to the way MailScanner works (processing mail in batches). You can always use fetchmail to download the mails and pass them through your local MTA. Of course you then have the mail on your local server rather than the remote one. On Wed, 2008-01-23 at 15:38, Octavio wrote: > Hi > > there are some programs called pop proxies (perdition > and P3Scan) Im reading about them but I think they > cant wotk with mailscanner or they do? does anyone > know how? > > or there is a way to do this with MS? > > with do this I mean have a MS in the firewall and it > catch all the smtp/pop connection to outside and scan > them transparently > > Thanks > Octavio > > > ____________________________________________________________________________________ > ?Capacidad ilimitada de almacenamiento en tu correo! > No te preocupes m?s por el espacio de tu cuenta con Correo Yahoo!: > http://correo.espanol.yahoo.com/ From chris at bluecobras.com Wed Jan 23 15:08:20 2008 From: chris at bluecobras.com (Chris Hammond) Date: Wed Jan 23 16:17:10 2008 Subject: smtp and pop3 proxy Message-ID: <25335664.271201100900076.JavaMail.root@scalix.bluecobras.com> Perdition does not have anything to do with , it was just on the same server with it so they do coexist.? I had setup Perdition on a server that also had installed and it worked fine.? It has been a few years since I did it and the documentation was lacking for someone with limited knowledge in the area but it did work.? ----- Original Message ----- From: Octavio Sent: Wed, 1/23/2008 10:38am To: MailScanner@lists.MailScanner.info Subject: smtp and pop3 proxy Hi there are some programs called pop proxies (perdition and P3Scan) Im reading about them but I think they cant wotk with mailscanner or they do? does anyone know how? or there is a way to do this with MS? with do this I mean have a MS in the firewall and it catch all the smtp/pop connection to outside and scan them transparently Thanks Octavio ??????____________________________________________________________________________________ ?Capacidad ilimitada de almacenamiento en tu correo! No te preocupes m?s por el espacio de tu cuenta con Correo Yahoo!:?????????????????????? http://correo.espanol.yahoo.com/ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://mailscanner.bluecobras.com/cgi-bin/learn-msg.cgi?id=CF12928225.CE146 From shuttlebox at gmail.com Wed Jan 23 16:23:09 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jan 23 16:23:18 2008 Subject: Rules for Send Notices In-Reply-To: <95761973A0D5414BAAD5339E80D16CC52D4603@dc3.noe.vers> References: <95761973A0D5414BAAD5339E80D16CC52D4603@dc3.noe.vers> Message-ID: <625385e30801230823s7a9f69b6m29b360768412677c@mail.gmail.com> On Jan 23, 2008 4:55 PM, Muellner, Walter wrote: > > Hey all, > > is there really nobody that can help with my 'Send Notices' problem? > Or is this a very stupid question? > > > > I searched the net and the list archive and tried to create a rules file for not getting > > virus notices any more - this is the content of this rules file: > > ---------------------------------------------- > > Virus: default no > > Filename: default yes > > Dangerous Content: default yes > > FromOrTo: default yes > > ---------------------------------------------- > > > > > > But when I start MailScanner the following log entries show off: > > > > Jan 8 12:26:12 mail MailScanner[10810]: Syntax error in first field in line 2 of ruleset /etc/MailScanner/sendnotices.rules.conf > > Jan 8 12:26:12 mail MailScanner[10810]: Syntax error in first field in line 3 of ruleset /etc/MailScanner/sendnotices.rules.conf > > > > > > I also tried a few modifications but with no luck, when I just used a file like > > ---------------------------------------------- > > Virus: default no > > FromOrTo: default yes > > ---------------------------------------------- > > I still get virus notices. You can't mix rulesets like that, you're trying to do it all in one ruleset but you can only answer one question at a time. Have you read the example and readme files in the rules directory? -- /peter From Kevin_Miller at ci.juneau.ak.us Wed Jan 23 16:29:00 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Jan 23 16:28:27 2008 Subject: Rules for Send Notices In-Reply-To: <95761973A0D5414BAAD5339E80D16CC52D4603@dc3.noe.vers> References: <95761973A0D5414BAAD5339E80D16CC52D4603@dc3.noe.vers> Message-ID: Muellner, Walter wrote: > Hey all, > > is there really nobody that can help with my 'Send Notices' problem? > Or is this a very stupid question? Look at the README file in the rules dir. It lists the valid fields. In a nutshell, the first field is a source/destination indicator such as From: or To:, not a type definition such as spam:, virus:, etc. I'm a few versions back, so maybe Julian's enhanced rule processing since but I don't think you can do what you're trying to do... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From list-mailscanner at linguaphone.com Wed Jan 23 16:28:14 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jan 23 16:28:29 2008 Subject: OT: Corporate antivirus Message-ID: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> We have been using Trend for the last few years but the latest version we upgraded to a year ago has really gone downhill. We had to upgrade the XP machines from 256MB to 512MB just so that the machine did not take over 5 minutes to boot (no exaggeration). What do you recommend as a good corporate antivirus and preferebly anti spyware product as we are seriously considering switching? Thanks Gareth From AHKAPLAN at PARTNERS.ORG Wed Jan 23 16:33:04 2008 From: AHKAPLAN at PARTNERS.ORG (Kaplan, Andrew H.) Date: Wed Jan 23 16:33:15 2008 Subject: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: We use ClamAV on our *NIX systems, and it has done an excellent job for us. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth Sent: Wednesday, January 23, 2008 11:28 AM To: MailScanner discussion Subject: OT: Corporate antivirus We have been using Trend for the last few years but the latest version we upgraded to a year ago has really gone downhill. We had to upgrade the XP machines from 256MB to 512MB just so that the machine did not take over 5 minutes to boot (no exaggeration). What do you recommend as a good corporate antivirus and preferebly anti spyware product as we are seriously considering switching? Thanks Gareth -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! The information transmitted in this electronic communication is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this information in error, please contact the Compliance HelpLine at 800-856-1983 and properly dispose of this information. From uxbod at splatnix.net Wed Jan 23 16:34:43 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 23 16:35:14 2008 Subject: OT: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <22083723.16071201106083548.JavaMail.root@office.splatnix.net> ----- "Gareth" wrote: > We have been using Trend for the last few years but the latest > version > we upgraded to a year ago has really gone downhill. We had to upgrade > the XP machines from 256MB to 512MB just so that the machine did not > take over 5 minutes to boot (no exaggeration). > > What do you recommend as a good corporate antivirus and preferebly > anti > spyware product as we are seriously considering switching? > > Thanks > Gareth I would recommend taking a look at ESet (NOD32) http://www.eset.com .. Very small memory footprint and the new version includes AntiSpyWare. -- Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Wed Jan 23 16:38:52 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jan 23 16:39:26 2008 Subject: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <6dd94a46d683c246b9b4b1f5931098f9@solidstatelogic.com> Greg I find I need 1GB for XP to run at a reasonable pace anyway.....never mind AV etc.. Sophos is good but not cheap.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 23 January 2008 16:28 > To: MailScanner discussion > Subject: OT: Corporate antivirus > > We have been using Trend for the last few years but the latest version > we upgraded to a year ago has really gone downhill. We had to upgrade > the XP machines from 256MB to 512MB just so that the machine did not > take over 5 minutes to boot (no exaggeration). > > What do you recommend as a good corporate antivirus and preferebly anti > spyware product as we are seriously considering switching? > > Thanks > Gareth > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From andreab at guttadauro.com Wed Jan 23 16:41:39 2008 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Wed Jan 23 16:42:10 2008 Subject: [OT] my server is blacklisted Message-ID: <47976E43.1010102@guttadauro.com> Hello guys... i find some errors in my postfix log, some errors report this message. (host mail1.zonnet.nl[62.58.50.83] refused to talk to me: 551- 83-103-29-7.ip.fastwebnet.it is blacklisted by domains.rbl.zonnet.net 551- Reason supplied: 551- ip.fastwebnet.it is residential, use your ISP's SMTP server. hostmaster@versatel.nl 551 Closing connection.) Ok, i'm not a residential user... Do you know how i can remove my ip from this blacklist (and other too) ? Thanks a lot for your help AndreA NB: Sorry about my english -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080123/a89e3f50/attachment.html From andreab at guttadauro.com Wed Jan 23 16:46:20 2008 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Wed Jan 23 16:47:57 2008 Subject: OT: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <47976F5C.2040902@guttadauro.com> Hello !! We are using Sophos on Linux and Windows platform... > We have been using Trend for the last few years but the latest version > we upgraded to a year ago has really gone downhill. We had to upgrade > the XP machines from 256MB to 512MB just so that the machine did not > take over 5 minutes to boot (no exaggeration). > -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. From raymond at prolocation.net Wed Jan 23 16:51:47 2008 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Wed Jan 23 16:52:02 2008 Subject: [OT] my server is blacklisted In-Reply-To: <47976E43.1010102@guttadauro.com> References: <47976E43.1010102@guttadauro.com> Message-ID: Hi! > i find some errors in my postfix log, some errors report this message. > > (host mail1.zonnet.nl[62.58.50.83] refused to talk to me: 551- > 83-103-29-7.ip.fastwebnet.it is blacklisted by domains.rbl.zonnet.net > 551- Reason supplied: 551- ip.fastwebnet.it is residential, use your > ISP's SMTP server. hostmaster@versatel.nl 551 Closing connection.) > > Ok, i'm not a residential user... Do you know how i can remove my ip > from this blacklist (and other too) ? What about contacting hostmaster@versatel.nl ? But you could also just do what they suggest, use the smtp server of your provider, and dont send out directly ;) Bye, Raymond. From MailScanner at ecs.soton.ac.uk Wed Jan 23 16:52:05 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 23 16:52:27 2008 Subject: perl 5.10.0 anybody? In-Reply-To: References: Message-ID: <479770B5.1030701@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've just tried it under perl 5.10.0. Installed Perl, then installed MailScanner, the only thing that failed to install was perl-HTML-Tagset which I had to "rpm -Uvh --force /usr/src/redhat/RPMS/noarch/perl-HTML-Tagset*". I'm now installing ClamAV and SA to test they are okay. MailScanner --lint worked okay, which is the first thing to test. Jeff A. Earickson wrote: > Gang, > > It looks like perl 5.10.0 has been released, please see perl.com. > Anybody given this a test drive with MailScanner yet? > > Jeff Earickson > Colby College Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHl3C1EfZZRxQVtlQRAuWAAKDsqaEbDfg2HUlf/i6jYpUMNFFDWwCghRHC LMb8SCsTUNcWr3th5Yo07mk= =hWfV -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Wed Jan 23 16:53:09 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jan 23 16:53:19 2008 Subject: OT: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <479770F5.9040000@alexb.ch> On 1/23/2008 5:28 PM, Gareth wrote: > We have been using Trend for the last few years but the latest version > we upgraded to a year ago has really gone downhill. We had to upgrade > the XP machines from 256MB to 512MB just so that the machine did not > take over 5 minutes to boot (no exaggeration). > > What do you recommend as a good corporate antivirus and preferebly anti > spyware product as we are seriously considering switching? > > Thanks > Gareth > Eset/ Nod32 - on W32/*nix, whatever... happy camper! Alex From steve.freegard at fsl.com Wed Jan 23 16:47:31 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Jan 23 16:57:52 2008 Subject: OT: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <47976FA3.406@fsl.com> Gareth wrote: > We have been using Trend for the last few years but the latest version > we upgraded to a year ago has really gone downhill. We had to upgrade > the XP machines from 256MB to 512MB just so that the machine did not > take over 5 minutes to boot (no exaggeration). > > What do you recommend as a good corporate antivirus and preferebly anti > spyware product as we are seriously considering switching? I'm personally quite fond of NOD32 - lightweight and unobtrusive, much better than Trend and cheaper than Sophos. Cheers, Steve. From mkettler at evi-inc.com Wed Jan 23 17:02:05 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Jan 23 17:02:38 2008 Subject: [OT] my server is blacklisted In-Reply-To: <47976E43.1010102@guttadauro.com> References: <47976E43.1010102@guttadauro.com> Message-ID: <4797730D.7050007@evi-inc.com> Andrea Bazzanini wrote: > Hello guys... > > i find some errors in my postfix log, some errors report this message. > > (host mail1.zonnet.nl[62.58.50.83] refused to talk to me: 551- > 83-103-29-7.ip.fastwebnet.it is blacklisted by domains.rbl.zonnet.net > 551- Reason supplied: 551- ip.fastwebnet.it is residential, use your > ISP's SMTP server. hostmaster@versatel.nl 551 Closing connection.) > > Ok, i'm not a residential user... Do you know how i can remove my ip > from this blacklist (and other too) ? > > Thanks a lot for your help > > AndreA > > NB: Sorry about my english It appears to be instigated by the fact that your reverse DNS isn't set up in a manner that would be typical of a commercial site. They're blacklisting anything that reverse-dns lookups to "*.ip.fastwebnet.it", and probably reasonably so. (any legitimate mailserver really should have a proper reverse DNS, not an ISP supplied default.) So, if you've got a commercial line service, get fastweb.it to set the PTR record for 83.103.29.7 to smtp.guttadauro.net instead of 83-103-29-7.ip.fastwebnet.it. That should fix your troubles. From ms-list at alexb.ch Wed Jan 23 17:05:39 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Jan 23 17:05:51 2008 Subject: [OT] my server is blacklisted In-Reply-To: <47976E43.1010102@guttadauro.com> References: <47976E43.1010102@guttadauro.com> Message-ID: <479773E3.2020700@alexb.ch> On 1/23/2008 5:41 PM, Andrea Bazzanini wrote: > Hello guys... > > i find some errors in my postfix log, some errors report this message. > > (host mail1.zonnet.nl[62.58.50.83] refused to talk to me: 551- > 83-103-29-7.ip.fastwebnet.it is blacklisted by domains.rbl.zonnet.net > 551- Reason supplied: 551- ip.fastwebnet.it is residential, use your > ISP's SMTP server. hostmaster@versatel.nl 551 Closing connection.) > > Ok, i'm not a residential user... Do you know how i can remove my ip > from this blacklist (and other too) ? > > Thanks a lot for your help - ask zonnet.nl to remove you - don't use generic rDNS for a mailserver - ask your ISP to assign a PTR record for your mail server or change ISP. - if all above fail, use smarthost. Alex From brian.duncan at kattenlaw.com Wed Jan 23 17:27:38 2008 From: brian.duncan at kattenlaw.com (Duncan, Brian M.) Date: Wed Jan 23 17:28:00 2008 Subject: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <65234743FE1555428435CE39E6AC407801D7EE6D@CHI-US-EXCH-01.us.kmz.com> We are in the process of switching from Symantec to Kaspersky. (All workstations and on all Windows servers) We looked into all the major AV offerings and Kaspersky had the smallest footprint while being the most corporate friendly, and having tiered support. It also was a cost savings over Symantec. It is highly configurable and has many reporting features for staff. It has AV + Spyware components and other features. They are all easy to customize in a large Windows managed environment. We also did our own independent testing and Kaspersky seemed to be more aware of more PE compaction methods then most all of the other AV scanners. (We ran tests with all the major AV scanners with 37,00+ verified Viruses/Trojans and around 20,000 exe's fresh from Usenet at that time) They also liked that Kaspersky handles real-time scanning of any workstation defined ports. (HTTP/POP/etc..) That is not to say that there were not other AV scanners that came up better in other single areas. (NOD 32 for instance, was blazingly fast, just not very friendly and the interface was disliked by all test users - Not to mention its scalability in large organizations that need multiple update servers/ good reporting tools in a well designed management console) At the time we also spoke to some customer references from Kaspersky that were on it for more then a year and they were all happy with no outbreaks ever. We asked for 1500+ Windows seat references. Good luck > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Gareth > Sent: Wednesday, January 23, 2008 10:28 AM > To: MailScanner discussion > Subject: OT: Corporate antivirus > > We have been using Trend for the last few years but the > latest version we upgraded to a year ago has really gone > downhill. We had to upgrade the XP machines from 256MB to > 512MB just so that the machine did not take over 5 minutes to > boot (no exaggeration). > > What do you recommend as a good corporate antivirus and > preferebly anti spyware product as we are seriously > considering switching? > > Thanks > Gareth > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > =========================================================== CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. =========================================================== CONFIDENTIALITY NOTICE: This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies. =========================================================== NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997). =========================================================== From list-mailscanner at linguaphone.com Wed Jan 23 17:47:50 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jan 23 17:48:01 2008 Subject: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: Thanks everyone for your suggestions so far. It looks like the decision is going to between NOD32 and Kaspersky. I'll take a closer look at their offerings and prices tomorrow. We have 30-40 machines so central admin is not essential but certenly very desirable. Since we run clamav on mailscanner viruses are not really a problem for us. It is spyware that is definetly the biggest problem. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth > Sent: 23 January 2008 16:28 > To: MailScanner discussion > Subject: OT: Corporate antivirus > > > We have been using Trend for the last few years but the latest version > we upgraded to a year ago has really gone downhill. We had to upgrade > the XP machines from 256MB to 512MB just so that the machine did not > take over 5 minutes to boot (no exaggeration). > > What do you recommend as a good corporate antivirus and preferebly anti > spyware product as we are seriously considering switching? > > Thanks > Gareth > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From jlcostinha at halla.pt Wed Jan 23 18:10:56 2008 From: jlcostinha at halla.pt (Jorge Costinha) Date: Wed Jan 23 18:11:17 2008 Subject: Corporate antivirus In-Reply-To: References: Message-ID: <47978330.60903@halla.pt> you might, just might, take bitdefender in consideration! in here, we been using panda software for 3 years and it totally suck. 3 months before the contract with panda we search for a better solution and tested Norton AV and Bitdefender. By far Bit defender offer the best performance, even in machines with W2k wkstation the performance change was impressive. we are now changing everything to bitdefender. regarding servers, i got the engine of sophos and clamav. Gareth wrote: > Thanks everyone for your suggestions so far. > It looks like the decision is going to between NOD32 and Kaspersky. > I'll take a closer look at their offerings and prices tomorrow. > > We have 30-40 machines so central admin is not essential but certenly very > desirable. Since we run clamav on mailscanner viruses are not really a > problem for us. It is spyware that is definetly the biggest problem. > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Gareth >> Sent: 23 January 2008 16:28 >> To: MailScanner discussion >> Subject: OT: Corporate antivirus >> >> >> We have been using Trend for the last few years but the latest version >> we upgraded to a year ago has really gone downhill. We had to upgrade >> the XP machines from 256MB to 512MB just so that the machine did not >> take over 5 minutes to boot (no exaggeration). >> >> What do you recommend as a good corporate antivirus and preferebly anti >> spyware product as we are seriously considering switching? >> >> Thanks >> Gareth >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080123/50bab27e/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jan 23 18:26:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 23 18:27:21 2008 Subject: perl 5.10.0 anybody? In-Reply-To: <479770B5.1030701@ecs.soton.ac.uk> References: <479770B5.1030701@ecs.soton.ac.uk> Message-ID: <479786F1.8040504@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have now installed ClamAV and SA using my easy-to-install package. No changes needed there at all. All I did to the RPM distribution of MailScanner was add 2 lines just below the while read ........ line saying this: FORCE=no FORCE5=no I then ran ./install.sh. After that I did an "rpm -Uvh --force" on the perl-HTML-Tagset RPM built by the installation script, which is put in /usr/src/redhat/RPMS/noarch. Then everything appears to work fine. Julian Field wrote: > * PGP Signed: 01/23/08 at 16:52:05 > > I've just tried it under perl 5.10.0. Installed Perl, then installed > MailScanner, the only thing that failed to install was > perl-HTML-Tagset which I had to "rpm -Uvh --force > /usr/src/redhat/RPMS/noarch/perl-HTML-Tagset*". > I'm now installing ClamAV and SA to test they are okay. > > MailScanner --lint worked okay, which is the first thing to test. > > Jeff A. Earickson wrote: >> Gang, >> >> It looks like perl 5.10.0 has been released, please see perl.com. >> Anybody given this a test drive with MailScanner yet? >> >> Jeff Earickson >> Colby College > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHl4byEfZZRxQVtlQRAjVgAJ9Qdou+jz5psa/pe0QHIpgfPuxoGwCgjDr1 v0jxZ6f4wSsI30L/6n7RLTA= =OhGX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 23 18:34:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 23 18:35:26 2008 Subject: perl 5.10.0 anybody? In-Reply-To: <479786F1.8040504@ecs.soton.ac.uk> References: <479770B5.1030701@ecs.soton.ac.uk> <479786F1.8040504@ecs.soton.ac.uk> Message-ID: <479788D1.6090207@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Update --- No changes are necessary to the install.sh for installing MailScanner. It works just fine without any changes, except to --force the installation of perl-HTML-Tagset as described below. Julian Field wrote: > * PGP Signed: 01/23/08 at 18:26:58 > > I have now installed ClamAV and SA using my easy-to-install package. > No changes needed there at all. > All I did to the RPM distribution of MailScanner was add 2 lines just > below the > while read ........ > line saying this: > FORCE=no > FORCE5=no > I then ran ./install.sh. After that I did an "rpm -Uvh --force" on the > perl-HTML-Tagset RPM built by the installation script, which is put in > /usr/src/redhat/RPMS/noarch. > > Then everything appears to work fine. > > Julian Field wrote: >> > Old Signed: 01/23/08 at 16:52:05 >> >> I've just tried it under perl 5.10.0. Installed Perl, then installed >> MailScanner, the only thing that failed to install was >> perl-HTML-Tagset which I had to "rpm -Uvh --force >> /usr/src/redhat/RPMS/noarch/perl-HTML-Tagset*". >> I'm now installing ClamAV and SA to test they are okay. >> >> MailScanner --lint worked okay, which is the first thing to test. >> >> Jeff A. Earickson wrote: >>> Gang, >>> >>> It looks like perl 5.10.0 has been released, please see perl.com. >>> Anybody given this a test drive with MailScanner yet? >>> >>> Jeff Earickson >>> Colby College >> >> Jules >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHl4jZEfZZRxQVtlQRAt1OAKCRnGHPuc3VdN1/tSZBE4wCqHl53QCfUqk9 JJmWOZ2R7ff2rAZE2RUQPf4= =RYbX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Jan 23 19:04:38 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 23 19:04:57 2008 Subject: OT: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: on 1/23/2008 8:28 AM Gareth spake the following: > We have been using Trend for the last few years but the latest version > we upgraded to a year ago has really gone downhill. We had to upgrade > the XP machines from 256MB to 512MB just so that the machine did not > take over 5 minutes to boot (no exaggeration). > > What do you recommend as a good corporate antivirus and preferebly anti > spyware product as we are seriously considering switching? > > Thanks > Gareth > 256 megs and XP takes time to boot even without a virus scanner, but we are using McAfee corporate 8.5 and it seems to be fairly unobtrusive. But 256 meg machines are just slow with XP. 384 megs is enough to see a difference. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080123/121dac41/signature-0001.bin From MailScanner at ecs.soton.ac.uk Wed Jan 23 19:30:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 23 19:31:07 2008 Subject: OT: Corporate antivirus In-Reply-To: References: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <479795E3.8070407@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know this is all OT, but if you really want to run XP in 256Mb then I recommend XPLite. I used to run XP on an OQO with 256Mb of RAM in it, and ran firefox and thunderbird on it without it swapping. But no, I certainly didn't try to run a virus scanner on it! It can be done, but it has to be done carefully or you wind up with a system that runs like a stuffed pig (or like vista). Scott Silva wrote: > on 1/23/2008 8:28 AM Gareth spake the following: >> We have been using Trend for the last few years but the latest version >> we upgraded to a year ago has really gone downhill. We had to upgrade >> the XP machines from 256MB to 512MB just so that the machine did not >> take over 5 minutes to boot (no exaggeration). >> >> What do you recommend as a good corporate antivirus and preferebly anti >> spyware product as we are seriously considering switching? >> >> Thanks >> Gareth >> > 256 megs and XP takes time to boot even without a virus scanner, but > we are using McAfee corporate 8.5 and it seems to be fairly unobtrusive. > But 256 meg machines are just slow with XP. 384 megs is enough to see > a difference. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHl5XkEfZZRxQVtlQRAmxOAKCGDiZev0o1EVwc8zWIU01YSG2qUQCgnAPN Ew99uRHcu30E42Vl1vczuGg= =ODXv -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Wed Jan 23 20:06:03 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jan 23 20:06:16 2008 Subject: OT: Corporate antivirus In-Reply-To: <479795E3.8070407@ecs.soton.ac.uk> Message-ID: I did upgrade machines to 512MB which made them at least usable but they still run slower than the previous version of trend did when the machines had 256mb. I think their new anti spyware and anti rootkit feature are slowing it down too much. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Julian > Field > Sent: 23 January 2008 19:31 > To: MailScanner discussion > Subject: Re: OT: Corporate antivirus > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I know this is all OT, but if you really want to run XP in 256Mb then I > recommend XPLite. I used to run XP on an OQO with 256Mb of RAM in it, > and ran firefox and thunderbird on it without it swapping. > > But no, I certainly didn't try to run a virus scanner on it! > > It can be done, but it has to be done carefully or you wind up with a > system that runs like a stuffed pig (or like vista). > > Scott Silva wrote: > > on 1/23/2008 8:28 AM Gareth spake the following: > >> We have been using Trend for the last few years but the latest version > >> we upgraded to a year ago has really gone downhill. We had to upgrade > >> the XP machines from 256MB to 512MB just so that the machine did not > >> take over 5 minutes to boot (no exaggeration). > >> > >> What do you recommend as a good corporate antivirus and preferebly anti > >> spyware product as we are seriously considering switching? > >> > >> Thanks > >> Gareth > >> > > 256 megs and XP takes time to boot even without a virus scanner, but > > we are using McAfee corporate 8.5 and it seems to be fairly unobtrusive. > > But 256 meg machines are just slow with XP. 384 megs is enough to see > > a difference. > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHl5XkEfZZRxQVtlQRAmxOAKCGDiZev0o1EVwc8zWIU01YSG2qUQCgnAPN > Ew99uRHcu30E42Vl1vczuGg= > =ODXv > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > From andreab at guttadauro.com Wed Jan 23 20:35:35 2008 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Wed Jan 23 20:36:24 2008 Subject: [OT] my server is blacklisted In-Reply-To: <479773E3.2020700@alexb.ch> References: <47976E43.1010102@guttadauro.com> <479773E3.2020700@alexb.ch> Message-ID: <4797A517.60800@guttadauro.com> Thanks guys.... i'll try to fix my problem following your tips !! AndreA -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. From ajos1 at onion.demon.co.uk Wed Jan 23 23:30:48 2008 From: ajos1 at onion.demon.co.uk (ajos1 at onion) Date: Wed Jan 23 23:30:58 2008 Subject: SA 3.2.4 lint output oddity Message-ID: >> >> what happens if you run a spamassassin -D --lint ? do you get the same wait time ? >> If I do "spamassassin -D --lint" then it does everything upto... ======== ... [15510] dbg: rules: compiled meta tests [15510] dbg: check: is spam? score=4.205 required=5 [15510] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [15510] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID ======== and then exits normally... I did "MailScanner --debug --debug-sa" another 2 times... 1st time there was a WAIT of 41 minutes and it did end correctly... but the ID changes from 13624 to 30448 ! 2nd time there was a WAIT of 25 minutes and did not end correctly... Wed Jan 23 10:43:48 GMT 2008 Wed Jan 23 11:25:08 GMT 2008 ======== ... [13624] dbg: rules: compiled full tests [13624] dbg: rules: running meta tests; score so far=2.865 [13624] dbg: rules: compiled meta tests [13624] dbg: check: is spam? score=2.865 required=5 [13624] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [13624] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID WAITING AND WAITING AND WAITING [30448] dbg: dns: name server: 87.117.198.200, LocalAddr: 0.0.0.0 [30448] dbg: message: main message type: text/plain [30448] dbg: message: ---- MIME PARSER START ---- [30448] dbg: message: parsing normal part [30448] dbg: message: ---- MIME PARSER END ---- ..... [30448] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks [30448] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen [30448] dbg: bayes: found bayes db version 3 [30448] dbg: bayes: learned '1918d8874a06aebd848368d6cfb43e4c60d86c32@sa_generated', atime: 1201087492 [30448] dbg: bayes: untie-ing [30448] dbg: learn: initializing learner Stopping now as you are debugging me. ======== Wed Jan 23 11:26:41 GMT 2008 Wed Jan 23 11:51:06 GMT 2008 ======== ... [30786] dbg: rules: running meta tests; score so far=2.865 [30786] dbg: rules: compiled meta tests [30786] dbg: check: is spam? score=2.865 required=5 [30786] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [30786] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID WAITING AND WAITING AND WAITING commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 41. Stopping now as you are debugging me. ======== From ajos1 at onion.demon.co.uk Wed Jan 23 23:44:45 2008 From: ajos1 at onion.demon.co.uk (ajos1 at onion) Date: Wed Jan 23 23:44:54 2008 Subject: SA 3.2.4 lint output oddity Message-ID: I did "MailScanner --debug --debug-sa" on another server... it has a small wait about 30 seconds... but it completes correctly... There is an extra line before the wait... "[21232] dbg: bayes: untie-ing" ======== .... [21232] dbg: rules: running meta tests; score so far=3.053 [21232] dbg: rules: compiled meta tests [21232] dbg: check: is spam? score=3.053 required=5 [21232] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [21232] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID [21232] dbg: bayes: untie-ing SMALL WAIT ... [22112] dbg: dns: name server: 87.117.198.200, LocalAddr: 0.0.0.0 [22112] dbg: message: main message type: text/plain [22112] dbg: message: ---- MIME PARSER START ---- [22112] dbg: message: parsing normal part .... ======== From paul at blacknight.ie Wed Jan 23 23:59:00 2008 From: paul at blacknight.ie (Paul Kelly:: Blacknight) Date: Wed Jan 23 23:59:14 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: References: Message-ID: <4797D4C4.8070702@blacknight.ie> ajos1 at onion wrote: > I did "MailScanner --debug --debug-sa" on another server... it has a small wait about 30 seconds... but it completes correctly... > > There is an extra line before the wait... "[21232] dbg: bayes: untie-ing" > > > ======== > .... > [21232] dbg: rules: running meta tests; score so far=3.053 > [21232] dbg: rules: compiled meta tests > [21232] dbg: check: is spam? score=3.053 required=5 > [21232] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS > [21232] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID > [21232] dbg: bayes: untie-ing > > > SMALL WAIT ... > > > [22112] dbg: dns: name server: 87.117.198.200, LocalAddr: 0.0.0.0 > [22112] dbg: message: main message type: text/plain > [22112] dbg: message: ---- MIME PARSER START ---- > [22112] dbg: message: parsing normal part > .... > ======== When you run MailScanner in debug mode, it waits for Mail to come into the inbound queue. It'll then process a batch of messages. When it's waiting on the long wait server, what does a "w" show you on an alternative console login? Something siumilar to the following should appear. root pts/1 trinity.dahomela 23:57 8.00s 4.18s 4.17s MailScanner: waiting for messages It waits for messages to come in, don't forget that it has to fight with the running MS aswell for messages, so for proper debugging do service MailScanner stop ; service MailScanner startin and do the debug. Paul -- Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Tel: +353 (0) 59 9183072 Lo-call: 1850 929 929 DDI: +353 (0) 59 9183091 e-mail: paul@blacknight.ie web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 From bfebrian.mailscanner at indomino.net Thu Jan 24 01:35:47 2008 From: bfebrian.mailscanner at indomino.net (Budi Febrianto) Date: Thu Jan 24 01:36:10 2008 Subject: Spamassassin -D --lint fixed relative path error? Message-ID: <4797EB73.2030404@indomino.net> Dear all, I'm not sure about this, but I see a lot of this when I run spamassassin -D --lint [4822] dbg: config: fixed relative path: /var/lib/spamassassin/3.002003/updates_spamassassin_org/60_whitelist_subject.cf 0.00345 [4822] dbg: config: using "/var/lib/spamassassin/3.002003/updates_spamassassin_org/60_whitelist_subject.cf" for included file 0.00011 [4822] dbg: config: read file /var/lib/spamassassin/3.002003/updates_spamassassin_org/60_whitelist_subject.cf 0.00036 [4822] dbg: config: fixed relative path: /var/lib/spamassassin/3.002003/updates_spamassassin_org/72_active.cf 0.00207 [4822] dbg: config: using "/var/lib/spamassassin/3.002003/updates_spamassassin_org/72_active.cf" for included file 0.00012 [4822] dbg: config: read file /var/lib/spamassassin/3.002003/updates_spamassassin_org/72_active.cf 0.00647 [4822] dbg: config: fixed relative path: /var/lib/spamassassin/3.002003/updates_spamassassin_org/72_removed.cf 0.20522 [4822] dbg: config: using "/var/lib/spamassassin/3.002003/updates_spamassassin_org/72_removed.cf" for included file 0.00017 [4822] dbg: config: read file /var/lib/spamassassin/3.002003/updates_spamassassin_org/72_removed.cf 0.0002 [4822] dbg: config: fixed relative path: /var/lib/spamassassin/3.002003/updates_spamassassin_org/72_scores.cf 0.00317 [4822] dbg: config: using "/var/lib/spamassassin/3.002003/updates_spamassassin_org/72_scores.cf" for included file 0.00012 [4822] dbg: config: read file /var/lib/spamassassin/3.002003/updates_spamassassin_org/72_scores.cf 0.0002 [4822] dbg: config: fixed relative path: /var/lib/spamassassin/3.002003/updates_spamassassin_org/80_additional.cf 0.00207 [4822] dbg: config: using "/var/lib/spamassassin/3.002003/updates_spamassassin_org/80_additional.cf" for included file 0.00011 [4822] dbg: config: read file /var/lib/spamassassin/3.002003/updates_spamassassin_org/80_additional.cf Is this normal? The last time I did is modified the sa-update configuration file to add more rdj rules in sa-update. If this an error, can I just deleted all the files in /var/lib/spamassassin and run the sa-update again? I'm running spamassassin 3.2.3 and MailScanner 4.65.3 -- Budi Febrianto www.indomino.net/blog -- Budi Febrianto From support-lists at petdoctors.co.uk Thu Jan 24 09:18:16 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Thu Jan 24 09:18:43 2008 Subject: OT: Web Mail Client In-Reply-To: Message-ID: <015f01c85e6a$0d52be90$3c65a8c0@support01> Can anyone comment from experience on the pros and cons of a MailScanner + Scalix implementation, or just Scalix in general. Scalix certainly looks nice, but so far I have just arranged for postfix to forward copies into it in parallel with our Squirrelmail installation. Thanks From hofu12 at physik.tu-darmstadt.de Thu Jan 24 09:22:15 2008 From: hofu12 at physik.tu-darmstadt.de (hofu) Date: Thu Jan 24 09:22:31 2008 Subject: backscatter by DSN: Service unavailable Message-ID: Hi all, our primary mailserver tags the spam and relays mail to other mailservers. Those sometimes have a different view of accepting messages and frequently reject spam mail (different view of DNS, different RFC inforcement). The primary server backscatters the tagged spam to falsified sender addresses. I am already rejecting spam from the subdomains mailservers with mailscanner upion reaxamining the mail but this happens as DSN: Service unavailable which I can't seem to intercept with mailscanner. Any chance to do this via watermarks or some such? Thanks hofu From glenn.steen at gmail.com Thu Jan 24 12:02:59 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 24 12:03:10 2008 Subject: Mailscanner generated duplicate message. In-Reply-To: <478265B4.9020502@msapiro.net> References: <478265B4.9020502@msapiro.net> Message-ID: <223f97700801240402k3a10d378m1049e49a755465e1@mail.gmail.com> On 07/01/2008, Mark Sapiro wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mark Sapiro wrote: > > | Alex Broens wrote: > |> > |> > |> > |> > |> On 12/24/2007 3:23 PM, Mark Sapiro wrote: > |>> Alex Broens wrote: > |>>> probably totally irrelevant yet got a hunch... > |>>> > |>>> > |>>> what are your settings in MailScanner.conf for > |>>> > |>>> Queue Scan Interval > |>>> > |>>> Max Unscanned Messages Per Scan > |>>> > |>>> Max Unsafe Messages Per Scan > |>> > |>> > |>> Queue Scan Interval = 6 > |>> > |>> Max Unscanned Messages Per Scan = 30 > |>> > |>> Max Unsafe Messages Per Scan = 30 > |>> > |>> > |>>> Could it be you're seeing a race condition between scanning threads? > |>> > |>> > |>> This is exactly what the problem seems to be, but I don't know what to > |>> do to prevent it or what I could have done or omitted to cause it. > |>> > |>> I suppose I could set > |>> > |>> Max Children = 1 > |>> > |>> but that seems extreme, and it seems if it were necessary, more than > |>> just me would be seeing this problem. > |> > |> Single CPU: > |> > |> Max Children = 5 > | > | > | This is what I currently have. > | > | > |> Dual: > |> > |> Max Children = 8 > |> > |> (keep the box relaxed till you get the stuff to process) > |> > |> Pls try: > |> > |> Queue Scan Interval = 15 > |> > |> Max Unscanned Messages Per Scan = 5 > |> Max Unsafe Messages Per Scan = 5 > | > | > | I will try these. Note that I will be offline for the next week, so I > | won't be able to report much until after the new year. > > > I tried the above settings from Dec 24 through Jan 3. During that > period, I see three more duplication incidents in my maillog. This is a > lower rate than previous, but there are still dups. > > As of Jan 3, I have reverted the above settings to their default values, > and set > > Max Children = 2 > > So far, there have been no more dups, but I think it's too early to > tell. Given the load on my system, Max Children = 2 seems fine. If I do > see more dups, I may even try setting it to 1 which I'm certain will > eliminate the problem. > > > |> You may need to tweek "Queue Scan Interval" to your box's perfomance > |> > |> my rule of thumb: > |> > |> Queue Scan Interval = thread_count + 3 > |> > |> keep us posted > | > | > | OK. > | > | Note that logs indicate that this problem has only occurred on mail > | which is not actually scanned because of a 'no' in scan.messages.rules. > | I don't know why this would matter, but it may be significant. > | > | All but one of the occurrences were on outgoing mail from localhost. The > | other one was an incoming message to postmaster. Logs indicate 4 copies > | of this one were delivered and I undoubtedly saw all four but just > | deleted them thinking they were multiple spams > | > | The nature of the server is that outgoing mail is virtually all Mailman > | list posts or forwards of mail, all of which was scanned on the way in. > | I would just as soon not have Postfix hold mail from localhost at all, > | but I haven't figured out how to do that. > > Hello Mark, I'm mostly just posting this to tell you that I haven't forgotten about you and your problem. I've (finally) hat the time to look a bit at the code, and ... there simply isn't anything that jumps out as a possible error that would have this type of behavior. Perhaps needless to say (so I'll go ahead and say it anyway:-), detailed study of my logs and quarantine have not turned up any duplicates of the kind you have. All mine are the ones the extra "entropy" after the dot (.:-) is designed to overcome. Then again, I seem to recall you mentioning that this only happens for locally submitted mail... So then the question becomes "what differentiates them from the normal mail?", and perhaps "How can we change things so that the locally submitted mails are equivalent with non-local mail?" as a stopgap solution... While looking at how those submissiions would be ... mishandled by MS... In short: I'm in sore need of a repeatable testcase here....:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Jan 24 12:33:35 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 24 12:33:45 2008 Subject: Mailscanner generated duplicate message. In-Reply-To: <476FD790.8040208@msapiro.net> References: <476FC9AF.2010903@alexb.ch> <476FD790.8040208@msapiro.net> Message-ID: <223f97700801240433h7d52ba68xe374d5efe7cdc1e4@mail.gmail.com> On 24/12/2007, Mark Sapiro wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Broens wrote: > > > > > > > > > > On 12/24/2007 3:23 PM, Mark Sapiro wrote: > >> Alex Broens wrote: > >>> probably totally irrelevant yet got a hunch... > >>> > >>> > >>> what are your settings in MailScanner.conf for > >>> > >>> Queue Scan Interval > >>> > >>> Max Unscanned Messages Per Scan > >>> > >>> Max Unsafe Messages Per Scan > >> > >> > >> Queue Scan Interval = 6 > >> > >> Max Unscanned Messages Per Scan = 30 > >> > >> Max Unsafe Messages Per Scan = 30 > >> > >> > >>> Could it be you're seeing a race condition between scanning threads? > >> > >> > >> This is exactly what the problem seems to be, but I don't know what to > >> do to prevent it or what I could have done or omitted to cause it. > >> > >> I suppose I could set > >> > >> Max Children = 1 > >> > >> but that seems extreme, and it seems if it were necessary, more than > >> just me would be seeing this problem. > > > > Single CPU: > > > > Max Children = 5 > > > This is what I currently have. > > > > Dual: > > > > Max Children = 8 > > > > (keep the box relaxed till you get the stuff to process) > > > > Pls try: > > > > Queue Scan Interval = 15 > > > > Max Unscanned Messages Per Scan = 5 > > Max Unsafe Messages Per Scan = 5 > > > I will try these. Note that I will be offline for the next week, so I > won't be able to report much until after the new year. > > > > You may need to tweek "Queue Scan Interval" to your box's perfomance > > > > my rule of thumb: > > > > Queue Scan Interval = thread_count + 3 > > > > keep us posted > > > OK. > > Note that logs indicate that this problem has only occurred on mail > which is not actually scanned because of a 'no' in scan.messages.rules. > I don't know why this would matter, but it may be significant. > > All but one of the occurrences were on outgoing mail from localhost. The > other one was an incoming message to postmaster. Logs indicate 4 copies > of this one were delivered and I undoubtedly saw all four but just > deleted them thinking they were multiple spams > > The nature of the server is that outgoing mail is virtually all Mailman > list posts or forwards of mail, all of which was scanned on the way in. > I would just as soon not have Postfix hold mail from localhost at all, > but I haven't figured out how to do that. > Bypassing MailScanner for outgoing mail is easily done... All you need is an smtpd listening on another port .... and have that smtpd _not_ use the header_check... Then see to it that mailman use that port to submit mails... Set SMTPPORT in your config, IIRC... There are some examples littering the net, on how to setup a "secondary" smtpd listener, and you usually have a stub in your master.cf ... Also look at the wiki, I have some howto there where I use a trick like that to do multi-recipient splitting (one mail/recipient, so that MailScanner rules don't work on just the first recipient...). Or give a holler and I'll dig something out. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Jan 24 13:54:06 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 24 13:54:17 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: References: Message-ID: <223f97700801240554h6b91ea8fmf17586838d9dbe69@mail.gmail.com> On 24/01/2008, ajos1 at onion wrote: (snip) > 2nd time there was a WAIT of 25 minutes and did not end correctly... (snip) > commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 41. > Stopping now as you are debugging me. > ======== The "AutoCommit error" is actually a quite harmless warning. All it is saying is that you've got autocommit enabled for your MySQL database containg your MailWatch tables... And MailWatch does do appropriate commits as needed. Steve could perhaps check at child startup whether autocommit is on, but really... It's just a harmless warning, nothing else. For the rest, I think Paul is quite correct;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Thu Jan 24 13:54:32 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Jan 24 13:54:53 2008 Subject: Spamassassin -D --lint fixed relative path error? In-Reply-To: <4797EB73.2030404@indomino.net> References: <4797EB73.2030404@indomino.net> Message-ID: <47989898.9060706@evi-inc.com> Budi Febrianto wrote: > Dear all, > > I'm not sure about this, but I see a lot of this when I run spamassassin > -D --lint > > [4822] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002003/updates_spamassassin_org/60_whitelist_subject.cf > 0.00345 > Is this normal? Yes, that's completely normal for SA once you've run sa-update. In general, if it doesn't show up in spamassassin --lint (without the -D) it's generally not a problem. ie: if there's problems, spamassassin --lint should print them. If there's no problems, it should run silently. I'd also generally advise not using the -D flag unless you're trying to track down an elusive problem, or are merely wondering how SA handles things internally. For routine config checks, you're better off without the extra debug noise, as it may cause you to overlook actual important warnings. From glenn.steen at gmail.com Thu Jan 24 13:56:42 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 24 13:56:53 2008 Subject: Spamassassin -D --lint fixed relative path error? In-Reply-To: <4797EB73.2030404@indomino.net> References: <4797EB73.2030404@indomino.net> Message-ID: <223f97700801240556v7081352q6c78cb7d6e67619d@mail.gmail.com> On 24/01/2008, Budi Febrianto wrote: > Dear all, > > I'm not sure about this, but I see a lot of this when I run spamassassin > -D --lint > (snip) > Is this normal? > > The last time I did is modified the sa-update configuration file to add > more rdj rules in sa-update. > If this an error, can I just deleted all the files in > /var/lib/spamassassin and run the sa-update again? > > I'm running spamassassin 3.2.3 and MailScanner 4.65.3 > Yes, it seems to be quite normal. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Jan 24 13:59:23 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 24 13:59:33 2008 Subject: backscatter by DSN: Service unavailable In-Reply-To: References: Message-ID: <223f97700801240559g1b0396c9rc94636e162c962e0@mail.gmail.com> On 24/01/2008, hofu wrote: > Hi all, > > our primary mailserver tags the spam and relays mail to other mailservers. > Those sometimes have a different view of accepting messages > and frequently reject spam mail > (different view of DNS, different RFC inforcement). The primary server > backscatters the tagged spam to falsified sender addresses. > I am already rejecting spam from the subdomains mailservers with mailscanner > upion reaxamining the mail > but this happens as > DSN: Service unavailable > which I can't seem to intercept with mailscanner. > > Any chance to do this via watermarks or some such? > Thanks > hofu Do you already do recipient verification (call ahead type of thing)? Might solve a few of your problems:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ugob at lubik.ca Thu Jan 24 14:48:20 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Jan 24 14:48:52 2008 Subject: sa-compile (3.2.4) problem on centos3 Message-ID: Hi, I have upgraded from 3.2.1 to 3.2.4 yesterday on centos3, using the rpmbuild instruction given on SpamAssassin's site. When I run sa-compile, many rules seems to compile correctly, then I get this error: cd /tmp/.spamassassin178442ZVCbftmp Insecure dependency in mkdir while running with -T switch at ./sa-compile line 319, <$fh> line 1. I found an old bug here: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5465 When I compiled SA into an RPM, there was this warning: *********************************************************************** ExtUtils::MakeMaker 6.03 doesn't include support for DESTDIR, so if you want to be on the safe side, you might want to upgrade your ExtUtils::MakeMaker to version 6.11 or later. It is available via CPAN. You can use either the CPAN shell or go to to get an up-to-date version. This should only be necessary if you are creating binary packages. *********************************************************************** but I have this RPM installed: perl-ExtUtils-MakeMaker-6.42-1.el3.rf Could that be related? From anders.andersson at ltkalmar.se Thu Jan 24 16:13:08 2008 From: anders.andersson at ltkalmar.se (Anders Andersson, IT) Date: Thu Jan 24 16:13:20 2008 Subject: SV: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <5EBABD62DC5AC048AD8AEC3312E02D4C01FF2FA6@exchange03.lkl.ltkalmar.se> Hi We been using McAfee for along while and been happy with it, not to big foot print and easy to distribute among the users. The latest verson for cenral management was not a big hit but the AV works fine /Anders -----Ursprungligt meddelande----- Fr?n: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] F?r Gareth Skickat: den 23 januari 2008 17:28 Till: MailScanner discussion ?mne: OT: Corporate antivirus We have been using Trend for the last few years but the latest version we upgraded to a year ago has really gone downhill. We had to upgrade the XP machines from 256MB to 512MB just so that the machine did not take over 5 minutes to boot (no exaggeration). What do you recommend as a good corporate antivirus and preferebly anti spyware product as we are seriously considering switching? Thanks Gareth From ugob at lubik.ca Thu Jan 24 18:41:01 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Jan 24 18:41:37 2008 Subject: use bytes bug in SA Message-ID: Anyone got hit by this? http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5590 Everytime I upgrade SA, I must add 'use bytes' in SpamAssassin's Message.pm to get decent scan time. The speed penality is considerable. Regards, Ugo From MailScanner at ecs.soton.ac.uk Thu Jan 24 21:59:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 24 21:59:31 2008 Subject: use bytes bug in SA In-Reply-To: References: Message-ID: <47990A2D.2070500@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does this only affect Solaris? Or has anyone produced the same behaviour on Linux, being the "platform of choice" for many people? Ugo Bellavance wrote: > Anyone got hit by this? > > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5590 > > Everytime I upgrade SA, I must add 'use bytes' in SpamAssassin's > Message.pm to get decent scan time. The speed penality is considerable. > > Regards, > Ugo > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHmQovEfZZRxQVtlQRAorkAKCo60+iSM9tnEJ46iptDuA96/JRdQCgouSr xkh5KPWQRMO3g0MRwrnXUw8= =udzz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rthrush at winbeam.com Thu Jan 24 22:00:00 2008 From: rthrush at winbeam.com (Raymond H Thrush II) Date: Thu Jan 24 22:18:10 2008 Subject: MailScanner 4.66.5 and SA 3.2.4 score/bayes issues Message-ID: <47990A60.9060101@winbeam.com> Has anyone else noticed any changes in your SA scoring after upgrading to MS 4.66.5 and SA 3.2.4? I have my scoring set to Bayes auto learn ham at -2.0 and Bayes auto learn spam at 30.0. But since I have done the upgrade Tuesday I have been seeing significantly lower spam learns, while my average SA scores have dropped and the most hit score above my high spam is around 10.xxxx. In MS I weight them <4 ok >4 is possible spam and >8 is delete( high spam ) My average score for high spam before the upgrade was around 23.xx and the average overall score was about 19.xx now I am seeing about 19.xx for high avg score and 16.xx overall average. It seems like all my rule sets are ok for SA using the newest sa-update set compiled, when I grepped against the previous version 3.2.3 rules they only differ in the version tags. Any clues? I believe I need to tweak my auto learn spam settings based on what I am seeing. From steve.freegard at fsl.com Thu Jan 24 22:38:33 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Jan 24 22:34:30 2008 Subject: use bytes bug in SA In-Reply-To: <47990A2D.2070500@ecs.soton.ac.uk> References: <47990A2D.2070500@ecs.soton.ac.uk> Message-ID: <47991369.6010004@fsl.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Does this only affect Solaris? Nope. > Or has anyone produced the same behaviour on Linux, being the "platform > of choice" for many people? Yes - in Ugo's case this behavior was on Linux (CentOS 3 and CentOS 4). > Ugo Bellavance wrote: >> Anyone got hit by this? >> >> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5590 >> >> Everytime I upgrade SA, I must add 'use bytes' in SpamAssassin's >> Message.pm to get decent scan time. The speed penality is considerable. I'd guess it could be related to: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5440 Which indicates that the issue was a Perl bug in the regexp handling which was fixed in Perl 5.8.8. Kind regards, Steve. From kyleaschmitt at gmail.com Thu Jan 24 23:27:25 2008 From: kyleaschmitt at gmail.com (Kyle Schmitt) Date: Thu Jan 24 23:27:35 2008 Subject: How do you know if Spam Assassin is using bayes? Message-ID: <2b548b8b0801241527r3360594eu19e494d69fda9af0@mail.gmail.com> It sounds like a silly question, but how do you know if SA is using the bayes filter? After reviewing and editing the config files, I don't see anything being created in the directory that the bayes db is supposed to be in. How do you really check? Thanks, Kyle From ssilva at sgvwater.com Thu Jan 24 23:45:43 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Jan 24 23:50:15 2008 Subject: How do you know if Spam Assassin is using bayes? In-Reply-To: <2b548b8b0801241527r3360594eu19e494d69fda9af0@mail.gmail.com> References: <2b548b8b0801241527r3360594eu19e494d69fda9af0@mail.gmail.com> Message-ID: on 1/24/2008 3:27 PM Kyle Schmitt spake the following: > It sounds like a silly question, but how do you know if SA is using > the bayes filter? > After reviewing and editing the config files, I don't see anything > being created in the directory that the bayes db is supposed to be in. > How do you really check? > > Thanks, > Kyle You can always run "spamassassin -D --lint and look for the lines with "dbg: bayes" in them like this; [14537] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks [14537] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen [14537] dbg: bayes: found bayes db version 3 [14537] dbg: bayes: DB journal sync: last sync: 1201217727 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080124/bb1c2d47/signature.bin From bfebrian.mailscanner at indomino.net Fri Jan 25 02:02:31 2008 From: bfebrian.mailscanner at indomino.net (Budi Febrianto) Date: Fri Jan 25 02:02:50 2008 Subject: Spamassassin -D --lint fixed relative path error? In-Reply-To: <47989898.9060706@evi-inc.com> References: <4797EB73.2030404@indomino.net> <47989898.9060706@evi-inc.com> Message-ID: <47994337.5060107@indomino.net> Matt Kettler wrote: > Budi Febrianto wrote: >> Dear all, >> >> I'm not sure about this, but I see a lot of this when I run >> spamassassin -D --lint >> >> [4822] dbg: config: fixed relative path: >> /var/lib/spamassassin/3.002003/updates_spamassassin_org/60_whitelist_subject.cf >> 0.00345 > >> Is this normal? > > Yes, that's completely normal for SA once you've run sa-update. > > In general, if it doesn't show up in spamassassin --lint (without the > -D) it's generally not a problem. ie: if there's problems, > spamassassin --lint should print them. If there's no problems, it > should run silently. > > I'd also generally advise not using the -D flag unless you're trying > to track down an elusive problem, or are merely wondering how SA > handles things internally. For routine config checks, you're better > off without the extra debug noise, as it may cause you to overlook > actual important warnings. Thanks. Ussually I just do the spamassassin --lint to see if there any error. But after modified the sa-update, I want to make sure if everything is ok. And it is. :) Now I can prepare for the weekend. -- From glenn.steen at gmail.com Fri Jan 25 08:57:38 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 25 08:57:47 2008 Subject: How do you know if Spam Assassin is using bayes? In-Reply-To: References: <2b548b8b0801241527r3360594eu19e494d69fda9af0@mail.gmail.com> Message-ID: <223f97700801250057h108f5e33ia292cb6e8c2aa96e@mail.gmail.com> On 25/01/2008, Scott Silva wrote: > on 1/24/2008 3:27 PM Kyle Schmitt spake the following: > > It sounds like a silly question, but how do you know if SA is using > > the bayes filter? > > After reviewing and editing the config files, I don't see anything > > being created in the directory that the bayes db is supposed to be in. > > How do you really check? > > > > Thanks, > > Kyle > You can always run "spamassassin -D --lint and look for the lines with "dbg: > bayes" in them like this; > > [14537] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks > [14537] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen > [14537] dbg: bayes: found bayes db version 3 > [14537] dbg: bayes: DB journal sync: last sync: 1201217727 > > Yep. If nothing is created there (and do remember that bayes_path isn't supposed to be a directory only, it is the absolute path to a directory _and the "starting fragment" of the filename the files are supposed to have_), it likely means you have a permission problem solve:-). The dubug lint that Scott suggests will show this nicely;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Fri Jan 25 11:34:23 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Jan 25 11:34:32 2008 Subject: Problem with HTML disarm In-Reply-To: <4772CC13.7080304@ecs.soton.ac.uk> References: <625385e30712210220s713d2dc1rc7b5ec72d39ea7a3@mail.gmail.com> <476BF5C0.4040102@vanderkooij.org> <476C413F.101@ecs.soton.ac.uk> <4772CC13.7080304@ecs.soton.ac.uk> Message-ID: <625385e30801250334u3b5f250fj98b3329a7de4b9ad@mail.gmail.com> On Dec 26, 2007 10:48 PM, Julian Field wrote: > > 3) Comment out scripts in HTML emails, and some other HTML email. > Currently the entire text of the script should be removed, not just > commented out. Is this not working? With your example, I get the HTML > without the tags, personally. Seems to do what most people want. > but on the other hand no one else seems to have been hit > with it which is strange. If I knew Perl better I would look into it > myself but I'm next to useless at it I'm afraid. :-( > Yes, I've never had any complaints from anyone about it causing any problems. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHmhvsEfZZRxQVtlQRAuykAJsESdFBeavvb349EahOWcpTvbER3wCfXB71 wfPBRJ8+xo83Xt09mS5va5c= =G6pe -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 25 17:29:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 25 17:29:52 2008 Subject: Any Way to filter backscatter? In-Reply-To: <7DBE11F0-C449-4D19-B405-D61D834593D1@nkpanama.com> References: <4799F534.5060800@haigmail.com> <7DBE11F0-C449-4D19-B405-D61D834593D1@nkpanama.com> Message-ID: <479A1C6F.8010805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: > Implement milter-null and/or MailScanner's built-in functionality. The > milter-null solution works with sendmail (don't know about your > particular setup) and blocks at the MTA level (which saves you some > resources), Milter-null works very well, and should work with recent Postfixes too, as they have support for sendmail's milters. Definitely the lightest-weight solution. > the built-in MailScanner function does the same at the expense of > having to receive the message first. which can be quite expensive if you have a lot of them coming in. Personally I use the MailScanner function (well I would, wouldn't I? :-) but I used to get perfectly good results from using milter-null. It worked a treat. > > On Jan 25, 2008, at 9:41 AM, Lance Haig wrote: > >> One of my users has a problem where he has been made the from address in >> a spam campaign. >> >> he is now getting loads of could not deliver messages. is there way to >> filter these out? >> >> Thanks guys >> >> Lance >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHmhxvEfZZRxQVtlQRAhTcAJ47TxW97JUVb7kBMWC78R+JgSKsSACgi7wp 0MoxezlPDtb6dyNMZ3Q5S5c= =mIkC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at lubik.ca Fri Jan 25 20:29:47 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Jan 25 20:30:29 2008 Subject: use bytes bug in SA In-Reply-To: <47991369.6010004@fsl.com> References: <47990A2D.2070500@ecs.soton.ac.uk> <47991369.6010004@fsl.com> Message-ID: Steve Freegard wrote: > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Does this only affect Solaris? > > Nope. > >> Or has anyone produced the same behaviour on Linux, being the >> "platform of choice" for many people? > > Yes - in Ugo's case this behavior was on Linux (CentOS 3 and CentOS 4). Mostly CentOS 3 showed very big performance hit. >> Ugo Bellavance wrote: >>> Anyone got hit by this? >>> >>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5590 >>> >>> Everytime I upgrade SA, I must add 'use bytes' in SpamAssassin's >>> Message.pm to get decent scan time. The speed penality is considerable. > > I'd guess it could be related to: > > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5440 > > Which indicates that the issue was a Perl bug in the regexp handling > which was fixed in Perl 5.8.8. I wonder why redhat didn't backport the fix... From lhaig at haigmail.com Fri Jan 25 22:58:24 2008 From: lhaig at haigmail.com (Lance Haig) Date: Fri Jan 25 22:58:34 2008 Subject: Any Way to filter backscatter? In-Reply-To: <479A1C6F.8010805@ecs.soton.ac.uk> References: <4799F534.5060800@haigmail.com> <7DBE11F0-C449-4D19-B405-D61D834593D1@nkpanama.com> <479A1C6F.8010805@ecs.soton.ac.uk> Message-ID: <479A6990.3060303@haigmail.com> Just found out I am running a very old version of ms 4.59.4 I might just need to upgrade Lance Julian Field wrote: > > > Alex Neuman wrote: >> Implement milter-null and/or MailScanner's built-in functionality. The >> milter-null solution works with sendmail (don't know about your >> particular setup) and blocks at the MTA level (which saves you some >> resources), > Milter-null works very well, and should work with recent Postfixes too, > as they have support for sendmail's milters. Definitely the > lightest-weight solution. >> the built-in MailScanner function does the same at the expense of >> having to receive the message first. > which can be quite expensive if you have a lot of them coming in. > Personally I use the MailScanner function (well I would, wouldn't I? :-) > but I used to get perfectly good results from using milter-null. It > worked a treat. > >> On Jan 25, 2008, at 9:41 AM, Lance Haig wrote: > >>> One of my users has a problem where he has been made the from address in >>> a spam campaign. >>> >>> he is now getting loads of could not deliver messages. is there way to >>> filter these out? >>> >>> Thanks guys >>> >>> Lance >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! > > Jules > From ajos1 at onion.demon.co.uk Sat Jan 26 00:49:20 2008 From: ajos1 at onion.demon.co.uk (ajos1 at onion) Date: Sat Jan 26 00:49:31 2008 Subject: SA 3.2.4 lint output oddity Message-ID: - Paul you are a star! Thanks so much... I was worrying that I had got something wrong. That all makes perfect sense and the "MailScanner Waiting For Messages" line does show up with a w. The reason why it was waiting and waiting... because I was using it on a test machine which was not getting messages to play with! It might be useful for the Debug output to have a one line message that says: ***************** dbg : Waiting for an incoming message to scan... ***************** -----Original Message----- From: paul_blacknight Subj: Re: SA 3.2.4 lint output oddity Date: Wed, 23 Jan 2008 23:59:00 +0000 When you run MailScanner in debug mode, it waits for Mail to come into the inbound queue. It'll then process a batch of messages. When it's waiting on the long wait server, what does a "w" show you on an alternative console login? Something siumilar to the following should appear. root pts/1 trinity.dahomela 23:57 8.00s 4.18s 4.17s MailScanner: waiting for messages It waits for messages to come in, don't forget that it has to fight with the running MS aswell for messages, so for proper debugging do service MailScanner stop ; service MailScanner startin and do the debug. Paul From hvdkooij at vanderkooij.org Sat Jan 26 10:44:12 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Jan 26 10:44:53 2008 Subject: OT: Corporate antivirus In-Reply-To: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> References: <1201105694.8402.53.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <479B0EFC.5040204@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gareth wrote: | We have been using Trend for the last few years but the latest version | we upgraded to a year ago has really gone downhill. We had to upgrade | the XP machines from 256MB to 512MB just so that the machine did not | take over 5 minutes to boot (no exaggeration). I think you will find that Trend has a relative small memory footprint. But there are common mistakes people make in setting up Trend in domains that will make machines start up rather slow. Please consult their knowledgebase for a few of them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHmw76BvzDRVjxmYERAhc6AKCaORadXcC7NCez3UgrsY7BXo/xdgCguLP2 OBjI9Uz2hZ0TH3tuCdrzZ+I= =iHYT -----END PGP SIGNATURE----- From uxbod at splatnix.net Sat Jan 26 11:16:14 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Jan 26 11:16:42 2008 Subject: OT: Corporate antivirus In-Reply-To: <479B0EFC.5040204@vanderkooij.org> Message-ID: <29828794.17911201346174300.JavaMail.root@office.splatnix.net> ----- "Hugo van der Kooij" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gareth wrote: | We have been using Trend for the last few years but the latest version | we upgraded to a year ago has really gone downhill. We had to upgrade | the XP machines from 256MB to 512MB just so that the machine did not | take over 5 minutes to boot (no exaggeration). I think you will find that Trend has a relative small memory footprint. But there are common mistakes people make in setting up Trend in domains that will make machines start up rather slow. Please consult their knowledgebase for a few of them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHmw76BvzDRVjxmYERAhc6AKCaORadXcC7NCez3UgrsY7BXo/xdgCguLP2 OBjI9Uz2hZ0TH3tuCdrzZ+I= =iHYT -----END PGP SIGNATURE----- Hugo, I am surprised by that. Our company has just been taken over and the new company uses Trend. We have just rolled it out to 800 machines and it does indeed run like the proverbial dog. It sucks up memory, the patches/definitions are huge and on small WAN links completely saturate the bandwidth. Not to mention its very very poor detection rate. We did a test on a standalone machine, and out of 20 different viruses in managed to catch 1! We imaged the machine again and did the same with NOD32 and it caught the lot. Plus the latest version does not play well at all with Citrix servers! Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Sat Jan 26 19:55:47 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Jan 26 19:56:01 2008 Subject: use bytes bug in SA In-Reply-To: References: <47990A2D.2070500@ecs.soton.ac.uk> <47991369.6010004@fsl.com> Message-ID: on 1/25/2008 12:29 PM Ugo Bellavance spake the following: > Steve Freegard wrote: >> Julian Field wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Does this only affect Solaris? >> >> Nope. >> >>> Or has anyone produced the same behaviour on Linux, being the >>> "platform of choice" for many people? >> >> Yes - in Ugo's case this behavior was on Linux (CentOS 3 and CentOS 4). > > Mostly CentOS 3 showed very big performance hit. > >>> Ugo Bellavance wrote: >>>> Anyone got hit by this? >>>> >>>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5590 >>>> >>>> Everytime I upgrade SA, I must add 'use bytes' in SpamAssassin's >>>> Message.pm to get decent scan time. The speed penality is >>>> considerable. >> >> I'd guess it could be related to: >> >> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5440 >> >> Which indicates that the issue was a Perl bug in the regexp handling >> which was fixed in Perl 5.8.8. > > I wonder why redhat didn't backport the fix... > As to RHEL3, the fix might have come after it was in security fix only maintenance. Since it was only a performance issue and not a security bug, they won't add it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080126/50c17901/signature.bin From ssilva at sgvwater.com Sat Jan 26 19:57:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Jan 26 20:00:15 2008 Subject: Any Way to filter backscatter? In-Reply-To: <479A6990.3060303@haigmail.com> References: <4799F534.5060800@haigmail.com> <7DBE11F0-C449-4D19-B405-D61D834593D1@nkpanama.com> <479A1C6F.8010805@ecs.soton.ac.uk> <479A6990.3060303@haigmail.com> Message-ID: on 1/25/2008 2:58 PM Lance Haig spake the following: > Just found out I am running a very old version of ms 4.59.4 > > I might just need to upgrade > > Lance Especially if you want to use newer versions of postfix. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080126/e17531ad/signature.bin From no_html.max50kb at nurfuerspam.de Sat Jan 26 19:36:38 2008 From: no_html.max50kb at nurfuerspam.de (Matthias Taube) Date: Sat Jan 26 20:30:12 2008 Subject: own script in Mailscanner Message-ID: Hi, I would like to include an own (Perl) Filterfile to Mailscanner, which checks and if true changes (disarms) the email. Is there a howto or hints? mfg Matthias From kyleaschmitt at gmail.com Sat Jan 26 20:58:31 2008 From: kyleaschmitt at gmail.com (Kyle Schmitt) Date: Sat Jan 26 20:58:41 2008 Subject: How do you know if Spam Assassin is using bayes? In-Reply-To: <223f97700801250057h108f5e33ia292cb6e8c2aa96e@mail.gmail.com> References: <2b548b8b0801241527r3360594eu19e494d69fda9af0@mail.gmail.com> <223f97700801250057h108f5e33ia292cb6e8c2aa96e@mail.gmail.com> Message-ID: <2b548b8b0801261258t332b0926g390474a67166ffd3@mail.gmail.com> OK. It's all working now! For some reason perl was missing it's DBFile library. Installed that, changed some permissions and then it was all happy. The impressive thing is, it was doing a pretty good job of blocking spam _before_ the bayes filter was on. I'll have to see what the improvement is now that it's going too. Thanks --Kyle On Jan 25, 2008 2:57 AM, Glenn Steen wrote: > On 25/01/2008, Scott Silva wrote: > > on 1/24/2008 3:27 PM Kyle Schmitt spake the following: > > > It sounds like a silly question, but how do you know if SA is using > > > the bayes filter? > > > After reviewing and editing the config files, I don't see anything > > > being created in the directory that the bayes db is supposed to be in. > > > How do you really check? > > > > > > Thanks, > > > Kyle > > You can always run "spamassassin -D --lint and look for the lines with "dbg: > > bayes" in them like this; > > > > [14537] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks > > [14537] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen > > [14537] dbg: bayes: found bayes db version 3 > > [14537] dbg: bayes: DB journal sync: last sync: 1201217727 > > > > > Yep. If nothing is created there (and do remember that bayes_path > isn't supposed to be a directory only, it is the absolute path to a > directory _and the "starting fragment" of the filename the files are > supposed to have_), it likely means you have a permission problem > solve:-). The dubug lint that Scott suggests will show this nicely;-). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From dyioulos at firstbhph.com Sat Jan 26 21:01:16 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Sat Jan 26 21:01:36 2008 Subject: OT: Corporate antivirus In-Reply-To: <29828794.17911201346174300.JavaMail.root@office.splatnix.net> References: <479B0EFC.5040204@vanderkooij.org> <29828794.17911201346174300.JavaMail.root@office.splatnix.net> Message-ID: <20080126205549.M48111@firstbhph.com> On Sat, 26 Jan 2008 11:16:14 +0000 (GMT), --[ UxBoD ]-- wrote > ----- "Hugo van der Kooij" wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gareth wrote: > | We have been using Trend for the last few years but the latest version > | we upgraded to a year ago has really gone downhill. We had to upgrade > | the XP machines from 256MB to 512MB just so that the machine did not > | take over 5 minutes to boot (no exaggeration). > > I think you will find that Trend has a relative small memory footprint. > But there are common mistakes people make in setting up Trend in domains > that will make machines start up rather slow. Please consult their > knowledgebase for a few of them. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFHmw76BvzDRVjxmYERAhc6AKCaORadXcC7NCez3UgrsY7BXo/xdgCguLP2 > OBjI9Uz2hZ0TH3tuCdrzZ+I= > =iHYT > -----END PGP SIGNATURE----- > > Hugo, > > I am surprised by that. Our company has just been taken over and the new > company uses Trend. We have just rolled it out to 800 machines and it does > indeed run like the proverbial dog. It sucks up memory, the > patches/definitions are huge and on small WAN links completely saturate the > bandwidth. Not to mention its very very poor detection rate. We did a test > on a standalone machine, and out of 20 different viruses in managed to catch > 1! We imaged the machine again and did the same with NOD32 and it caught the > lot. Plus the latest version does not play well at all with Citrix servers! > > Regards, > > -- > --[ UxBoD ]-- > // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" > // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 > // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 > // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net > Sorry for not responding to the original post. We use Central Command's Vexira here. Overall, the results have been quite good. It's supported on a great many OS's, is simple to install, relatively easy to configure, relatively light-weight, and does a very good job of protecting. The company is willing to negotiate on pricing. The 30-day evaluation may be worth your try. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at openenterprise.ca Sat Jan 26 21:15:25 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Sat Jan 26 21:15:46 2008 Subject: Emptying inbound que? Message-ID: <479BA2ED.1070301@openenterprise.ca> recently I had a missconfiguration on mailscanner and so a bunch of mail got stuck in the incoming que (listed in MailWatch). Everything is back up and running correctly but I still see 60 messages in this inbound que? How can I release/remove these messages? Thanks :) From dyioulos at firstbhph.com Sat Jan 26 21:45:18 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Sat Jan 26 21:45:38 2008 Subject: Emptying inbound que? In-Reply-To: <479BA2ED.1070301@openenterprise.ca> References: <479BA2ED.1070301@openenterprise.ca> Message-ID: <20080126214213.M61182@firstbhph.com> On Sat, 26 Jan 2008 13:15:25 -0800, Johnny Stork wrote > recently I had a missconfiguration on mailscanner and so a bunch of mail > got stuck in the incoming que (listed in MailWatch). Everything is back > up and running correctly but I still see 60 messages in this inbound > que? How can I release/remove these messages? > > Thanks :) > -- I had to do that once, in the way back, and i think I whacked the offenders in /var/spool/MailScanner/incoming. At least, take a look there. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Sat Jan 26 22:23:42 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Sat Jan 26 22:24:02 2008 Subject: OT: Corporate antivirus In-Reply-To: <479B0EFC.5040204@vanderkooij.org> Message-ID: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info]On Behalf Of Hugo van > der Kooij > Gareth wrote: > | We have been using Trend for the last few years but the latest version > | we upgraded to a year ago has really gone downhill. We had to upgrade > | the XP machines from 256MB to 512MB just so that the machine did not > | take over 5 minutes to boot (no exaggeration). > > I think you will find that Trend has a relative small memory footprint. > But there are common mistakes people make in setting up Trend in domains > that will make machines start up rather slow. Please consult their > knowledgebase for a few of them. We were running the previous version and that was fine. Machines started up ok. The scanner did slow machines down slightly but it was acceptible. We upgraded and had terrible problems. Reported to trend who acknowledged the problem and gave us instructions on manually downsrading the scanning engine and disabling updates with limited difference. A memory upgrade helped in the startup times so at least it loaded properly. Before it would slow down the computer so much a lot of the time it failed to even start properly (red icon) which is no good for a virus scanner. After the memory upgrade it started up quicker but was still very slow opening files and running programs and that was even on my machine which has 1GB of memory. I am currently running a 30 day eval of NOD32 business edition. Its not very easy to get started with as the admin console has no step by step guide on what you have to do to get everything working but you do get to speak directly to eset technical support who are very helpfullso I dont consider this a big fault. NOD32 is so much faster than trend. Honestly a general users machine is more responsive to use while NOD32 is performing a full computer scan than while Trend is installed and NOT performing a full scan. From ssilva at sgvwater.com Sat Jan 26 23:50:35 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Jan 26 23:50:52 2008 Subject: How do you know if Spam Assassin is using bayes? In-Reply-To: <2b548b8b0801261258t332b0926g390474a67166ffd3@mail.gmail.com> References: <2b548b8b0801241527r3360594eu19e494d69fda9af0@mail.gmail.com> <223f97700801250057h108f5e33ia292cb6e8c2aa96e@mail.gmail.com> <2b548b8b0801261258t332b0926g390474a67166ffd3@mail.gmail.com> Message-ID: on 1/26/2008 12:58 PM Kyle Schmitt spake the following: > OK. It's all working now! > > For some reason perl was missing it's DBFile library. Installed that, > changed some permissions and then it was all happy. > > The impressive thing is, it was doing a pretty good job of blocking > spam _before_ the bayes filter was on. I'll have to see what the > improvement is now that it's going too. > > Thanks > --Kyle A good set of rules can be surprisingly efficient. But bayes will help with the borderline stuff. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080126/19254e1d/signature.bin From steve at fsl.com Sun Jan 27 00:14:16 2008 From: steve at fsl.com (Stephen Swaney) Date: Sun Jan 27 00:14:27 2008 Subject: own script in Mailscanner In-Reply-To: References: Message-ID: <479BCCD8.10904@fsl.com> Matthias Taube wrote: > Hi, > > I would like to include an own (Perl) Filterfile to Mailscanner, which > checks and if true changes (disarms) the email. > > Is there a howto or hints? > > mfg > Matthias > Matthias, You might be able to do this using MailScanner's ability to add a custom "Virus Scanner". Check the list archives for how to do this or Maybe someone else can remember how :) Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From alex at nkpanama.com Sun Jan 27 01:32:13 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sun Jan 27 01:32:48 2008 Subject: Any Way to filter backscatter? In-Reply-To: References: <4799F534.5060800@haigmail.com> <7DBE11F0-C449-4D19-B405-D61D834593D1@nkpanama.com> <479A1C6F.8010805@ecs.soton.ac.uk> <479A6990.3060303@haigmail.com> Message-ID: <6CF7121B-82AC-49DE-892D-4548C4183F48@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: Any Way to filter backscatter? is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. Date: 20080126 pts rule name description ---- ---------------------- -------------------------------------------------- 1.5 RCVD_IN_UCE_PFSM_3 RBL: Received via a relay in UCE_PFSM_3 [201.226.247.98 listed in dnsbl-3.uceprotect.net] 1.5 RCVD_IN_UCE_PFSM_2 RBL: Received via a relay in UCE_PFSM_2 [201.226.247.98 listed in dnsbl-2.uceprotect.net] 0.0 BOTNET_NORDNS IP address has no PTR record 0.7 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?id=alex%40nkpanama.com&ip=201.226.247.98&receiver=nkserver.nkpanama.com] -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20% [score: 0.0757] 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 2.0 BOTNET Any Botnet rule hit -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman Subject: Re: Any Way to filter backscatter? Date: Sat, 26 Jan 2008 20:32:13 -0500 Size: 1374 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080126/50b9bd38/attachment.mht From uxbod at splatnix.net Sun Jan 27 09:36:10 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sun Jan 27 09:36:32 2008 Subject: own script in Mailscanner In-Reply-To: <479BCCD8.10904@fsl.com> Message-ID: <15689009.18001201426570936.JavaMail.root@office.splatnix.net> Or if it is sufficient to perform a action whether it is spam/or high scoring spam then you could just add a custom action. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sun Jan 27 11:17:46 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jan 27 11:17:57 2008 Subject: Any Way to filter backscatter? In-Reply-To: <6CF7121B-82AC-49DE-892D-4548C4183F48@nkpanama.com> References: <4799F534.5060800@haigmail.com> <7DBE11F0-C449-4D19-B405-D61D834593D1@nkpanama.com> <479A1C6F.8010805@ecs.soton.ac.uk> <479A6990.3060303@haigmail.com> <6CF7121B-82AC-49DE-892D-4548C4183F48@nkpanama.com> Message-ID: <223f97700801270317j655e1fe0uae606cef4940e861@mail.gmail.com> (Intentionally top-posting....) Alex.... The SWAP joke! Again! Aaarghhh.... And you forgot to W/L the list.... Aaaaarrrgggghhhh....:-D You've gotta stop facebooking and get back to admin!:-):-):-) Cheers -- Glenn On 27/01/2008, Alex Neuman wrote: > Our MailScanner believes that the attachment to this message sent to you > > From: alex@nkpanama.com > Subject: Re: Any Way to filter backscatter? > > is Unsolicited Commercial Email (spam). Unless you are sure that this message > is incorrectly thought to be spam, please delete this message without opening > it. Opening spam messages might allow the spammer to verify your email > address. > > If you believe that this message has been incorrectly marked as spam, please > forward this email to postmaster. > > Date: 20080126 > pts rule name description > ---- ---------------------- -------------------------------------------------- > 1.5 RCVD_IN_UCE_PFSM_3 RBL: Received via a relay in UCE_PFSM_3 > [201.226.247.98 listed in dnsbl-3.uceprotect.net] > 1.5 RCVD_IN_UCE_PFSM_2 RBL: Received via a relay in UCE_PFSM_2 > [201.226.247.98 listed in dnsbl-2.uceprotect.net] > 0.0 BOTNET_NORDNS IP address has no PTR record > 0.7 SPF_FAIL SPF: sender does not match SPF record (fail) > [SPF failed: Please see http://www.openspf.org/Why?id=alex%40nkpanama.com&ip=201.226.247.98&receiver=nkserver.nkpanama.com] > -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20% > [score: 0.0757] > 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS > 2.0 BOTNET Any Botnet rule hit > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From no_html.max50kb at nurfuerspam.de Sun Jan 27 14:53:30 2008 From: no_html.max50kb at nurfuerspam.de (Matthias Taube) Date: Sun Jan 27 14:53:38 2008 Subject: own script in Mailscanner In-Reply-To: <479BCCD8.10904@fsl.com> References: <479BCCD8.10904@fsl.com> Message-ID: <0giu65-974.ln1@news5.news.arcor.de> Stephen Swaney schrieb: > You might be able to do this using MailScanner's ability to add a custom > "Virus Scanner". Check the list archives for how to do this or Maybe Thanks. I try it with the "generic-wrapper" script. mfg Matthias From MailScanner at ecs.soton.ac.uk Sun Jan 27 18:26:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 27 18:26:29 2008 Subject: own script in Mailscanner In-Reply-To: References: Message-ID: <479CCCBF.4090803@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And are you checking the message body or the attachments? Could SpamAssassin be used to check the message? (if it can, it may affect how you best implement your changes to the message) In what way are you trying to change the email? Are you changing the attachments or the message body? Matthias Taube wrote: > Hi, > > I would like to include an own (Perl) Filterfile to Mailscanner, which > checks and if true changes (disarms) the email. > > Is there a howto or hints? > > mfg > Matthias > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHnMzBEfZZRxQVtlQRAhKPAKDEWSdqOxTXwweidk7fFgsEpm4EGwCgim/G Vp/rGXS5odOhb1dC/aaxP78= =R005 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Jan 27 19:06:04 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 27 19:06:34 2008 Subject: SA 3.2.4 lint output oddity In-Reply-To: References: Message-ID: <479CD61C.1080801@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have added something similar to the debug output you wanted. It tells you when it is waiting for a batch, and how many messages there are in the batch once it's got it. It will be in the next release. There is quite a delay before the "building a batch" message, as all the SpamAssassin initialisation is done just before that. So expect a few seconds between running "MailScanner --debug" and getting the "building a batch" message. I'm thinking about writing support for a "--queue-only" command-line switch, which would have the same effect as "Delivery Method = queue" in MailScanner.conf. I thought some people might find that useful when diagnosing problems as otherwise the processed messages get delivered immediately so you don't get a chance to look at them first. It would only take effect when used with "--debug". It would save me editing the MailScanner.conf file before starting to diagnose any problems, and when developing new features. Would other people find this switch useful too? Jules. ajos1 at onion wrote: > - > > Paul you are a star! Thanks so much... I was worrying that I had got something wrong. > > That all makes perfect sense and the "MailScanner Waiting For Messages" line does show up with a w. > > The reason why it was waiting and waiting... because I was using it on a test machine which was not getting messages to play with! > > It might be useful for the Debug output to have a one line message that says: > > ***************** > dbg : Waiting for an incoming message to scan... > ***************** > > -----Original Message----- > From: paul_blacknight > Subj: Re: SA 3.2.4 lint output oddity > Date: Wed, 23 Jan 2008 23:59:00 +0000 > > When you run MailScanner in debug mode, it waits for Mail to come into > the inbound queue. It'll then process a batch of messages. When it's > waiting on the long wait server, what does a "w" show you on an > alternative console login? > > Something siumilar to the following should appear. > > root pts/1 trinity.dahomela 23:57 8.00s 4.18s 4.17s > MailScanner: waiting for messages > > It waits for messages to come in, don't forget that it has to fight with > the running MS aswell for messages, so for proper debugging do service > MailScanner stop ; service MailScanner startin > > and do the debug. > > Paul > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHnNYkEfZZRxQVtlQRAqJ4AJ9giulBkDmHGnpVkd+8P+qLCsVFBQCaAyvz dySugBkwr7KUizyvBRle98Y= =cD8v -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Jan 27 19:11:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 27 19:11:41 2008 Subject: How do you know if Spam Assassin is using bayes? In-Reply-To: References: <2b548b8b0801241527r3360594eu19e494d69fda9af0@mail.gmail.com> <223f97700801250057h108f5e33ia292cb6e8c2aa96e@mail.gmail.com> <2b548b8b0801261258t332b0926g390474a67166ffd3@mail.gmail.com> Message-ID: <479CD756.4090902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 1/26/2008 12:58 PM Kyle Schmitt spake the following: >> OK. It's all working now! >> >> For some reason perl was missing it's DBFile library. Installed that, >> changed some permissions and then it was all happy. >> >> The impressive thing is, it was doing a pretty good job of blocking >> spam _before_ the bayes filter was on. I'll have to see what the >> improvement is now that it's going too. >> >> Thanks >> --Kyle > A good set of rules can be surprisingly efficient. But bayes will help > with the borderline stuff. > If you want a reference set of good rules to use, search the list archives for a "howto" published by me last July (I think it had "howto" in the Subject: line of the posting. I have run the same set of rules (with all the auto-updates of course) since then, and it's been working very nicely. I have added a few custom rules after last July, but nothing major. It's been very stable for 6 months, requiring no maintenance at all. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHnNdYEfZZRxQVtlQRAvnaAJ0Yv6uRGn8zn3t67lZM1GAUYAK/lQCfbhGj CAHuf9k8phcLeO25Q2/VHuI= =n3tu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From no_html.max50kb at nurfuerspam.de Sun Jan 27 20:57:30 2008 From: no_html.max50kb at nurfuerspam.de (Matthias Taube) Date: Sun Jan 27 21:08:47 2008 Subject: own script in Mailscanner In-Reply-To: <479CCCBF.4090803@ecs.soton.ac.uk> References: <479CCCBF.4090803@ecs.soton.ac.uk> Message-ID: Julian Field schrieb: > And are you checking the message body or the attachments? > Could SpamAssassin be used to check the message? (if it can, it may > affect how you best implement your changes to the message) To be concrete: I have the Problem that incorrect Headerlines (Date: and Subject:) in some cases break the mail-System. I wrote a perl-script to fix this headers to the RFC-Specs. and to insert the original in the Message Body (just for Information). I am now searching for the best place to put this script in the chain. I tried the generic-wrapper of Mailscanner, but there I cant change the Header of the Mail. mfg Matthias From gordon at itnt.co.za Sun Jan 27 21:51:43 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Sun Jan 27 21:52:04 2008 Subject: Spam slipping thru.... Message-ID: <002101c8612e$d245f890$1403420a@gordon> ITNT BannerIn the last week I have spam from hotmail and yahoo slipping thru. When I run the test manually it should be blocked results below; How do i get all the test to run in MailScanner? ##Manual test Content analysis details: (10.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) [URIs: seeanserjoovoice.com] 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: seeanserjoovoice.com] 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: seeanserjoovoice.com] 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5007] 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 69] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 69] ##MailScanner Test SpamCheck: not spam, SpamAssassin (not cached, score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, URIBL_SBL 1.50) Thanks Gordon Colyn Office : 086 123 ITNT (4868) Cell : 083 296 7534 Fax : 086 520 0885 InTheNet Technologies www.itnt.co.za MSN:gordoncolyn@hotmail.com SKYPE:gordoncolyn From MailScanner at ecs.soton.ac.uk Sun Jan 27 22:18:34 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 27 22:18:57 2008 Subject: Spam slipping thru.... In-Reply-To: <002101c8612e$d245f890$1403420a@gordon> References: <002101c8612e$d245f890$1403420a@gordon> Message-ID: <479D033A.7000704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The key is in the "SpamCheck:" header you posted at the bottom. It says "score=6.544, required 8". You need to drop the SpamAssassin Required Score setting in MailScanner.conf, most people use 6 or 7 instead of 8. Then "service MailScanner reload" to make it load the new configuration update. Jules. Gordon Colyn wrote: > ITNT BannerIn the last week I have spam from hotmail and yahoo slipping > thru. When I run the test manually it should be blocked results below; > > How do i get all the test to run in MailScanner? > > ##Manual test > > Content analysis details: (10.0 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > ] > 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) > [URIs: seeanserjoovoice.com] > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > [URIs: seeanserjoovoice.com] > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > [URIs: seeanserjoovoice.com] > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.5007] > 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > above 50% > [cf: 69] > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > [cf: 69] > > ##MailScanner Test > > SpamCheck: not spam, SpamAssassin (not cached, > score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, > URIBL_SBL 1.50) > > > Thanks > > Gordon Colyn > Office : 086 123 ITNT (4868) > Cell : 083 296 7534 > Fax : 086 520 0885 > InTheNet Technologies > www.itnt.co.za > MSN:gordoncolyn@hotmail.com > SKYPE:gordoncolyn > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: windows-1252 wj8DBQFHnQM8EfZZRxQVtlQRApftAKD95ozrSBvpkVhz5HTLahqi0l/eMACfeWEi UUsQ/mp2UwxIzETFXTDxpwM= =lJv0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sun Jan 27 23:32:03 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Jan 27 23:32:16 2008 Subject: Spam slipping thru.... In-Reply-To: <002101c8612e$d245f890$1403420a@gordon> References: <002101c8612e$d245f890$1403420a@gordon> Message-ID: <223f97700801271532x75d51e57qf32971e1e3067175@mail.gmail.com> On 27/01/2008, Gordon Colyn wrote: > ITNT BannerIn the last week I have spam from hotmail and yahoo slipping > thru. When I run the test manually it should be blocked results below; > > How do i get all the test to run in MailScanner? > > ##Manual test > > Content analysis details: (10.0 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > ] > 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) > [URIs: seeanserjoovoice.com] > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > [URIs: seeanserjoovoice.com] > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist > [URIs: seeanserjoovoice.com] > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.5007] > 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > above 50% > [cf: 69] > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > [cf: 69] > > ##MailScanner Test > > SpamCheck: not spam, SpamAssassin (not cached, > score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, > URIBL_SBL 1.50) > > > Thanks > You seem to have different settings for different users here.... else you'd trigger Razor in the MS case too. Are you perhaps running Postfix? What version of MailScanner? Where have you enabled Razor? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From telecaadmin at gmail.com Mon Jan 28 10:49:24 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Jan 28 10:50:19 2008 Subject: backscatter by DSN: Service unavailable In-Reply-To: <223f97700801240559g1b0396c9rc94636e162c962e0@mail.gmail.com> References: <223f97700801240559g1b0396c9rc94636e162c962e0@mail.gmail.com> Message-ID: <479DB334.7090804@gmail.com> >> our primary mailserver tags the spam and relays mail to other mailservers. >> Those sometimes have a different view of accepting messages >> and frequently reject spam mail >> (different view of DNS, different RFC inforcement). The primary server >> backscatters the tagged spam to falsified sender addresses. > > > Do you already do recipient verification (call ahead type of thing)? > Might solve a few of your problems:-). Actually, when thinking more about the problem -- your problem is kinda hard. SMTP is a store and forward system, and once anybody in your whole routing domain has accepted a mail, he's stuck with it. The cleanest solution would be to talk with those subdomain admins and try to improve your frontend up to a level they will gladly accept. The quickest solution is to try and reduce the bounces by doing some kind of milter-ahead solution; this will maybe reduce the backscatter by around 50% (rule of experience) but cannot completely eliminate it. Are you familiar with that kind of setup? If not, tell us what SMTPd you're using and we can point you into a direction. You also can reduce the time mail is kept in your queues in case a server goes down, that will expire those backscatter more quickly. As for the watermarking - MailScanner can do that and you can have a "shared secret" so you can trust those watermarks. ATM I'm quite unsure how to use that in your setting, though, as those watermarks would have to contain some kind of commands, like "backscatter mail, delete it" or so. Cheers, Ronny From jplorier at montecarlotv.com.uy Mon Jan 28 11:05:05 2008 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Mon Jan 28 11:16:53 2008 Subject: OT: Web Mail Client In-Reply-To: <200801241202.m0OC0GFK018348@safir.blacknight.ie> Message-ID: Mike, We actually use Scalix as our corporate mail. It's a nice solution that can substitute Exchange very well. Of course, it won't do everything as nicely as exchange + outlook because you know Microsoft keeps many secrets to prevent others from working with their products. But in the other hand, you can do great things like having a lot of "basic" users (those that won't connect to Scalix via mapi) at no cost and just reserve the licenses to your corporate users, work with a main LDAP directory that can integrate all your samba, proxy, web, ftp, etc servers for central authentication and so on. Of course, one of the best things is the price, you really can set up a system with a fraction of the cost that exchange would cost. We have a mail gateway running mailscanner on sendmail that filters all the incoming mails and then redirects them to Scalix server. It works fine, and even can authenticate imap and pop users for road warriors using rimap against the Scalix server. The advantage of this set up is that you can split the servers for scanning and mail services in order to get two cheap servers instead of an expensive one and also give security. I use a NAT rule in the firewall to redirect all smpt traffic to the mailscanner server and then, all the possible attacks go against mailscanner that has no sensible data. In performance, if you have an spam attack or whatever takes mailscanner to use many resources, the users won't get affected because all their local mail and server attention keeps the same. Even outgoing mail is not affected, only the incoming. Don't hesitate trying it, you have a community version that runs just like the commercial but with limited "premium users" that are the mapi capable ones. Then you also have small business edition and enterprise edition that let you spread the services among multiple servers if you have a large facility like an ISP. I hope this can help From mkettler at evi-inc.com Mon Jan 28 18:22:32 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jan 28 18:22:54 2008 Subject: How to know if I'm blacklisted In-Reply-To: <223f97700801220127y54587a6k89b7a6597d94f52d@mail.gmail.com> References: <478E227F.1040201@evi-inc.com> <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> <478FDB4D.5060900@evi-inc.com> <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> <4790ED87.7030709@evi-inc.com> <223f97700801190052q4f494d37k11a2d972ef3339bf@mail.gmail.com> <4794CD30.2000906@evi-inc.com> <223f97700801220127y54587a6k89b7a6597d94f52d@mail.gmail.com> Message-ID: <479E1D68.50405@evi-inc.com> Glenn Steen wrote: > On 21/01/2008, Matt Kettler wrote: >> Glenn Steen wrote: >>> Yes. Exactly. One such invalidity is to use an email address syntax >>> (...@....), which an amazing amount of spam senders use that. >>> One can argue about what is deemed a valid domain name, from a >>> syntactical viewpoint.... For instance, a bare word (xxxxx) isn't >>> syntactically correct either. Fortunate that the RFCs are pretty clear >>> on that too:-) >> I see a lot of spam and viruses with the bare hostname, but haven't seen any >> with the @ sign.. maybe I'll have to look harder.. >> > I promised some figures, so here they are: > Yesterday I rejected 109 HELO/EHLO strings that contained an @. > Compare this to the 2687 rejects on a bare word HELO/EHLO, and it > doesn't seem much, agreed. But all simple things count;-). For follow-up, I found out why I'm not seeing any helo's with @'s in them. My sendmail rejects these by default, and doesn't even log a reject event. I have started using the bareword helo as a greylist criteria, which works pretty well. (I do selective greylisting, where only suspicious connections get greylisted. Since the effects of greylisting legitimate mail are only delays, I can be more aggressive than I can with blacklisting.) I implemented the helo filter back on the 24th. Since Sunday the 27th at 12am (roughly 36 hour period), I have the following message counts: 1818 were greylisted due to bareword hello 2681 were greylisted by domain or lack of reverse DNS. 535 were greylisted by IP address 1066 were greylisted due to being listed in various RBLs (these are too FP prone for blacklisting in my environment, but useful here) 6187 messages were greylisted (total, including odds and ends not listed above) 2850 messages were delivered without greylisting. 3 messages were delivered after being delayed that were not tagged as spam by SpamAssassin. (somewhat indicative of FP rate for the greylist, but might be a correct positive of the greylist, and a FN of spamassassin.) None of those 3 FPs were bareword helo's. (one was a FP of SORBS-DUL, and 2 were servers with generic ip-based reverse-dns) From glenn.steen at gmail.com Mon Jan 28 19:55:32 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jan 28 19:55:43 2008 Subject: How to know if I'm blacklisted In-Reply-To: <479E1D68.50405@evi-inc.com> References: <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> <478FDB4D.5060900@evi-inc.com> <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> <4790ED87.7030709@evi-inc.com> <223f97700801190052q4f494d37k11a2d972ef3339bf@mail.gmail.com> <4794CD30.2000906@evi-inc.com> <223f97700801220127y54587a6k89b7a6597d94f52d@mail.gmail.com> <479E1D68.50405@evi-inc.com> Message-ID: <223f97700801281155v7ff1005bna233a3b3a76c88d@mail.gmail.com> On 28/01/2008, Matt Kettler wrote: > Glenn Steen wrote: > > On 21/01/2008, Matt Kettler wrote: > >> Glenn Steen wrote: > >>> Yes. Exactly. One such invalidity is to use an email address syntax > >>> (...@....), which an amazing amount of spam senders use that. > >>> One can argue about what is deemed a valid domain name, from a > >>> syntactical viewpoint.... For instance, a bare word (xxxxx) isn't > >>> syntactically correct either. Fortunate that the RFCs are pretty clear > >>> on that too:-) > >> I see a lot of spam and viruses with the bare hostname, but haven't seen any > >> with the @ sign.. maybe I'll have to look harder.. > >> > > I promised some figures, so here they are: > > Yesterday I rejected 109 HELO/EHLO strings that contained an @. > > Compare this to the 2687 rejects on a bare word HELO/EHLO, and it > > doesn't seem much, agreed. But all simple things count;-). > > For follow-up, > > I found out why I'm not seeing any helo's with @'s in them. My sendmail rejects > these by default, and doesn't even log a reject event. > > I have started using the bareword helo as a greylist criteria, which works > pretty well. > > (I do selective greylisting, where only suspicious connections get greylisted. > Since the effects of greylisting legitimate mail are only delays, I can be more > aggressive than I can with blacklisting.) > > I implemented the helo filter back on the 24th. > > Since Sunday the 27th at 12am (roughly 36 hour period), I have the following > message counts: > > 1818 were greylisted due to bareword hello > 2681 were greylisted by domain or lack of reverse DNS. > 535 were greylisted by IP address > 1066 were greylisted due to being listed in various RBLs (these are too FP prone > for blacklisting in my environment, but useful here) > 6187 messages were greylisted (total, including odds and ends not listed above) > > 2850 messages were delivered without greylisting. > > 3 messages were delivered after being delayed that were not tagged as spam by > SpamAssassin. (somewhat indicative of FP rate for the greylist, but might be a > correct positive of the greylist, and a FN of spamassassin.) > > None of those 3 FPs were bareword helo's. (one was a FP of SORBS-DUL, and 2 were > servers with generic ip-based reverse-dns) > Ah. The thing I love best about things like this (especially when one can safely do rejects instead of slightly more costly things like a greylist) is the minimal effort MY systems have to spend on it:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From kyleaschmitt at gmail.com Mon Jan 28 20:35:07 2008 From: kyleaschmitt at gmail.com (Kyle Schmitt) Date: Mon Jan 28 20:35:19 2008 Subject: sa-learn (Slightly OT) Message-ID: <2b548b8b0801281235u14e44df5if8fb59e904c7970c@mail.gmail.com> This is slightly OT, since it's a spam assassin specific question. Still, I may have good luck here, so I'll post anyway. I've built up a small collection of spam that's slipped through my MailScanner, and was planning on using sa-learn to train up the bayes filter. The catch? We use outlook/exchange, and when I save the messages off as text, I don't get much of the header, but if I save it off as a message, it's in some weird outlook format. I tried using sa-learn with the weird outlook messages, and now I'm wondering, was that a good idea. Out of about 60 messages it claimed to learn 84 tokens. Should I have it un-learn those? Will the header anemic text versions be sufficient for learning? I'm going to assume now that spam assassin won't read in outlook message format. Thanks, Kyle From glenn.steen at gmail.com Mon Jan 28 21:28:17 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Jan 28 21:28:33 2008 Subject: sa-learn (Slightly OT) In-Reply-To: <2b548b8b0801281235u14e44df5if8fb59e904c7970c@mail.gmail.com> References: <2b548b8b0801281235u14e44df5if8fb59e904c7970c@mail.gmail.com> Message-ID: <223f97700801281328k591064fbsbba5636ac9b70811@mail.gmail.com> On 28/01/2008, Kyle Schmitt wrote: > This is slightly OT, since it's a spam assassin specific question. > > Still, I may have good luck here, so I'll post anyway. > > I've built up a small collection of spam that's slipped through my > MailScanner, and was planning on using sa-learn to train up the bayes > filter. > > The catch? We use outlook/exchange, and when I save the messages off > as text, I don't get much of the header, but if I save it off as a > message, it's in some weird outlook format. > > I tried using sa-learn with the weird outlook messages, and now I'm > wondering, was that a good idea. Out of about 60 messages it claimed > to learn 84 tokens. Should I have it un-learn those? Will the > header anemic text versions be sufficient for learning? I'm going to > assume now that spam assassin won't read in outlook message format. > > Thanks, > Kyle Enable IMAP service and use an IMAP enabled client (MUA... Not LookOut!). Does that make M-Sexchange "reassemble" the actual message (headers and all)? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mkettler at evi-inc.com Mon Jan 28 23:54:17 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Jan 28 23:54:39 2008 Subject: How to know if I'm blacklisted In-Reply-To: <223f97700801281155v7ff1005bna233a3b3a76c88d@mail.gmail.com> References: <223f97700801170226l4dd72eb2t46794370f35a86af@mail.gmail.com> <223f97700801170342r4309a4f5x5e25e0caaea5bbbf@mail.gmail.com> <478FDB4D.5060900@evi-inc.com> <223f97700801180035s191b9ec7y49f78a3338d2ffb7@mail.gmail.com> <4790ED87.7030709@evi-inc.com> <223f97700801190052q4f494d37k11a2d972ef3339bf@mail.gmail.com> <4794CD30.2000906@evi-inc.com> <223f97700801220127y54587a6k89b7a6597d94f52d@mail.gmail.com> <479E1D68.50405@evi-inc.com> <223f97700801281155v7ff1005bna233a3b3a76c88d@mail.gmail.com> Message-ID: <479E6B29.5040301@evi-inc.com> Glenn Steen wrote: > On 28/01/2008, Matt Kettler wrote: >> Glenn Steen wrote: >> >> 3 messages were delivered after being delayed that were not tagged as spam by >> SpamAssassin. (somewhat indicative of FP rate for the greylist, but might be a >> correct positive of the greylist, and a FN of spamassassin.) >> >> None of those 3 FPs were bareword helo's. (one was a FP of SORBS-DUL, and 2 were >> servers with generic ip-based reverse-dns) >> > Ah. The thing I love best about things like this (especially when one > can safely do rejects instead of slightly more costly things like a > greylist) is the minimal effort MY systems have to spend on it:-). Greylists are pretty cheap resource wise if you use them smartly. Sure, unlike rejects they have some resource usage, but it's a *whole* lot less than accepting the message, transferring a DATA phase, running it through SpamAssassin, and tagging/deleting it. So, I blacklist what I can, greylist what I can, and the rest gets to MailScanner and SA. You might want to consider them too, even if your blacklisting is more aggressive than mine, your greylisting can still be even more aggressive than that. I'm sure you've encountered at least one situation where some particular blacklist criteria was causing an unacceptable level of false positives. It's those kind of situations I look at and say "can I turn that into a greylist?" instead of "well, I guess I'll remove it". My whole greylist database for 300+ email accounts is 1.3mb, in tab-delimited text format. Sure, it's 44kb a user, but it's also only 44kb a user. From gordon at itnt.co.za Tue Jan 29 04:31:02 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Tue Jan 29 04:32:32 2008 Subject: Spam slipping thru.... References: <002101c8612e$d245f890$1403420a@gordon> <223f97700801271532x75d51e57qf32971e1e3067175@mail.gmail.com> Message-ID: <001401c8622f$ef52dff0$1403420a@gordon> I am running sendmail, with MailScanner 4.63.8. I have enable razor in v320.pre file. Gordon ----- Original Message ----- From: "Glenn Steen" To: "MailScanner discussion" Sent: Monday, January 28, 2008 1:32 AM Subject: Re: Spam slipping thru.... On 27/01/2008, Gordon Colyn wrote: > ITNT BannerIn the last week I have spam from hotmail and yahoo slipping > thru. When I run the test manually it should be blocked results below; > > How do i get all the test to run in MailScanner? > > ##Manual test > > Content analysis details: (10.0 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > ] > 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old > Bread) > [URIs: seeanserjoovoice.com] > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > blocklist > [URIs: seeanserjoovoice.com] > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > blocklist > [URIs: seeanserjoovoice.com] > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.5007] > 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > above 50% > [cf: 69] > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > [cf: 69] > > ##MailScanner Test > > SpamCheck: not spam, SpamAssassin (not cached, > score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, > URIBL_SBL 1.50) > > > Thanks > You seem to have different settings for different users here.... else you'd trigger Razor in the MS case too. Are you perhaps running Postfix? What version of MailScanner? Where have you enabled Razor? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Tue Jan 29 08:38:05 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jan 29 08:38:24 2008 Subject: sa-learn (Slightly OT) In-Reply-To: <223f97700801281328k591064fbsbba5636ac9b70811@mail.gmail.com> Message-ID: <95aae13fdcb4824d89e3cbcc2ef3c74d@solidstatelogic.com> Kyle There's plenty of imap perl sa-learn scripts knocking about so you can have a global ham and spam folder then run the perl script on the MailScanner box to grab the email in ham and spam. If you can't find one contact me off list and I'll drop you over mine. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Glenn Steen > Sent: 28 January 2008 21:28 > To: MailScanner discussion > Subject: Re: sa-learn (Slightly OT) > > On 28/01/2008, Kyle Schmitt wrote: > > This is slightly OT, since it's a spam assassin specific question. > > > > Still, I may have good luck here, so I'll post anyway. > > > > I've built up a small collection of spam that's slipped through my > > MailScanner, and was planning on using sa-learn to train up the bayes > > filter. > > > > The catch? We use outlook/exchange, and when I save the messages off > > as text, I don't get much of the header, but if I save it off as a > > message, it's in some weird outlook format. > > > > I tried using sa-learn with the weird outlook messages, and now I'm > > wondering, was that a good idea. Out of about 60 messages it claimed > > to learn 84 tokens. Should I have it un-learn those? Will the > > header anemic text versions be sufficient for learning? I'm going to > > assume now that spam assassin won't read in outlook message format. > > > > Thanks, > > Kyle > Enable IMAP service and use an IMAP enabled client (MUA... Not > LookOut!). Does that make M-Sexchange "reassemble" the actual message > (headers and all)? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Tue Jan 29 08:39:51 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jan 29 08:40:04 2008 Subject: Spam slipping thru.... In-Reply-To: <001401c8622f$ef52dff0$1403420a@gordon> Message-ID: <0f5189d4c13d5c40a6351d81f276551f@solidstatelogic.com> Sounds like your configuration isn't consistent for some reason. Does /etc/mail/spamassassin/mailscanner.cf point to spam.assassin.prefs.conf via a symbolic link? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gordon Colyn > Sent: 29 January 2008 04:31 > To: MailScanner discussion > Subject: Re: Spam slipping thru.... > > I am running sendmail, with MailScanner 4.63.8. > > I have enable razor in v320.pre file. > > Gordon > ----- Original Message ----- > From: "Glenn Steen" > To: "MailScanner discussion" > Sent: Monday, January 28, 2008 1:32 AM > Subject: Re: Spam slipping thru.... > > > On 27/01/2008, Gordon Colyn wrote: > > ITNT BannerIn the last week I have spam from hotmail and yahoo slipping > > thru. When I run the test manually it should be blocked results below; > > > > How do i get all the test to run in MailScanner? > > > > ##Manual test > > > > Content analysis details: (10.0 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- -------------------------------------------- > ------ > > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > > [Blocked - see > > ] > > 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old > > Bread) > > [URIs: seeanserjoovoice.com] > > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > > blocklist > > [URIs: seeanserjoovoice.com] > > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > > blocklist > > [URIs: seeanserjoovoice.com] > > 0.0 HTML_MESSAGE BODY: HTML included in message > > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > > [score: 0.5007] > > 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 > > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > > above 50% > > [cf: 69] > > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > > [cf: 69] > > > > ##MailScanner Test > > > > SpamCheck: not spam, SpamAssassin (not cached, > > score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, > > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, > > URIBL_SBL 1.50) > > > > > > Thanks > > > You seem to have different settings for different users here.... else > you'd trigger Razor in the MS case too. Are you perhaps running > Postfix? What version of MailScanner? Where have you enabled Razor? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From list-mailscanner at linguaphone.com Tue Jan 29 08:50:40 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Tue Jan 29 08:50:53 2008 Subject: Spam slipping thru.... In-Reply-To: <001401c8622f$ef52dff0$1403420a@gordon> References: <002101c8612e$d245f890$1403420a@gordon> <223f97700801271532x75d51e57qf32971e1e3067175@mail.gmail.com> <001401c8622f$ef52dff0$1403420a@gordon> Message-ID: <1201596639.24225.2.camel@gblades-suse.linguaphone-intranet.co.uk> Have a look at my site :- http://www.gbnetwork.co.uk/mailscanner/ There are lots of additional rules and plugins there that you can use listed there. On Tue, 2008-01-29 at 04:31, Gordon Colyn wrote: > I am running sendmail, with MailScanner 4.63.8. > > I have enable razor in v320.pre file. > > Gordon > ----- Original Message ----- > From: "Glenn Steen" > To: "MailScanner discussion" > Sent: Monday, January 28, 2008 1:32 AM > Subject: Re: Spam slipping thru.... > > > On 27/01/2008, Gordon Colyn wrote: > > ITNT BannerIn the last week I have spam from hotmail and yahoo slipping > > thru. When I run the test manually it should be blocked results below; > > > > How do i get all the test to run in MailScanner? > > > > ##Manual test > > > > Content analysis details: (10.0 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- -------------------------------------------------- > > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > > [Blocked - see > > ] > > 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old > > Bread) > > [URIs: seeanserjoovoice.com] > > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > > blocklist > > [URIs: seeanserjoovoice.com] > > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > > blocklist > > [URIs: seeanserjoovoice.com] > > 0.0 HTML_MESSAGE BODY: HTML included in message > > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > > [score: 0.5007] > > 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 > > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > > above 50% > > [cf: 69] > > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > > [cf: 69] > > > > ##MailScanner Test > > > > SpamCheck: not spam, SpamAssassin (not cached, > > score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, > > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, > > URIBL_SBL 1.50) > > > > > > Thanks > > > You seem to have different settings for different users here.... else > you'd trigger Razor in the MS case too. Are you perhaps running > Postfix? What version of MailScanner? Where have you enabled Razor? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Tue Jan 29 09:01:25 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jan 29 09:01:37 2008 Subject: Spam slipping thru.... In-Reply-To: <1201596639.24225.2.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <85f5e8f71428fd478621e50bcd8004b9@solidstatelogic.com> Gordon I don't run AWL as I find it gets things wrong in a large multiuser environment (YMMV though). I presume all your SA setup is done at the site level in /etc/mail/spamassassin ???? (and you've got a mailscanner.cf in there that points to spam.assassin.prefs.conf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 29 January 2008 08:51 > To: MailScanner discussion > Subject: Re: Spam slipping thru.... > > Have a look at my site :- > http://www.gbnetwork.co.uk/mailscanner/ > There are lots of additional rules and plugins there that you can use > listed there. > > On Tue, 2008-01-29 at 04:31, Gordon Colyn wrote: > > I am running sendmail, with MailScanner 4.63.8. > > > > I have enable razor in v320.pre file. > > > > Gordon > > ----- Original Message ----- > > From: "Glenn Steen" > > To: "MailScanner discussion" > > Sent: Monday, January 28, 2008 1:32 AM > > Subject: Re: Spam slipping thru.... > > > > > > On 27/01/2008, Gordon Colyn wrote: > > > ITNT BannerIn the last week I have spam from hotmail and yahoo > slipping > > > thru. When I run the test manually it should be blocked results > below; > > > > > > How do i get all the test to run in MailScanner? > > > > > > ##Manual test > > > > > > Content analysis details: (10.0 points, 5.0 required) > > > > > > pts rule name description > > > ---- ---------------------- ------------------------------------------ > -------- > > > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > > > [Blocked - see > > > ] > > > 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old > > > Bread) > > > [URIs: seeanserjoovoice.com] > > > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > > > blocklist > > > [URIs: seeanserjoovoice.com] > > > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > > > blocklist > > > [URIs: seeanserjoovoice.com] > > > 0.0 HTML_MESSAGE BODY: HTML included in message > > > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to > 60% > > > [score: 0.5007] > > > 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 > > > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > > > above 50% > > > [cf: 69] > > > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > > > [cf: 69] > > > > > > ##MailScanner Test > > > > > > SpamCheck: not spam, SpamAssassin (not cached, > > > score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, > > > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, > > > URIBL_SBL 1.50) > > > > > > > > > Thanks > > > > > You seem to have different settings for different users here.... else > > you'd trigger Razor in the MS case too. Are you perhaps running > > Postfix? What version of MailScanner? Where have you enabled Razor? > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Tue Jan 29 09:11:23 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Jan 29 09:11:39 2008 Subject: Spam slipping thru.... In-Reply-To: <85f5e8f71428fd478621e50bcd8004b9@solidstatelogic.com> Message-ID: <53cd4e37bf2ee94a84c8db8d286ef805@solidstatelogic.com> Other thing is that of course the URI-RBLs dcc etc update all the time. So first run through with MS they might not be listed, but a few hours later when you run manually they are... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth > Sent: 29 January 2008 09:01 > To: MailScanner discussion > Subject: RE: Spam slipping thru.... > > Gordon > > I don't run AWL as I find it gets things wrong in a large multiuser > environment (YMMV though). > > I presume all your SA setup is done at the site level in > /etc/mail/spamassassin ???? (and you've got a mailscanner.cf in there that > points to spam.assassin.prefs.conf. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Gareth > > Sent: 29 January 2008 08:51 > > To: MailScanner discussion > > Subject: Re: Spam slipping thru.... > > > > Have a look at my site :- > > http://www.gbnetwork.co.uk/mailscanner/ > > There are lots of additional rules and plugins there that you can use > > listed there. > > > > On Tue, 2008-01-29 at 04:31, Gordon Colyn wrote: > > > I am running sendmail, with MailScanner 4.63.8. > > > > > > I have enable razor in v320.pre file. > > > > > > Gordon > > > ----- Original Message ----- > > > From: "Glenn Steen" > > > To: "MailScanner discussion" > > > Sent: Monday, January 28, 2008 1:32 AM > > > Subject: Re: Spam slipping thru.... > > > > > > > > > On 27/01/2008, Gordon Colyn wrote: > > > > ITNT BannerIn the last week I have spam from hotmail and yahoo > > slipping > > > > thru. When I run the test manually it should be blocked results > > below; > > > > > > > > How do i get all the test to run in MailScanner? > > > > > > > > ##Manual test > > > > > > > > Content analysis details: (10.0 points, 5.0 required) > > > > > > > > pts rule name description > > > > ---- ---------------------- ---------------------------------------- > -- > > -------- > > > > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > > bl.spamcop.net > > > > [Blocked - see > > > > ] > > > > 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old > > > > Bread) > > > > [URIs: seeanserjoovoice.com] > > > > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > > > > blocklist > > > > [URIs: seeanserjoovoice.com] > > > > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > > > > blocklist > > > > [URIs: seeanserjoovoice.com] > > > > 0.0 HTML_MESSAGE BODY: HTML included in message > > > > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to > > 60% > > > > [score: 0.5007] > > > > 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 > > > > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence > level > > > > above 50% > > > > [cf: 69] > > > > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > > > > [cf: 69] > > > > > > > > ##MailScanner Test > > > > > > > > SpamCheck: not spam, SpamAssassin (not cached, > > > > score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, > > > > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, > > > > URIBL_SBL 1.50) > > > > > > > > > > > > Thanks > > > > > > > You seem to have different settings for different users here.... else > > > you'd trigger Razor in the MS case too. Are you perhaps running > > > Postfix? What version of MailScanner? Where have you enabled Razor? > > > > > > Cheers > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Tue Jan 29 09:11:52 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Jan 29 09:12:03 2008 Subject: sa-learn (Slightly OT) In-Reply-To: <95aae13fdcb4824d89e3cbcc2ef3c74d@solidstatelogic.com> References: <223f97700801281328k591064fbsbba5636ac9b70811@mail.gmail.com> <95aae13fdcb4824d89e3cbcc2ef3c74d@solidstatelogic.com> Message-ID: <223f97700801290111k79b2b0bdm5011ec7dde5f7ded@mail.gmail.com> On 29/01/2008, Martin.Hepworth wrote: > Kyle > > There's plenty of imap perl sa-learn scripts knocking about so you can have a global ham and spam folder then run the perl script on the MailScanner box to grab the email in ham and spam. > > If you can't find one contact me off list and I'll drop you over mine. > Step two already?:-) Well, you're (of course) quite right Martin. I'm pretty certain this has been covered on this list before, so trawling the archives should get Kyle what he wants. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gordon at itnt.co.za Tue Jan 29 15:09:42 2008 From: gordon at itnt.co.za (Gordon Colyn) Date: Tue Jan 29 15:09:56 2008 Subject: Spam slipping thru.... References: <85f5e8f71428fd478621e50bcd8004b9@solidstatelogic.com> Message-ID: <047e01c86288$fa7efe00$0b02a8c0@gordon> Yes that is correct. All spam rules sit in /et/mail/spamassassin/ /etc/MailScanner/spam.assassin.prefs.conf is linked to /etc/mail/spamassassin/mailscanner.cf I have now disabled AWL. Thanks Gordon ----- Original Message ----- From: "Martin.Hepworth" To: "MailScanner discussion" Sent: Tuesday, January 29, 2008 11:01 AM Subject: RE: Spam slipping thru.... Gordon I don't run AWL as I find it gets things wrong in a large multiuser environment (YMMV though). I presume all your SA setup is done at the site level in /etc/mail/spamassassin ???? (and you've got a mailscanner.cf in there that points to spam.assassin.prefs.conf. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 29 January 2008 08:51 > To: MailScanner discussion > Subject: Re: Spam slipping thru.... > > Have a look at my site :- > http://www.gbnetwork.co.uk/mailscanner/ > There are lots of additional rules and plugins there that you can use > listed there. > > On Tue, 2008-01-29 at 04:31, Gordon Colyn wrote: > > I am running sendmail, with MailScanner 4.63.8. > > > > I have enable razor in v320.pre file. > > > > Gordon > > ----- Original Message ----- > > From: "Glenn Steen" > > To: "MailScanner discussion" > > Sent: Monday, January 28, 2008 1:32 AM > > Subject: Re: Spam slipping thru.... > > > > > > On 27/01/2008, Gordon Colyn wrote: > > > ITNT BannerIn the last week I have spam from hotmail and yahoo > slipping > > > thru. When I run the test manually it should be blocked results > below; > > > > > > How do i get all the test to run in MailScanner? > > > > > > ##Manual test > > > > > > Content analysis details: (10.0 points, 5.0 required) > > > > > > pts rule name description > > > ---- ---------------------- ------------------------------------------ > -------- > > > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > > > [Blocked - see > > > ] > > > 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old > > > Bread) > > > [URIs: seeanserjoovoice.com] > > > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > > > blocklist > > > [URIs: seeanserjoovoice.com] > > > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > > > blocklist > > > [URIs: seeanserjoovoice.com] > > > 0.0 HTML_MESSAGE BODY: HTML included in message > > > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to > 60% > > > [score: 0.5007] > > > 2.0 CONTAINS_RULE10000058 FULL: CONTAINS_RULE10000058 > > > 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level > > > above 50% > > > [cf: 69] > > > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > > > [cf: 69] > > > > > > ##MailScanner Test > > > > > > SpamCheck: not spam, SpamAssassin (not cached, > > > score=6.544, required 8, BAYES_50 0.00, CONTAINS_RULE10000058 2.00, > > > HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, URIBL_RHS_DOB 1.08, > > > URIBL_SBL 1.50) > > > > > > > > > Thanks > > > > > You seem to have different settings for different users here.... else > > you'd trigger Razor in the MS case too. Are you perhaps running > > Postfix? What version of MailScanner? Where have you enabled Razor? > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From kyleaschmitt at gmail.com Tue Jan 29 15:24:26 2008 From: kyleaschmitt at gmail.com (Kyle Schmitt) Date: Tue Jan 29 15:24:35 2008 Subject: sa-learn (Slightly OT) In-Reply-To: <223f97700801290111k79b2b0bdm5011ec7dde5f7ded@mail.gmail.com> References: <223f97700801281328k591064fbsbba5636ac9b70811@mail.gmail.com> <95aae13fdcb4824d89e3cbcc2ef3c74d@solidstatelogic.com> <223f97700801290111k79b2b0bdm5011ec7dde5f7ded@mail.gmail.com> Message-ID: <2b548b8b0801290724i2ed8eca9g545c262fe2f768e8@mail.gmail.com> OK, I'll search through to try and find some scripts _but_ to the original Qs: Did trying to sa-learn those outlook files put garbage into my mailscanner? Should I tell it to un-learn those messages? How much of a header is used for sa-learn? The exchange headers have no resemblance to real headers. It's files are tightly incomprehensible binary. As I'm writing this, I remembered I _can_ go to the options menu in outlook and get the real headers, then re-stitch those back to the text of the message. Ouch ;) Silly exchange. Silly outlook. Given the age of the exchange server, I'm unsure as to whether I can enable imap on it safely (it's under fairly heavy use, and it's exchange 5.5.) I'm linux/unix centric, but I do recall something about imap introducing severe instability for exchange servers of some generation.... On Jan 29, 2008 3:11 AM, Glenn Steen wrote: > On 29/01/2008, Martin.Hepworth wrote: > > Kyle > > > > There's plenty of imap perl sa-learn scripts knocking about so you can have a global ham and spam folder then run the perl script on the MailScanner box to grab the email in ham and spam. > > > > If you can't find one contact me off list and I'll drop you over mine. > > > Step two already?:-) Well, you're (of course) quite right Martin. > I'm pretty certain this has been covered on this list before, so > trawling the archives should get Kyle what he wants. > > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From martelm at quark.vsc.edu Tue Jan 29 15:53:58 2008 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Jan 29 15:54:21 2008 Subject: Trouble Setting up Mail::SPF::Query Message-ID: <34381EC699AED44917386EE8@[192.168.1.230]> I'm trying to install Mail::SPF::Query and it's failing. Test Summary Report ------------------- t/00_all.t (Wstat: 0 Tests: 223 Failed: 24) Failed tests: 9, 130, 133, 140, 143, 156, 159, 163, 166 181, 184, 187, 190, 193, 196, 199, 202 205, 208, 211, 214, 217, 220, 223 TODO passed: 219 Files=1, Tests=223, 14 wallclock secs ( 0.06 usr 0.02 sys + 1.63 cusr 0.23 csys = 1.94 CPU) Result: FAIL Failed 1/1 test programs. 24/223 subtests failed. make: *** [test_dynamic] Error 255 JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz Running make install make test had returned bad status, won't install without force Failed during this command: JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz: make_test NO Ok, so that's not a good thing. Anybody seen this before ? suggestions on how to fix it/work around it ? Thanks! Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From jkf at ecs.soton.ac.uk Tue Jan 29 16:18:07 2008 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 29 16:18:37 2008 Subject: Trouble Setting up Mail::SPF::Query In-Reply-To: <34381EC699AED44917386EE8@[192.168.1.230]> References: <34381EC699AED44917386EE8@[192.168.1.230]> Message-ID: <479F51BF.7070106@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What happens when you build it by hand? Michael H. Martel wrote: > I'm trying to install Mail::SPF::Query and it's failing. > > Test Summary Report > ------------------- > t/00_all.t (Wstat: 0 Tests: 223 Failed: 24) > Failed tests: 9, 130, 133, 140, 143, 156, 159, 163, 166 > 181, 184, 187, 190, 193, 196, 199, 202 > 205, 208, 211, 214, 217, 220, 223 > TODO passed: 219 > Files=1, Tests=223, 14 wallclock secs ( 0.06 usr 0.02 sys + 1.63 > cusr 0.23 csys = 1.94 CPU) > Result: FAIL > Failed 1/1 test programs. 24/223 subtests failed. > make: *** [test_dynamic] Error 255 > JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > /usr/bin/make test -- NOT OK > //hint// to see the cpan-testers results for installing this module, try: > reports JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > Running make install > make test had returned bad status, won't install without force > Failed during this command: > JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz: make_test NO > > > Ok, so that's not a good thing. Anybody seen this before ? > suggestions on how to fix it/work around it ? > > Thanks! > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > Jules - -- Julian Field MBCS CITP CEng jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHn1HDEfZZRxQVtlQRAoL6AJ9feFvla1jaWaWtpTFqhGgHIk6UOACeK1NI rF6Q3gsh0lGDogNCD+4LWeM= =0aWq -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 29 16:18:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 29 16:18:41 2008 Subject: Trouble Setting up Mail::SPF::Query In-Reply-To: <34381EC699AED44917386EE8@[192.168.1.230]> References: <34381EC699AED44917386EE8@[192.168.1.230]> Message-ID: <479F51C8.5060408@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What happens when you build it by hand? Michael H. Martel wrote: > I'm trying to install Mail::SPF::Query and it's failing. > > Test Summary Report > ------------------- > t/00_all.t (Wstat: 0 Tests: 223 Failed: 24) > Failed tests: 9, 130, 133, 140, 143, 156, 159, 163, 166 > 181, 184, 187, 190, 193, 196, 199, 202 > 205, 208, 211, 214, 217, 220, 223 > TODO passed: 219 > Files=1, Tests=223, 14 wallclock secs ( 0.06 usr 0.02 sys + 1.63 > cusr 0.23 csys = 1.94 CPU) > Result: FAIL > Failed 1/1 test programs. 24/223 subtests failed. > make: *** [test_dynamic] Error 255 > JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > /usr/bin/make test -- NOT OK > //hint// to see the cpan-testers results for installing this module, try: > reports JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz > Running make install > make test had returned bad status, won't install without force > Failed during this command: > JMEHNLE/mail-spf-query/Mail-SPF-Query-1.999.1.tar.gz: make_test NO > > > Ok, so that's not a good thing. Anybody seen this before ? > suggestions on how to fix it/work around it ? > > Thanks! > > > Michael > > -- > > --------------------------------o--------------------------------- > Michael H. Martel | Systems Administrator > michael.martel@vsc.edu | Vermont State Colleges > http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHn1HJEfZZRxQVtlQRAuOJAKDYFv4IoTWJSnuJN1Gzj3JVZmmdBgCg/f6d 3bUWCGoMZos0DV81Ozhhgsk= =ZquX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martelm at quark.vsc.edu Tue Jan 29 16:35:38 2008 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Jan 29 16:36:00 2008 Subject: Trouble Setting up Mail::SPF::Query In-Reply-To: <479F51C8.5060408@ecs.soton.ac.uk> References: <34381EC699AED44917386EE8@[192.168.1.230]> <479F51C8.5060408@ecs.soton.ac.uk> Message-ID: <97DC88BBA41A66C10E997ED5@[192.168.1.230]> --On Tuesday, January 29, 2008 4:18 PM +0000 Julian Field wrote: > What happens when you build it by hand? Downloaded from here by hand ... Make is successfull. Make test is not. Looks like the same error to me. t/00_all...... Failed 24/223 subtests (1 TODO test unexpectedly succeeded) Test Summary Report ------------------- t/00_all.t (Wstat: 0 Tests: 223 Failed: 24) Failed tests: 9, 130, 133, 140, 143, 156, 159, 163, 166 181, 184, 187, 190, 193, 196, 199, 202 205, 208, 211, 214, 217, 220, 223 TODO passed: 219 Files=1, Tests=223, 26 wallclock secs ( 0.07 usr 0.01 sys + 1.60 cusr 0.24 csys = 1.92 CPU) Result: FAIL Failed 1/1 test programs. 24/223 subtests failed. make: *** [test_dynamic] Error 255 Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From martelm at quark.vsc.edu Tue Jan 29 16:37:44 2008 From: martelm at quark.vsc.edu (Michael H. Martel) Date: Tue Jan 29 16:38:06 2008 Subject: Trouble Setting up Mail::SPF::Query In-Reply-To: <479F51C8.5060408@ecs.soton.ac.uk> References: <34381EC699AED44917386EE8@[192.168.1.230]> <479F51C8.5060408@ecs.soton.ac.uk> Message-ID: <45458773DE096E52FC442CBD@[192.168.1.230]> --On Tuesday, January 29, 2008 4:18 PM +0000 Julian Field wrote: > What happens when you build it by hand? Now that's neat. This is on a CentOS 5.1 system. On my CenOS 4.6 box it builds fine. *sigh* It had to be something like that ... Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 From winslowb at pa.net Tue Jan 29 16:45:53 2008 From: winslowb at pa.net (Ben Winslow) Date: Tue Jan 29 16:46:12 2008 Subject: sa-learn (Slightly OT) In-Reply-To: <2b548b8b0801290724i2ed8eca9g545c262fe2f768e8@mail.gmail.com> References: <223f97700801281328k591064fbsbba5636ac9b70811@mail.gmail.com> <95aae13fdcb4824d89e3cbcc2ef3c74d@solidstatelogic.com> <223f97700801290111k79b2b0bdm5011ec7dde5f7ded@mail.gmail.com> <2b548b8b0801290724i2ed8eca9g545c262fe2f768e8@mail.gmail.com> Message-ID: <1201625154.29369.5.camel@winslowb.int.pa.net> On Tue, 2008-01-29 at 09:24 -0600, Kyle Schmitt wrote: > Given the age of the exchange server, I'm unsure as to whether I can > enable imap on it safely (it's under fairly heavy use, and it's > exchange 5.5.) I'm linux/unix centric, but I do recall something > about imap introducing severe instability for exchange servers of some > generation.... Your easiest option might be adding an imap account to Outlook for a different server, copying your messages to that imap account, and then retrieving the messages from the server directly or with a MUA that's more willing to give you the entire message, headers and all. From support-lists at petdoctors.co.uk Tue Jan 29 19:26:27 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Tue Jan 29 19:27:07 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus Message-ID: <000f01c862ac$d81c2800$3c65a8c0@support01> "Anti-virus firm Trend Micro is suing Barracuda Networks over their use of the open source anti-virus product ClamAV. The issue is Trend Micro's patent on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec and McAfee are already paying licensing fees to Trend Micro." Just in case you missed it on Slashdot. http://yro.slashdot.org/article.pl?sid=08/01/29/1313206 Nigel Kendrick IT Associate Pet Doctors Ltd From ricky.boone at gmail.com Tue Jan 29 19:37:30 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Tue Jan 29 19:37:41 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <000f01c862ac$d81c2800$3c65a8c0@support01> References: <000f01c862ac$d81c2800$3c65a8c0@support01> Message-ID: <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> On Jan 29, 2008 2:26 PM, Nigel Kendrick wrote: > "Anti-virus firm Trend Micro is suing Barracuda Networks over their use of > the open source anti-virus product ClamAV. The issue is Trend Micro's patent > on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec > and McAfee are already paying licensing fees to Trend Micro." I noticed that too. Not too impressive on Trend Micro's part. :| Pretty much ensuring I'll never touch another one of their products. Something to keep an eye on, nonetheless. From itdept at fractalweb.com Tue Jan 29 19:38:19 2008 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Jan 29 19:39:10 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <000f01c862ac$d81c2800$3c65a8c0@support01> References: <000f01c862ac$d81c2800$3c65a8c0@support01> Message-ID: <479F80AB.5010002@fractalweb.com> Nigel Kendrick wrote: > "Anti-virus firm Trend Micro is suing Barracuda Networks over their use of > the open source anti-virus product ClamAV. The issue is Trend Micro's patent > on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec > and McAfee are already paying licensing fees to Trend Micro." > Ya gotta love software patents. Nothing like giving a patent out for something that is plainly obvious to anyone "in the know." Chris --- Why do people put in their $0.02, but it only costs a penny for your thoughts? From ssilva at sgvwater.com Tue Jan 29 19:54:21 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 29 19:54:38 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F80AB.5010002@fractalweb.com> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F80AB.5010002@fractalweb.com> Message-ID: on 1/29/2008 11:38 AM Chris Yuzik spake the following: > Nigel Kendrick wrote: >> "Anti-virus firm Trend Micro is suing Barracuda Networks over their >> use of >> the open source anti-virus product ClamAV. The issue is Trend Micro's >> patent >> on 'anti-virus detection on an SMTP or FTP gateway'. Companies like >> Symantec >> and McAfee are already paying licensing fees to Trend Micro." >> > Ya gotta love software patents. Nothing like giving a patent out for > something that is plainly obvious to anyone "in the know." > > Chris > --- > Why do people put in their $0.02, but it only costs a penny for your > thoughts? > A penny for the thoughts, and a penny for the bull$h1t! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080129/77590752/signature.bin From uxbod at splatnix.net Tue Jan 29 20:15:32 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jan 29 20:15:50 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: Message-ID: <22505520.23001201637732267.JavaMail.root@office.splatnix.net> It does not surprise me to be honest! We have had Trend forced on us at work and it is useless. Low detection rate, huge definition updates that kills the WAN, and very high memory usage on the workstations. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Scott Silva" wrote: > on 1/29/2008 11:38 AM Chris Yuzik spake the following: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue Jan 29 20:22:58 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Jan 29 20:23:36 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <22505520.23001201637732267.JavaMail.root@office.splatnix.net> References: <22505520.23001201637732267.JavaMail.root@office.splatnix.net> Message-ID: And don't let me get started on the Elbonian support team they outsource their helpdesk to... On Jan 29, 2008, at 3:15 PM, --[ UxBoD ]-- wrote: > It does not surprise me to be honest! We have had Trend forced on us > at work and it is useless. Low detection rate, huge definition > updates that kills the WAN, and very high memory usage on the > workstations. From dnsadmin at 1bigthink.com Tue Jan 29 20:33:09 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Tue Jan 29 20:33:37 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com > References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> Message-ID: <200801292033.m0TKXPrL020603@mxt.1bigthink.com> At 02:37 PM 1/29/2008, you wrote: >On Jan 29, 2008 2:26 PM, Nigel Kendrick > wrote: > > "Anti-virus firm Trend Micro is suing Barracuda Networks over their use of > > the open source anti-virus product ClamAV. The issue is Trend > Micro's patent > > on 'anti-virus detection on an SMTP or FTP gateway'. Companies > like Symantec > > and McAfee are already paying licensing fees to Trend Micro." > >I noticed that too. Not too impressive on Trend Micro's part. :| >Pretty much ensuring I'll never touch another one of their products. I agree. BTW, Barracuda is looking for 'prior art' if anyone can or cares to submit: http://www.barracudanetworks.com/ns/legal/#how_to_help These lawyers for Trend Micro obviously don't know how to run a business, but this business move shows that Trend Micro does not either. This is a poor business move. ..as per usual, the only winners will be the lawyers. Any good, dead lawyer jokes, anybody? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 29 20:53:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 29 20:53:49 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <000f01c862ac$d81c2800$3c65a8c0@support01> References: <000f01c862ac$d81c2800$3c65a8c0@support01> Message-ID: <479F923B.5080502@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Having had a quick flick through the patent itself, it does not appear to apply to my design of MailScanner, as it's not a proxy server in any form. But it does affect just about every other system on the planet. This really should never have been allowed as a patent. Fortunately the EU doesn't have software patents, so they couldn't come after me even if they wanted to, or could :-) These guys really are low-life pond weed. #include Nigel Kendrick wrote: > "Anti-virus firm Trend Micro is suing Barracuda Networks over their use of > the open source anti-virus product ClamAV. The issue is Trend Micro's patent > on 'anti-virus detection on an SMTP or FTP gateway'. Companies like Symantec > and McAfee are already paying licensing fees to Trend Micro." > > Just in case you missed it on Slashdot. > > http://yro.slashdot.org/article.pl?sid=08/01/29/1313206 > > Nigel Kendrick > IT Associate > Pet Doctors Ltd > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj4DBQFHn5JFEfZZRxQVtlQRAqIyAJ9zJbk5eXcBvfhMJkMlGl7Ei7jsrQCSA8on Fo/a1+S++jPpLilSCT5Ebw== =KDWZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 29 21:03:40 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 29 21:04:04 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F923B.5080502@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> Message-ID: <479F94AC.9040804@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But actually, having read the patent a bit more, does it affect MailScanner theoretically? I can't tell, the legalese is so horrible to understand. It doesn't affect MailScanner practically, as it's a US patent and so I am totally out of their jurisdiction. Julian Field wrote: > * PGP Signed: 01/29/08 at 20:53:25 > > Having had a quick flick through the patent itself, it does not appear > to apply to my design of MailScanner, as it's not a proxy server in > any form. > > But it does affect just about every other system on the planet. This > really should never have been allowed as a patent. Fortunately the EU > doesn't have software patents, so they couldn't come after me even if > they wanted to, or could :-) > > These guys really are low-life pond weed. > > #include > > Nigel Kendrick wrote: >> "Anti-virus firm Trend Micro is suing Barracuda Networks over their >> use of >> the open source anti-virus product ClamAV. The issue is Trend Micro's >> patent >> on 'anti-virus detection on an SMTP or FTP gateway'. Companies like >> Symantec >> and McAfee are already paying licensing fees to Trend Micro." >> >> Just in case you missed it on Slashdot. >> http://yro.slashdot.org/article.pl?sid=08/01/29/1313206 >> >> Nigel Kendrick >> IT Associate >> Pet Doctors Ltd >> >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHn5SuEfZZRxQVtlQRAlD6AJ48GiV9Dm0ypuVK0jn9cFF3amhxKACfbQ75 uTwjHJY51dcfmS0mJnuw6H4= =Stcp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Tue Jan 29 21:05:25 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Jan 29 21:04:47 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F923B.5080502@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Having had a quick flick through the patent itself, it does not appear > to apply to my design of MailScanner, as it's not a proxy server in > any form. I've never looked at the Barracuda but I wouldn't have called it a proxy either. But maybe it is, in some sense of the word. Hopefully this action will cause the patent to be overturned. I think I'm going to patent the lining up of soup cans on a grocery store shelf. Makes about as much sense. :-) > But it does affect just about every other system on the planet. This > really should never have been allowed as a patent. Fortunately the EU > doesn't have software patents, so they couldn't come after me even if > they wanted to, or could :-) What about the Fortress System devices? Hope they fall in the same category as Mailscanner. > These guys really are low-life pond weed. You're too generous in your assessment Jules... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From MailScanner at ecs.soton.ac.uk Tue Jan 29 21:05:28 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 29 21:05:51 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F923B.5080502@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> Message-ID: <479F9518.9030003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And exactly how do Barracuda systems work anyway? Julian Field wrote: > * PGP Signed: 01/29/08 at 20:53:25 > > Having had a quick flick through the patent itself, it does not appear > to apply to my design of MailScanner, as it's not a proxy server in > any form. > > But it does affect just about every other system on the planet. This > really should never have been allowed as a patent. Fortunately the EU > doesn't have software patents, so they couldn't come after me even if > they wanted to, or could :-) > > These guys really are low-life pond weed. > > #include > > Nigel Kendrick wrote: >> "Anti-virus firm Trend Micro is suing Barracuda Networks over their >> use of >> the open source anti-virus product ClamAV. The issue is Trend Micro's >> patent >> on 'anti-virus detection on an SMTP or FTP gateway'. Companies like >> Symantec >> and McAfee are already paying licensing fees to Trend Micro." >> >> Just in case you missed it on Slashdot. >> http://yro.slashdot.org/article.pl?sid=08/01/29/1313206 >> >> Nigel Kendrick >> IT Associate >> Pet Doctors Ltd >> >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHn5UaEfZZRxQVtlQRAokuAKCrk9ulmqsLXWqERbxK+dmxK4D/0wCg4rh+ p0exK0MiP/LM9OaMQOZuWxw= =d2X7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Tue Jan 29 21:07:56 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 29 21:08:30 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <200801292033.m0TKXPrL020603@mxt.1bigthink.com> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> Message-ID: <479F95AC.1090201@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dnsadmin 1bigthink.com wrote: | Any good, dead lawyer jokes, anybody? Perhaps we should put layers to good use and let them sue Osama in person. But in fact it does not matter what scanner you use. The way they put it any viruscanner called upon by MailScanner is a violation of the patent as well. So if Trend Micro can get away with this then we are all up against the legal wall as well. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHn5WqBvzDRVjxmYERAvghAJ9J40zfGv5uXv6FS8Q0/9JJOsPiVQCgtyMJ CJFSCH8IuGFa4wM2LPalxhY= =BAFW -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Jan 29 21:13:33 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 29 21:13:59 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F923B.5080502@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> Message-ID: <479F96FD.2000407@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | Having had a quick flick through the patent itself, it does not appear | to apply to my design of MailScanner, as it's not a proxy server in any | form. Well. If you think it does not apply to amavisd then they are wrong about Barracuda as well. But in what legal way is amavisd different from MailScanner? It sure will be a most interresting day in the office. Having both manufacturers on our pricelist. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHn5b7BvzDRVjxmYERAgIKAJ9mlHOx4tiqmDRJ1PGqqKcWIjt1PwCfXL4Z 79H5SIf2GLlg1DdaOrFw4O4= =awDL -----END PGP SIGNATURE----- From dave.list at pixelhammer.com Tue Jan 29 21:30:39 2008 From: dave.list at pixelhammer.com (DAve) Date: Tue Jan 29 21:30:58 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F9518.9030003@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F9518.9030003@ecs.soton.ac.uk> Message-ID: <479F9AFF.6040905@pixelhammer.com> Julian Field wrote: > And exactly how do Barracuda systems work anyway? Not very well. (Sorry, I couldn't resist.) > > Julian Field wrote: >> * PGP Signed: 01/29/08 at 20:53:25 > >> Having had a quick flick through the patent itself, it does not appear >> to apply to my design of MailScanner, as it's not a proxy server in >> any form. > >> But it does affect just about every other system on the planet. This >> really should never have been allowed as a patent. Fortunately the EU >> doesn't have software patents, so they couldn't come after me even if >> they wanted to, or could :-) > >> These guys really are low-life pond weed. > >> #include > >> Nigel Kendrick wrote: >>> "Anti-virus firm Trend Micro is suing Barracuda Networks over their >>> use of >>> the open source anti-virus product ClamAV. The issue is Trend Micro's >>> patent >>> on 'anti-virus detection on an SMTP or FTP gateway'. Companies like >>> Symantec >>> and McAfee are already paying licensing fees to Trend Micro." >>> >>> Just in case you missed it on Slashdot. >>> http://yro.slashdot.org/article.pl?sid=08/01/29/1313206 >>> >>> Nigel Kendrick >>> IT Associate >>> Pet Doctors Ltd >>> >>> >> Jules > > > Jules > -- Google finally, after 7 years, provided a logo for veterans. Thank you Google. What to do with my signature now? From clacroix at cegep-ste-foy.qc.ca Tue Jan 29 21:32:12 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Tue Jan 29 21:32:22 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F9518.9030003@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F9518.9030003@ecs.soton.ac.uk> Message-ID: <479F9B5C.4050706@cegep-ste-foy.qc.ca> Not very well, when they do... I'm glad they are sitting on a shelf collecting dust. Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > And exactly how do Barracuda systems work anyway? > > Julian Field wrote: > >> * PGP Signed: 01/29/08 at 20:53:25 >> >> Having had a quick flick through the patent itself, it does not appear >> to apply to my design of MailScanner, as it's not a proxy server in >> any form. >> >> But it does affect just about every other system on the planet. This >> really should never have been allowed as a patent. Fortunately the EU >> doesn't have software patents, so they couldn't come after me even if >> they wanted to, or could :-) >> >> These guys really are low-life pond weed. >> >> #include >> >> Nigel Kendrick wrote: >> >>> "Anti-virus firm Trend Micro is suing Barracuda Networks over their >>> use of >>> the open source anti-virus product ClamAV. The issue is Trend Micro's >>> patent >>> on 'anti-virus detection on an SMTP or FTP gateway'. Companies like >>> Symantec >>> and McAfee are already paying licensing fees to Trend Micro." >>> >>> Just in case you missed it on Slashdot. >>> http://yro.slashdot.org/article.pl?sid=08/01/29/1313206 >>> >>> Nigel Kendrick >>> IT Associate >>> Pet Doctors Ltd >>> >>> >>> >> Jules >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: Use Thunderbird's Enigmail add-on to verify this message > Charset: ISO-8859-1 > > wj8DBQFHn5UaEfZZRxQVtlQRAokuAKCrk9ulmqsLXWqERbxK+dmxK4D/0wCg4rh+ > p0exK0MiP/LM9OaMQOZuWxw= > =d2X7 > -----END PGP SIGNATURE----- > > From MailScanner at ecs.soton.ac.uk Tue Jan 29 21:39:53 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 29 21:41:00 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F95AC.1090201@vanderkooij.org> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> Message-ID: <479F9D29.2000805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > But in fact it does not matter what scanner you use. The way they put it > any viruscanner called upon by MailScanner is a violation of the patent > as well. But MailScanner is not written in the US. Remember I live in the EU, where software patents don't exist. So it doesn't violate anything, as there is nothing to violate. :-) > So if Trend Micro can get away with this then we are all up > against the legal wall as well. Oh no we're not... Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHn51REfZZRxQVtlQRAs8yAKCRcMiNZ8rOwgJNvHVHWMJiAJGfiwCg9tz1 DOnJtmj2QUxLraW+fdd5CDU= =Cgcj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Tue Jan 29 21:41:12 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Jan 29 21:41:34 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F95AC.1090201@vanderkooij.org> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com><200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> Message-ID: <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> But wouldn't MailScanner be more closely aligned as a MUA and not a MTA. If the patent applies to the MTA handing the message off to a scanner then that would apply to sendmail milters and such. Hell, it could even be applied to SpamAssassin in a milter setup. Trend Micro should review how well indefensible patent suits have worked out for Sun -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij Sent: Tuesday, January 29, 2008 4:08 PM To: MailScanner discussion Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dnsadmin 1bigthink.com wrote: | Any good, dead lawyer jokes, anybody? Perhaps we should put layers to good use and let them sue Osama in person. But in fact it does not matter what scanner you use. The way they put it any viruscanner called upon by MailScanner is a violation of the patent as well. So if Trend Micro can get away with this then we are all up against the legal wall as well. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHn5WqBvzDRVjxmYERAvghAJ9J40zfGv5uXv6FS8Q0/9JJOsPiVQCgtyMJ CJFSCH8IuGFa4wM2LPalxhY= =BAFW -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Tue Jan 29 21:53:37 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 29 21:54:10 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F9D29.2000805@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <479F9D29.2000805@ecs.soton.ac.uk> Message-ID: <479FA061.9090001@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | | | Hugo van der Kooij wrote: |> But in fact it does not matter what scanner you use. The way they put it |> any viruscanner called upon by MailScanner is a violation of the patent |> as well. | But MailScanner is not written in the US. Remember I live in the EU, | where software patents don't exist. So it doesn't violate anything, as | there is nothing to violate. | :-) | |> So if Trend Micro can get away with this then we are all up |> against the legal wall as well. | Oh no we're not... Well You are right about you and me. But those users using MailScanner in the US? They are violating the patent in question. So some of "us" might be liable as well if this stinking deal goes on. Well. I tended to support sales and customers in Trend Micro issues untill a few short hours ago. I think I will register as having zero knowledge tomorrow morning on matters regarding Trend Micro. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHn6BfBvzDRVjxmYERAo/dAJ9A7vfgAOyuJ9Tk056NeNowPvhmiQCfYhsA St/NQxC+EhLkmJEkZP5S33A= =ZvOO -----END PGP SIGNATURE----- From uxbod at splatnix.net Tue Jan 29 22:02:54 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Jan 29 22:03:23 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F9D29.2000805@ecs.soton.ac.uk> Message-ID: <7627606.23031201644174382.JavaMail.root@office.splatnix.net> ----- "Julian Field" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > But in fact it does not matter what scanner you use. The way they put it > any viruscanner called upon by MailScanner is a violation of the patent > as well. But MailScanner is not written in the US. Remember I live in the EU, where software patents don't exist. So it doesn't violate anything, as there is nothing to violate. :-) > So if Trend Micro can get away with this then we are all up > against the legal wall as well. Oh no we're not... Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Would it have the potential to effect FSL in America though ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Jan 29 22:06:12 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 29 22:06:29 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com><200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> Message-ID: on 1/29/2008 1:41 PM Rose, Bobby spake the following: > But wouldn't MailScanner be more closely aligned as a MUA and not a MTA. > If the patent applies to the MTA handing the message off to a scanner > then that would apply to sendmail milters and such. Hell, it could even > be applied to SpamAssassin in a milter setup. > > Trend Micro should review how well indefensible patent suits have worked > out for Sun > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo > van der Kooij > Sent: Tuesday, January 29, 2008 4:08 PM > To: MailScanner discussion > Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus > > dnsadmin 1bigthink.com wrote: > > | Any good, dead lawyer jokes, anybody? > > Perhaps we should put layers to good use and let them sue Osama in > person. > > But in fact it does not matter what scanner you use. The way they put it > any viruscanner called upon by MailScanner is a violation of the patent > as well. So if Trend Micro can get away with this then we are all up > against the legal wall as well. > > Hugo. > > But win or lose, the lawyers still get paid. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080129/cac8fd11/signature.bin From MailScanner at ecs.soton.ac.uk Tue Jan 29 22:12:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 29 22:13:09 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FA061.9090001@vanderkooij.org> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <479F9D29.2000805@ecs.soton.ac.uk> <479FA061.9090001@vanderkooij.org> Message-ID: <479FA4D9.6020909@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > * PGP Signed by an unverified key: 01/29/08 at 21:53:35 > > Julian Field wrote: > | > | > | Hugo van der Kooij wrote: > |> But in fact it does not matter what scanner you use. The way they > put it > |> any viruscanner called upon by MailScanner is a violation of the > patent > |> as well. > | But MailScanner is not written in the US. Remember I live in the EU, > | where software patents don't exist. So it doesn't violate anything, as > | there is nothing to violate. > | :-) > | > |> So if Trend Micro can get away with this then we are all up > |> against the legal wall as well. > | Oh no we're not... > > Well You are right about you and me. But those users using MailScanner > in the US? They are violating the patent in question. So some of "us" > might be liable as well if this stinking deal goes on. But I thought patents affected the designers of such systems, not the users. They are going after Barracuda, not their customers. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHn6TbEfZZRxQVtlQRAqceAKD8Hv7pLUVIkq1olcjOPtD9oZX+hACfW08W Tra8vBT6+9BXn8Sxb0n06do= =w7m0 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 29 22:13:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 29 22:14:08 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com><200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> Message-ID: <479FA515.9070902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 1/29/2008 1:41 PM Rose, Bobby spake the following: >> But wouldn't MailScanner be more closely aligned as a MUA and not a MTA. >> If the patent applies to the MTA handing the message off to a scanner >> then that would apply to sendmail milters and such. Hell, it could even >> be applied to SpamAssassin in a milter setup. >> >> Trend Micro should review how well indefensible patent suits have worked >> out for Sun >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo >> van der Kooij >> Sent: Tuesday, January 29, 2008 4:08 PM >> To: MailScanner discussion >> Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus >> >> dnsadmin 1bigthink.com wrote: >> >> | Any good, dead lawyer jokes, anybody? >> >> Perhaps we should put layers to good use and let them sue Osama in >> person. >> >> But in fact it does not matter what scanner you use. The way they put it >> any viruscanner called upon by MailScanner is a violation of the patent >> as well. So if Trend Micro can get away with this then we are all up >> against the legal wall as well. >> >> Hugo. >> >> > But win or lose, the lawyers still get paid. But they pay with their soul... Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHn6UXEfZZRxQVtlQRAhm6AJ4o/wZEo0fKT/F1z4Vd9Mh9r0kdWgCgswca d9skRMr3DTkvDpycI/GhWKE= =DvyC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Tue Jan 29 22:23:47 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Jan 29 22:24:18 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FA515.9070902@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com><200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> <479FA515.9070902@ecs.soton.ac.uk> Message-ID: <479FA773.6080806@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | | Scott Silva wrote: |> But win or lose, the lawyers still get paid. | But they pay with their soul... I would say their job description pretty much forbids any of them to actually have one to start with. hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHn6dxBvzDRVjxmYERAtlgAJ9f9MKX5wMNb4cgKZQmSiQD1+N7wACeO/EL kNArOHdTRbXn7FoI8np4Z/g= =wlpO -----END PGP SIGNATURE----- From jon at radel.com Tue Jan 29 22:39:16 2008 From: jon at radel.com (Jon Radel) Date: Tue Jan 29 22:39:32 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FA4D9.6020909@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <479F9D29.2000805@ecs.soton.ac.uk> <479FA061.9090001@vanderkooij.org> <479FA4D9.6020909@ecs.soton.ac.uk> Message-ID: <479FAB14.9060302@radel.com> Julian Field wrote: > > > Hugo van der Kooij wrote: >> Well You are right about you and me. But those users using MailScanner >> in the US? They are violating the patent in question. So some of "us" >> might be liable as well if this stinking deal goes on. > But I thought patents affected the designers of such systems, not the > users. They are going after Barracuda, not their customers. Barracuda is easier to find and is more likely to settle for some sum of money and future licensing fees. The users are harder to find and are more likely to throw their Barracuda in the dustbin rather than settle for enough to pay for Trend's lawyers. However, if somebody really big, with lots of money, were using lots of Barracudas, this might be a different matter. In the U.S. at least, *use* of patented technology, not merely sale or manufacturing of a gadget that includes it, without license from the patent holder, opens you to liability. --Jon Radel Warning: I don't even play a lawyer on TV. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2890 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080129/e9794808/smime.bin From nwp at nz.lemon-computing.com Tue Jan 29 22:43:06 2008 From: nwp at nz.lemon-computing.com (Nick Phillips) Date: Tue Jan 29 22:43:20 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FA4D9.6020909@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <479F9D29.2000805@ecs.soton.ac.uk> <479FA061.9090001@vanderkooij.org> <479FA4D9.6020909@ecs.soton.ac.uk> Message-ID: <7DFFD760-1215-4FF6-80AC-AA511D8BDEE3@nz.lemon-computing.com> On 30/01/2008, at 11:12 AM, Julian Field wrote: > > Hugo van der Kooij wrote: >> * PGP Signed by an unverified key: 01/29/08 at 21:53:35 >> >> Julian Field wrote: >> | >> | >> | Hugo van der Kooij wrote: >> |> But in fact it does not matter what scanner you use. The way they >> put it >> |> any viruscanner called upon by MailScanner is a violation of the >> patent >> |> as well. >> | But MailScanner is not written in the US. Remember I live in the >> EU, >> | where software patents don't exist. So it doesn't violate >> anything, as >> | there is nothing to violate. >> | :-) >> | >> |> So if Trend Micro can get away with this then we are all up >> |> against the legal wall as well. >> | Oh no we're not... >> >> Well You are right about you and me. But those users using >> MailScanner >> in the US? They are violating the patent in question. So some of "us" >> might be liable as well if this stinking deal goes on. > But I thought patents affected the designers of such systems, not the > users. They are going after Barracuda, not their customers. That's the normal way of going after it, but they can theoretically go after users too -- as SCO did in the not-too-distant past. Arseholes. Cheers, Nick From steve at fsl.com Tue Jan 29 22:44:02 2008 From: steve at fsl.com (Stephen Swaney) Date: Tue Jan 29 22:44:11 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F94AC.9040804@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F94AC.9040804@ecs.soton.ac.uk> Message-ID: <479FAC32.9030703@fsl.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > But actually, having read the patent a bit more, does it affect > MailScanner theoretically? I can't tell, the legalese is so horrible to > understand. > It doesn't affect MailScanner practically, as it's a US patent and so I > am totally out of their jurisdiction. > > Julian Field wrote: > >> * PGP Signed: 01/29/08 at 20:53:25 >> >> Having had a quick flick through the patent itself, it does not appear >> to apply to my design of MailScanner, as it's not a proxy server in >> any form. >> >> But it does affect just about every other system on the planet. This >> really should never have been allowed as a patent. Fortunately the EU >> doesn't have software patents, so they couldn't come after me even if >> they wanted to, or could :-) >> >> These guys really are low-life pond weed. >> >> Agreed. So I just registered boycott-trendmicro.org. I don't yet know what I'd do with the domain name name but I don't think I'll ever buy or recommend Trend Micro products. Any ideas on what to do with the domain, please let me know :) Steve Steve Swaney steve@fsl.com www.fsl.com From jon at radel.com Tue Jan 29 22:51:22 2008 From: jon at radel.com (Jon Radel) Date: Tue Jan 29 22:51:45 2008 Subject: OT: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FA773.6080806@vanderkooij.org> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com><200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> <479FA515.9070902@ecs.soton.ac.uk> <479FA773.6080806@vanderkooij.org> Message-ID: <479FADEA.3070808@radel.com> Hugo van der Kooij wrote: > > Julian Field wrote: > | > | Scott Silva wrote: > > |> But win or lose, the lawyers still get paid. > | But they pay with their soul... > > I would say their job description pretty much forbids any of them to > actually have one to start with. While I've met lawyers whose smile is best compared to that of a shark, I'm starting to find the wholesale character assassination here very tedious. Have we actually heard that the lawyers involved have done anything underhanded or shady in following the requests of whomever is making these particular business decisions at Trend Micro? Personally, I'm pleased as punch to being living in a country where the rule of law [mostly] holds, there's a process [a bit flawed] for getting laws changed, and we don't have Trend Micro deciding between sending over the guys with big sticks to beat the crap out of Barracuda's CEO, or having the local warlord they've been sucking up to do it for them. OK, I'm outta here again. --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2890 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080129/16f2cbc1/smime.bin From ssilva at sgvwater.com Tue Jan 29 22:58:54 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 29 22:59:16 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FA515.9070902@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com><200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> <479FA515.9070902@ecs.soton.ac.uk> Message-ID: on 1/29/2008 2:13 PM Julian Field spake the following: > > > Scott Silva wrote: >> on 1/29/2008 1:41 PM Rose, Bobby spake the following: >>> But wouldn't MailScanner be more closely aligned as a MUA and not a MTA. >>> If the patent applies to the MTA handing the message off to a scanner >>> then that would apply to sendmail milters and such. Hell, it could even >>> be applied to SpamAssassin in a milter setup. >>> >>> Trend Micro should review how well indefensible patent suits have worked >>> out for Sun >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo >>> van der Kooij >>> Sent: Tuesday, January 29, 2008 4:08 PM >>> To: MailScanner discussion >>> Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus >>> >>> dnsadmin 1bigthink.com wrote: >>> >>> | Any good, dead lawyer jokes, anybody? >>> >>> Perhaps we should put layers to good use and let them sue Osama in >>> person. >>> >>> But in fact it does not matter what scanner you use. The way they put it >>> any viruscanner called upon by MailScanner is a violation of the patent >>> as well. So if Trend Micro can get away with this then we are all up >>> against the legal wall as well. >>> >>> Hugo. >>> >>> >> But win or lose, the lawyers still get paid. > But they pay with their soul... Their what? Ask any lawyer... morals and a soul won't get you that new BMW and a partnership. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080129/65649595/signature.bin From gerard at seibercom.net Wed Jan 30 01:44:22 2008 From: gerard at seibercom.net (Gerard) Date: Wed Jan 30 01:44:45 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FA515.9070902@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> <479FA515.9070902@ecs.soton.ac.uk> Message-ID: <20080129204422.19173250@scorpio> On Tue, 29 Jan 2008 22:13:41 +0000 Julian Field wrote: > > But win or lose, the lawyers still get paid. > But they pay with their soul... Personally, I believe this whole discussion is nothing more than a useless exercise. In the end, what happens is what was suppose to happen and nothing anyone of us does is going to change that. Other than wasting bandwidth with useless rhetoric, nothing of any substance is ever going to come about from all this banter. -- Gerard gerard@seibercom.net Life would be tolerable but for its amusements. George Bernard Shaw -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080129/39331c8d/signature.bin From hvdkooij at vanderkooij.org Wed Jan 30 06:39:14 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jan 30 06:39:47 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <20080129204422.19173250@scorpio> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <8F2A53954C22554EB75D9643FCCE0C6B0659DE4C@MED-CORE03-MS1.med.wayne.edu> <479FA515.9070902@ecs.soton.ac.uk> <20080129204422.19173250@scorpio> Message-ID: <47A01B92.4080100@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerard wrote: | On Tue, 29 Jan 2008 22:13:41 +0000 | Julian Field wrote: | |>> But win or lose, the lawyers still get paid. |> But they pay with their soul... | | Personally, I believe this whole discussion is nothing more than a | useless exercise. In the end, what happens is what was suppose to | happen and nothing anyone of us does is going to change that. Other | than wasting bandwidth with useless rhetoric, nothing of any substance | is ever going to come about from all this banter. Never heard of steam vents? The prime mission of the banters is to release pressure. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHoBuQBvzDRVjxmYERAj0/AJ9vgAtdH/444qxWk1CqNOisli0vHgCfTDpj unO82dMjplMDQmx9JWhh+rQ= =j3Hl -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Wed Jan 30 06:41:36 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jan 30 06:42:03 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F9518.9030003@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F9518.9030003@ecs.soton.ac.uk> Message-ID: <47A01C20.6020408@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | And exactly how do Barracuda systems work anyway? Basicaly they are build around postfix + amavisd. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHoBweBvzDRVjxmYERAi2YAJ4ocz5MxMykAJTcCFadwx1hvoNLSgCeLxZ5 ElIzHJZakeVCmIcQv9B5paM= =w20P -----END PGP SIGNATURE----- From R.Sterenborg at netsourcing.nl Wed Jan 30 06:50:59 2008 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Wed Jan 30 06:52:30 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F9D29.2000805@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com><479F95AC.1090201@vanderkooij.org> <479F9D29.2000805@ecs.soton.ac.uk> Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2405D94ECB@WISENT.dcyb.net> Julian Fields wrote: > But MailScanner is not written in the US. Remember I live in the EU, > where software patents don't exist. So it doesn't violate anything, > as there is nothing to violate. :-) Yes, well, that might change as AFAIK the EU are still strugling to create patent law. The outcome is, so far, not clear and there's no telling if it would be an as useless and stupid-ass patent-law as in the US: the people that create these kind of laws are usualy blessed with ignorance on the subject and/or are subject to lobbies by large enterprises that benefit from these laws. So, *if* such law arrives (and let's pray it doesn't), it might affect MailScanner too when Trend Micro gets to register the same patent in the EU. Grts, Rob From uxbod at splatnix.net Wed Jan 30 08:23:39 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 30 08:23:58 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FAC32.9030703@fsl.com> Message-ID: <10889829.23061201681419287.JavaMail.root@office.splatnix.net> How about a online petition Steve ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Stephen Swaney" wrote: > Julian Field wrote: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Wed Jan 30 08:48:28 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Jan 30 08:48:45 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479FA4D9.6020909@ecs.soton.ac.uk> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> <479F9D29.2000805@ecs.soton.ac.uk> <479FA061.9090001@vanderkooij.org> <479FA4D9.6020909@ecs.soton.ac.uk> Message-ID: <1201682908.27441.1.camel@gblades-suse.linguaphone-intranet.co.uk> On Tue, 2008-01-29 at 22:12, Julian Field wrote: > But I thought patents affected the designers of such systems, not the > users. They are going after Barracuda, not their customers. They can always stop the systems from being sold in the US. However MailScanner is never sold as its free ;) From martinh at solidstatelogic.com Wed Jan 30 08:58:21 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Jan 30 08:58:34 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <1201682908.27441.1.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <987c37363376ec4da4a87eba01a7a2dd@solidstatelogic.com> Heh I see McAffee and Symantec have already dolled the money as it's cheaper than "fighting a stupid patent" (tm). ;-( -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gareth > Sent: 30 January 2008 08:48 > To: MailScanner discussion > Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus > > On Tue, 2008-01-29 at 22:12, Julian Field wrote: > > But I thought patents affected the designers of such systems, not the > > users. They are going after Barracuda, not their customers. > > They can always stop the systems from being sold in the US. > However MailScanner is never sold as its free ;) > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From jkf at ecs.soton.ac.uk Wed Jan 30 09:56:31 2008 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 30 09:56:53 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <987c37363376ec4da4a87eba01a7a2dd@solidstatelogic.com> References: <987c37363376ec4da4a87eba01a7a2dd@solidstatelogic.com> Message-ID: <47A049CF.2070805@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One bit of bad news. I just discovered the patent was also granted in the UK as GB2309561. So it does affect me :-( How they got that one through when we theoretically don't have software patents is beyond me. Martin.Hepworth wrote: > Heh > > I see McAffee and Symantec have already dolled the money as it's cheaper than "fighting a stupid patent" (tm). ;-( > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Gareth >> Sent: 30 January 2008 08:48 >> To: MailScanner discussion >> Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus >> >> On Tue, 2008-01-29 at 22:12, Julian Field wrote: >> >>> But I thought patents affected the designers of such systems, not the >>> users. They are going after Barracuda, not their customers. >>> >> They can always stop the systems from being sold in the US. >> However MailScanner is never sold as its free ;) >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules - -- Julian Field MBCS CITP CEng jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHoEnQEfZZRxQVtlQRAr7vAJ0Wvkzrgmyp624xmilsfJ5GCOmPiACguuTk yT4uVt58m/2rXPOgliFH5ao= =mej6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 30 10:19:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 30 10:20:05 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A049CF.2070805@ecs.soton.ac.uk> References: <987c37363376ec4da4a87eba01a7a2dd@solidstatelogic.com> <47A049CF.2070805@ecs.soton.ac.uk> Message-ID: <47A04F3B.6090709@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fortunately the patent was published in 1997 (which I beat by years) and was filed ("PRS Date"?) in November 2000, which I also pre-date. Not that I care anyway :-) Julian Field wrote: > * PGP Signed: 01/30/08 at 09:56:32 > > One bit of bad news. I just discovered the patent was also granted in > the UK as > > GB2309561. So it does affect me :-( > How they got that one through when we theoretically don't have > software patents is beyond me. > > > Martin.Hepworth wrote: >> Heh >> >> I see McAffee and Symantec have already dolled the money as it's >> cheaper than "fighting a stupid patent" (tm). ;-( >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Gareth >>> Sent: 30 January 2008 08:48 >>> To: MailScanner discussion >>> Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus >>> >>> On Tue, 2008-01-29 at 22:12, Julian Field wrote: >>> >>>> But I thought patents affected the designers of such systems, not the >>>> users. They are going after Barracuda, not their customers. >>>> >>> They can always stop the systems from being sold in the US. >>> However MailScanner is never sold as its free ;) >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for >> the addressee only and may be confidential. If they come to you in >> error you must take no action based on them, nor must you copy or >> show them to anyone. Please advise the sender by replying to this >> e-mail immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We >> advise that you consider this fact when e-mailing us. Viruses : We >> have taken steps to ensure that this e-mail and any attachments are >> free from known viruses but in keeping with good computing practice, >> you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales (Company >> No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHoE88EfZZRxQVtlQRAi9DAKCnElA17a3vDSX1CLuYpBvFBIqjsACeJTEb vG1g/UEs/+y7Hshjvc6DXT4= =x8Wa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 30 10:23:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 30 10:24:10 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A049CF.2070805@ecs.soton.ac.uk> References: <987c37363376ec4da4a87eba01a7a2dd@solidstatelogic.com> <47A049CF.2070805@ecs.soton.ac.uk> Message-ID: <47A0502F.6020604@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ah, no, I take that back. It wasn't granted, it was refused here in the UK. Here's a quote from my local tame librarian: It wasn't granted it was merely published but having a look at the legal status of the published document it states: - APPLICATION WITHDRAWN, TAKEN TO BE WITHDRAWN OR REFUSED ** AFTER PUBLICATION UNDER SECTION 16(1) For some reason I either didn't paste or deleted the final (A) in the GB number which is in full: GB2309561 (A) meaning it is an application rather than a full patent. Mea culpa. Julian Field wrote: > * PGP Signed: 01/30/08 at 09:56:32 > > One bit of bad news. I just discovered the patent was also granted in > the UK as > > GB2309561. So it does affect me :-( > How they got that one through when we theoretically don't have > software patents is beyond me. > > > Martin.Hepworth wrote: >> Heh >> >> I see McAffee and Symantec have already dolled the money as it's >> cheaper than "fighting a stupid patent" (tm). ;-( >> >> -- >> Martin Hepworth >> Snr Systems Administrator >> Solid State Logic >> Tel: +44 (0)1865 842300 >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Gareth >>> Sent: 30 January 2008 08:48 >>> To: MailScanner discussion >>> Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus >>> >>> On Tue, 2008-01-29 at 22:12, Julian Field wrote: >>> >>>> But I thought patents affected the designers of such systems, not the >>>> users. They are going after Barracuda, not their customers. >>>> >>> They can always stop the systems from being sold in the US. >>> However MailScanner is never sold as its free ;) >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> >> >> >> ********************************************************************** >> Confidentiality : This e-mail and any attachments are intended for >> the addressee only and may be confidential. If they come to you in >> error you must take no action based on them, nor must you copy or >> show them to anyone. Please advise the sender by replying to this >> e-mail immediately and then delete the original from your computer. >> Opinion : Any opinions expressed in this e-mail are entirely those of >> the author and unless specifically stated to the contrary, are not >> necessarily those of the author's employer. >> Security Warning : Internet e-mail is not necessarily a secure >> communications medium and can be subject to data corruption. We >> advise that you consider this fact when e-mailing us. Viruses : We >> have taken steps to ensure that this e-mail and any attachments are >> free from known viruses but in keeping with good computing practice, >> you should ensure that they are virus free. >> >> Red Lion 49 Ltd T/A Solid State Logic >> Registered as a limited company in England and Wales (Company >> No:5362730) >> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, >> United Kingdom >> ********************************************************************** >> >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHoFAwEfZZRxQVtlQRAg54AKC6qUpEPFpDcLMl+WBdquAgFzBY/wCg2tJD 17BygeeHqQZiYLnlZ5OqU54= =890y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Wed Jan 30 10:25:42 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jan 30 10:26:03 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A049CF.2070805@ecs.soton.ac.uk> References: <987c37363376ec4da4a87eba01a7a2dd@solidstatelogic.com> <47A049CF.2070805@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02D789B8@HC-MBX02.herefordshire.gov.uk> See also "High Court approves software patents" http://www.theregister.co.uk/2008/01/28/ipo_software_patents/ Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 30 January 2008 09:57 > To: MailScanner discussion > Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > One bit of bad news. I just discovered the patent was also granted in > the UK as > > GB2309561. So it does affect me :-( > How they got that one through when we theoretically don't > have software patents is beyond me. > > > Martin.Hepworth wrote: > > Heh > > > > I see McAffee and Symantec have already dolled the money as > it's cheaper than "fighting a stupid patent" (tm). ;-( > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Gareth > >> Sent: 30 January 2008 08:48 > >> To: MailScanner discussion > >> Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus > >> > >> On Tue, 2008-01-29 at 22:12, Julian Field wrote: > >> > >>> But I thought patents affected the designers of such > systems, not the > >>> users. They are going after Barracuda, not their customers. > >>> > >> They can always stop the systems from being sold in the US. > >> However MailScanner is never sold as its free ;) > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are > intended for the > > addressee only and may be confidential. If they come to you > in error > > you must take no action based on them, nor must you copy or > show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are > entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data > corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > > ********************************************************************** > > > > > > Jules > > - -- > Julian Field MBCS CITP CEng > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHoEnQEfZZRxQVtlQRAr7vAJ0Wvkzrgmyp624xmilsfJ5GCOmPiACguuTk > yT4uVt58m/2rXPOgliFH5ao= > =mej6 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From support-lists at petdoctors.co.uk Wed Jan 30 10:25:43 2008 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Wed Jan 30 10:26:21 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A049CF.2070805@ecs.soton.ac.uk> Message-ID: <000c01c8632a$787503d0$3c65a8c0@support01> Jules, I just did a quick Google on that patent number and it took me to: http://www.ipo.gov.uk/2000-5816.pdf Which has that patent listed on page 48 under: "This index lists, according to the year of application and in ascending application number within each year, applications which have been withdrawn, treated as having been withdrawn, refused, or treated as having been refused, after publication under Section 16(1). Alongside each application is the related publication number." So this needs further investigation (I am just about to leave site). Nigel From uxbod at splatnix.net Wed Jan 30 10:29:30 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 30 10:30:01 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A0502F.6020604@ecs.soton.ac.uk> Message-ID: <30475185.23511201688970102.JavaMail.root@office.splatnix.net> stop panicing Jules ;) I am sure all is going to work out well. Trend are only doing it because people are not buying their AV product to use on SMTP gateways, and see it as a big earner. Wonder how it would effect people like MessageLabs? Then again they potentially use Trend AV and others so would be paying some money for scanner licensing. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 30 10:40:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 30 10:41:04 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <30475185.23511201688970102.JavaMail.root@office.splatnix.net> References: <30475185.23511201688970102.JavaMail.root@office.splatnix.net> Message-ID: <47A05429.8000908@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MessageLabs certainly always used to run McAfee. So far, software patents still don't exist in the EU at all, so I'm not remotely worried :-) - --[ UxBoD ]-- wrote: > stop panicing Jules ;) I am sure all is going to work out well. Trend are only doing it because people are not buying their AV product to use on SMTP gateways, and see it as a big earner. Wonder how it would effect people like MessageLabs? Then again they potentially use Trend AV and others so would be paying some money for scanner licensing. > > Regards, > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFHoFQqEfZZRxQVtlQRAoAOAKCPhF2fyTE77yaxB8Ix/kwtgxGQFQCg4Z3A hvBAcVingnOnOpjKeRrnCd4= =btL2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Jan 30 10:49:25 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jan 30 10:49:35 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A05429.8000908@ecs.soton.ac.uk> References: <30475185.23511201688970102.JavaMail.root@office.splatnix.net> <47A05429.8000908@ecs.soton.ac.uk> Message-ID: <223f97700801300249t2d62bfdr7a1fde419d4490eb@mail.gmail.com> Nothing beats 'prior art'. Glenn On 30/01/2008, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > MessageLabs certainly always used to run McAfee. > So far, software patents still don't exist in the EU at all, so I'm not > remotely worried :-) > > - --[ UxBoD ]-- wrote: > > stop panicing Jules ;) I am sure all is going to work out well. Trend are > only doing it because people are not buying their AV product to use on SMTP > gateways, and see it as a big earner. Wonder how it would effect people > like MessageLabs? Then again they potentially use Trend AV and others so > would be paying some money for scanner licensing. > > > > Regards, > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: UTF-8 > > wj8DBQFHoFQqEfZZRxQVtlQRAoAOAKCPhF2fyTE77yaxB8Ix/kwtgxGQFQCg4Z3A > hvBAcVingnOnOpjKeRrnCd4= > =btL2 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Wed Jan 30 10:54:19 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 30 11:20:35 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A05429.8000908@ecs.soton.ac.uk> Message-ID: <15636329.23541201690459811.JavaMail.root@office.splatnix.net> yes they run multiple AV scanners using their own C code wrapper I believe. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve at fsl.com Wed Jan 30 11:44:32 2008 From: steve at fsl.com (Stephen Swaney) Date: Wed Jan 30 11:44:42 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <10889829.23061201681419287.JavaMail.root@office.splatnix.net> References: <10889829.23061201681419287.JavaMail.root@office.splatnix.net> Message-ID: <47A06320.2010106@fsl.com> --[ UxBoD ]-- wrote: > How about a online petition Steve ? > > Regards, > > Not a bad idea. Signatures from open source users who protest against the lawsuit and will not buy or recommend TrendMicro products. Along with a blog on the lawsuit and how it proceeds. Anyone who wants to help or participate, please drop me a line off list. Steve Steve Swaney steve@fsl.com www.fsl.com From J.Ede at birchenallhowden.co.uk Wed Jan 30 12:02:57 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Jan 30 12:04:26 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A05429.8000908@ecs.soton.ac.uk> References: <30475185.23511201688970102.JavaMail.root@office.splatnix.net>, <47A05429.8000908@ecs.soton.ac.uk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760CE7581D57@server02.bhl.local> When was the TREND software patent granted in the States? Surely if MailScanner was available to American citizens before that date then it should be classed as prior art overe there too? ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field [MailScanner@ecs.soton.ac.uk] Sent: 30 January 2008 10:40 To: MailScanner discussion Subject: Re: Trend Micro Sues Barracuda Over Open Source Anti-Virus -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MessageLabs certainly always used to run McAfee. So far, software patents still don't exist in the EU at all, so I'm not remotely worried :-) - --[ UxBoD ]-- wrote: > stop panicing Jules ;) I am sure all is going to work out well. Trend are only doing it because people are not buying their AV product to use on SMTP gateways, and see it as a big earner. Wonder how it would effect people like MessageLabs? Then again they potentially use Trend AV and others so would be paying some money for scanner licensing. > > Regards, > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFHoFQqEfZZRxQVtlQRAoAOAKCPhF2fyTE77yaxB8Ix/kwtgxGQFQCg4Z3A hvBAcVingnOnOpjKeRrnCd4= =btL2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hofu12 at physik.tu-darmstadt.de Wed Jan 30 13:27:07 2008 From: hofu12 at physik.tu-darmstadt.de (Joachim Holzfuss) Date: Wed Jan 30 13:27:30 2008 Subject: backscatter by DSN: Service unavailable In-Reply-To: <479DB334.7090804@gmail.com> References: <223f97700801240559g1b0396c9rc94636e162c962e0@mail.gmail.com> <479DB334.7090804@gmail.com> Message-ID: Thanks for your input! Ronny T. Lampert wrote: >>> our primary mailserver tags the spam and relays mail to other >>> mailservers. >>> Those sometimes have a different view of accepting messages >>> and frequently reject spam mail >>> (different view of DNS, different RFC inforcement). The primary server >>> backscatters the tagged spam to falsified sender addresses. >> >> >> Do you already do recipient verification (call ahead type of thing)? >> Might solve a few of your problems:-). > > Actually, when thinking more about the problem -- your problem is kinda > hard. SMTP is a store and forward system, and once anybody in your whole > routing domain has accepted a mail, he's stuck with it. > > The cleanest solution would be to talk with those subdomain admins and > try to improve your frontend up to a level they will gladly accept. So many people, so many systems, changing every month... > > The quickest solution is to try and reduce the bounces by doing some > kind of milter-ahead solution; this will maybe reduce the backscatter by > around 50% (rule of experience) but cannot completely eliminate it. > Are you familiar with that kind of setup? If not, tell us what SMTPd > you're using and we can point you into a direction. I thought milter ahead will reduce backscatter from DSN send because of not existing wrong rcpt to: messages (Am I wrong here?). Those are not the problem at the moment. I get spammy non-conformous mail_from domains (valid A record , invalid MX) that my sendmail 8.13.8 relays but other postfixes may not. Also DNS name resolution might differ between different servers. > > > You also can reduce the time mail is kept in your queues in case a > server goes down, that will expire those backscatter more quickly. wait wait, that's another backscatter source, if one (sub) server goes down for 4 hours, all the invalid senders of queued spam messages get notified (i got this horrible scenario once) > > > As for the watermarking - MailScanner can do that and you can have a > "shared secret" so you can trust those watermarks. > ATM I'm quite unsure how to use that in your setting, though, as those > watermarks would have to contain some kind of commands, like > "backscatter mail, delete it" or so. I wish it would be possible in mailscanner to have if (from (subserver = TRUE) AND (watermark OK) and (SPAM = TRUE)) delete (I saw it, others don't want it) if (from (subserver = TRUE) AND (SPAM = TRUE)) bounce back to sender@subserver, (rewrite your email) All in all I would like to stick with mailserver and no milters, but .... I just can't catch those DSN replies, they are sent without getting processed by mailscanner. Joachim > > > Cheers, > Ronny From gborders at balanceconsult.com Wed Jan 30 14:37:52 2008 From: gborders at balanceconsult.com (Greg Borders) Date: Wed Jan 30 14:40:10 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A01C20.6020408@vanderkooij.org> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F9518.9030003@ecs.soton.ac.uk> <47A01C20.6020408@vanderkooij.org> Message-ID: <47A08BC0.5050308@balanceconsult.com> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > | And exactly how do Barracuda systems work anyway? > > Basicaly they are build around postfix + amavisd. > > Hugo. > Could beat them at their own game, and "invent" a better system than theirs, and file for a patent that is an improvement on theirs, and you become top dog! I'm sure the FSL systems boxes easily run circles around those fishy Baracudas. ;) -- This email message and any document accompanying it may contain information intended only for the person(s) named. Any use, distribution, copying or disclosure by another person is strictly prohibited. NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: DISCLOSURE UNDER TREASURY CIRCULAR 230: Any tax advice included in this written or electronic communication was not intended or written to be used, and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer by any governmental taxing authority or agency. This written or electronic communication does not represent legal advice. Persons in need of a legal opinion should seek competent counsel. From uxbod at splatnix.net Wed Jan 30 14:50:16 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 30 14:50:46 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A08BC0.5050308@balanceconsult.com> Message-ID: <12566128.24201201704616200.JavaMail.root@office.splatnix.net> Hmmm, wonder how Zimbra aka. Yahoo! will see this one. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve at fsl.com Wed Jan 30 14:57:19 2008 From: steve at fsl.com (Stephen Swaney) Date: Wed Jan 30 14:57:29 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <12566128.24201201704616200.JavaMail.root@office.splatnix.net> References: <12566128.24201201704616200.JavaMail.root@office.splatnix.net> Message-ID: <47A0904F.5050707@fsl.com> --[ UxBoD ]-- wrote: > Hmmm, wonder how Zimbra aka. Yahoo! will see this one. > > Regards, > > We'll just have to wait and see. I'll put out some daily web scrapes on the New regarding the case. Steve From P.G.M.Peters at utwente.nl Wed Jan 30 14:58:29 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Wed Jan 30 14:58:44 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A01C20.6020408@vanderkooij.org> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F9518.9030003@ecs.soton.ac.uk> <47A01C20.6020408@vanderkooij.org> Message-ID: <47A09095.7070808@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote on 30-1-2008 7:41: > Julian Field wrote: > | And exactly how do Barracuda systems work anyway? > > Basicaly they are build around postfix + amavisd. But it is one system. It accepts e-mail, scans it and delivers it. In that way it is kind of a proxy. In the case of MailScanner is is not itself accepting messages and it is not itself sending them out again. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHoJCUelLo80lrIdIRAuxdAJ4vBjo+Xj8E1RqI6d+YuW+66tfFZwCfXKX0 oXjEBWZcaOV2jUnanBJPjcs= =+hT7 -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Wed Jan 30 15:05:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 30 15:05:44 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A09095.7070808@utwente.nl> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F9518.9030003@ecs.soton.ac.uk> <47A01C20.6020408@vanderkooij.org> <47A09095.7070808@utwente.nl> Message-ID: <47A0922C.3080202@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Peters wrote: > * PGP Signed by an unverified key: 01/30/08 at 14:58:28 > > Hugo van der Kooij wrote on 30-1-2008 7:41: > >> Julian Field wrote: >> | And exactly how do Barracuda systems work anyway? >> >> Basicaly they are build around postfix + amavisd. >> > > But it is one system. It accepts e-mail, scans it and delivers it. In > that way it is kind of a proxy. In the case of MailScanner is is not > itself accepting messages and it is not itself sending them out again. > Very good point. So I'm okay (even if I was in the USA) as MailScanner is not "the complete system" and just a component of it. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHoJIsEfZZRxQVtlQRAl8gAJ4h72tGrFLUwoc2QdtNDqA0BfPdowCgwaBv uQA/e9acY+/SpRBhuQyRuW0= =el2X -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From clacroix at cegep-ste-foy.qc.ca Wed Jan 30 15:14:49 2008 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Jan 30 15:15:07 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A09095.7070808@utwente.nl> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F9518.9030003@ecs.soton.ac.uk> <47A01C20.6020408@vanderkooij.org> <47A09095.7070808@utwente.nl> Message-ID: <47A09469.4090008@cegep-ste-foy.qc.ca> True, it's just playing directly with the mails in queue which Wietse is still mad at jules for :) mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files. Peter Peters a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hugo van der Kooij wrote on 30-1-2008 7:41: > >> Julian Field wrote: >> | And exactly how do Barracuda systems work anyway? >> >> Basicaly they are build around postfix + amavisd. >> > > But it is one system. It accepts e-mail, scans it and delivers it. In > that way it is kind of a proxy. In the case of MailScanner is is not > itself accepting messages and it is not itself sending them out again. > > - -- > Peter Peters, Teamleider Unix/Linux-Beheer > ICT-Servicecentrum > Universiteit Twente, Postbus 217, 7500 AE Enschede > Telefoon 053 489 2301, Fax 053 489 2383, > P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHoJCUelLo80lrIdIRAuxdAJ4vBjo+Xj8E1RqI6d+YuW+66tfFZwCfXKX0 > oXjEBWZcaOV2jUnanBJPjcs= > =+hT7 > -----END PGP SIGNATURE----- > > From uxbod at splatnix.net Wed Jan 30 15:13:25 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Jan 30 15:31:32 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A0922C.3080202@ecs.soton.ac.uk> Message-ID: <11589056.24291201706005870.JavaMail.root@office.splatnix.net> MailScanner = No but DefenderMX = Yes, but only when it delivers to another node. So instead of a node, just send it to a second Postfix instance, and then another node for final delivery ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikea at mikea.ath.cx Wed Jan 30 16:06:33 2008 From: mikea at mikea.ath.cx (mikea) Date: Wed Jan 30 16:06:45 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <479F95AC.1090201@vanderkooij.org> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <7d9a8b360801291137raa981c2w6ff024a9b4a7a01c@mail.gmail.com> <200801292033.m0TKXPrL020603@mxt.1bigthink.com> <479F95AC.1090201@vanderkooij.org> Message-ID: <20080130160633.GE85119@mikea.ath.cx> On Tue, Jan 29, 2008 at 10:07:56PM +0100, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > dnsadmin 1bigthink.com wrote: > > | Any good, dead lawyer jokes, anybody? > > Perhaps we should put layers to good use and let them sue Osama in person. > > But in fact it does not matter what scanner you use. The way they put it > any viruscanner called upon by MailScanner is a violation of the patent > as well. So if Trend Micro can get away with this then we are all up > against the legal wall as well. > > Hugo. Well, I understand that one of the patent authors was involved in a malware-filtering project at a previous job, and then came to work for Barracuda. That, if true, could make life a little interesting for Trend. But the patent, as I understand it, doesn't cover MailScanner's mode of operation. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From P.G.M.Peters at utwente.nl Wed Jan 30 16:08:19 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Wed Jan 30 16:08:33 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <11589056.24291201706005870.JavaMail.root@office.splatnix.net> References: <11589056.24291201706005870.JavaMail.root@office.splatnix.net> Message-ID: <47A0A0F3.4000000@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --[ UxBoD ]-- wrote on 30-1-2008 16:13: > MailScanner = No but DefenderMX = Yes, but only when it delivers to > another node. So instead of a node, just send it to a second Postfix > instance, and then another node for final delivery ;) As long as DefenderMX is not an appliance it would be safe. But when the second postfix runs on the same system and is controlled by DefenderMX it would still be subject to the patent. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHoKDyelLo80lrIdIRAh8mAJwL131cwS31fDAPv66xF1TMI+qxAgCeOmCT +DNscXX3drbSVuCzLV16x9I= =CWz0 -----END PGP SIGNATURE----- From dyioulos at firstbhph.com Wed Jan 30 16:31:14 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jan 30 16:31:31 2008 Subject: Internal use only Message-ID: <200801301131.14619.dyioulos@firstbhph.com> Hi, folks. A particular department in our company wants to restrict its employees to sending email to, and receiving it from, our domain only. I came across a post that discusses that, using CustomConfig.pm and internal.accounts.conf (at least to limit sending to domain only). I have a couple of questions: do I add &InternalActions to the directives I already, as in: "Non Spam Actions = deliver &InternalActions" "Spam Actions = store deliver &InternalActions" etc.? Does this also limit inbound messages to the user to domain mail only? If not, how do I accomplish that? Anthing else I should know/do to limit a user to domain mail only? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Wed Jan 30 16:56:30 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Jan 30 16:55:48 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A049CF.2070805@ecs.soton.ac.uk> References: <987c37363376ec4da4a87eba01a7a2dd@solidstatelogic.com> <47A049CF.2070805@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > One bit of bad news. I just discovered the patent was also granted in > the UK as > > GB2309561. So it does affect me :-( > How they got that one through when we theoretically don't have > software patents is beyond me. Well, it only affects you in the sense that MS *can* run a virus scanner. But you're not bundling any scanners with MS so I'm not sure what grounds they could come after you on. One could argue that the spamassassin/clamav bundle sorta falls into this arena, but it's not a proxy - it's just software that a user can install. So all in all, I'm not sure it affects you in any material way. One can run ClamAV alongside MS, but a stock install of MS doesn't. The end user adds it. I'd think Trend would have to come after the end user. We all know what a winning strategy that was for SCO. FSL devices may be more at risk however, if they come bundled with. As always my legal advice, of course, is worth exactly what you paid for it... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From gugafer51 at gmail.com Wed Jan 30 16:57:30 2008 From: gugafer51 at gmail.com (Gustavo FC) Date: Wed Jan 30 16:57:39 2008 Subject: User's notifications. Message-ID: <73e0f9580801300857l1c6a6eabl3d7992f718879752@mail.gmail.com> Hi How can I disable the notifications send to users when theirs email is deleted, stored, etc? Gustavo F.C. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080130/58c647d6/attachment.html From gborders at balanceconsult.com Wed Jan 30 17:04:05 2008 From: gborders at balanceconsult.com (Greg Borders) Date: Wed Jan 30 17:06:33 2008 Subject: User's notifications. In-Reply-To: <73e0f9580801300857l1c6a6eabl3d7992f718879752@mail.gmail.com> References: <73e0f9580801300857l1c6a6eabl3d7992f718879752@mail.gmail.com> Message-ID: <47A0AE05.7010209@balanceconsult.com> Gustavo FC wrote: > Hi > > How can I disable the notifications send to users when theirs email is > deleted, stored, etc? > > > Gustavo F.C. In your MailScanner.conf you will have this setting with similar actions. # What to do with spam # -------------------- # notify - Send the recipients a short notification that # spam addressed to them was not delivered. They # can then take action to request retrieval of # the original message if they think it was not # spam. Spam Actions = store deliver notify Take out the notify. Update the same for the other "Actions" sections. Restart MailScanner Done! -- This email message and any document accompanying it may contain information intended only for the person(s) named. Any use, distribution, copying or disclosure by another person is strictly prohibited. NOTICE TO PERSONS SUBJECT TO UNITED STATES TAXATION: DISCLOSURE UNDER TREASURY CIRCULAR 230: Any tax advice included in this written or electronic communication was not intended or written to be used, and it cannot be used by the taxpayer, for the purpose of avoiding any penalties that may be imposed on the taxpayer by any governmental taxing authority or agency. This written or electronic communication does not represent legal advice. Persons in need of a legal opinion should seek competent counsel. From steve at fsl.com Wed Jan 30 17:09:49 2008 From: steve at fsl.com (Stephen Swaney) Date: Wed Jan 30 17:09:59 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <11589056.24291201706005870.JavaMail.root@office.splatnix.net> References: <11589056.24291201706005870.JavaMail.root@office.splatnix.net> Message-ID: <47A0AF5D.6020903@fsl.com> --[ UxBoD ]-- wrote: > MailScanner = No but DefenderMX = Yes, but only when it delivers to another node. So instead of a node, just send it to a second Postfix instance, and then another node for final delivery ;) > > Regards, > > Actually DefenderMX works just like MailScanner and delivers to the inbound mailq where MailScanner does the scanning and delivery. BarricadeMX can be configured to deliver to an MTA on the same host of deliver to another node. Steve Steve Swaney steve@swaney.com www.fsl.com From michael at taylex.com Wed Jan 30 17:17:42 2008 From: michael at taylex.com (Michael McGovern) Date: Wed Jan 30 17:18:25 2008 Subject: FreeBSD Easy installation Message-ID: <000301c86364$062f6d30$128e4790$@com> Hi all, this is my first mail list post so I hope I am doing this right. I have installed MailScanner many times on FreeBSD but am by no means a guru of either. My question is rather than installing SA, clamAV, and all the rest of the ports manually before installing MS is there any reason not to just install FreeBSD, pull my ports and sources down and then install MailScanner from the FreeBSD port letting it install the dependencies? I tried it in a test VM and it seems to work just fine. I just want to know if there is a reason I should not do it that way. Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080130/d7fcd7db/attachment.html From drew.marshall at technologytiger.net Wed Jan 30 18:23:10 2008 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Wed Jan 30 18:23:22 2008 Subject: FreeBSD Easy installation In-Reply-To: <000301c86364$062f6d30$128e4790$@com> References: <000301c86364$062f6d30$128e4790$@com> Message-ID: <3388e211e344be33175db3187c5d54c0@mail.technologytiger.net> On Wed, 30 Jan 2008 12:17:42 -0500, "Michael McGovern" wrote: Hi all, this is my first mail list post so I hope I am doing this right.I have installed MailScanner many times on FreeBSD but am by no means a guru of either. My question is rather than installing SA, clamAV, and all the rest of the ports manually before installing MS is there any reason not to just install FreeBSD, pull my ports and sources down and then install MailScanner from the FreeBSD port letting it install the dependencies? I tried it in a test VM and it seems to work just fine. I just want to know if there is a reason I should not do it that way.Mike Mike That is just fine. It's how I do it as it makes life much quicker and easier. Jan-Peter does a great job keeping the port up todate (Including dependencies). Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Tiger Mail www.technologytiger.net/tigermail from Technology Tiger. Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080130/5a467eff/attachment.html From mikael at syska.dk Wed Jan 30 18:33:10 2008 From: mikael at syska.dk (Mikael Syska) Date: Wed Jan 30 18:34:22 2008 Subject: FreeBSD Easy installation In-Reply-To: <000301c86364$062f6d30$128e4790$@com> References: <000301c86364$062f6d30$128e4790$@com> Message-ID: <47A0C2E6.3040909@syska.dk> Hi all most name brother. I use the FreeBSD port and all the dependencies from there ... and I have no problem what so ever ... only thing is that the person ( Can remember his name, but his German ), only updates the port once in a while ... so you can't run the newest all the time unless you use the source and compile it yourself. But this is the only thing(which aint a bad ting), because you are also sure its tested before you actually use it ... I run a freebsd 7.0-current system, scanning about 40k mails per day ... with only one problem. Once every 2-3 month it just stop scanning mails, and we have to restart the process. I have created a little shell script to look at the queue size, if its over 1000, its restarts the scanner. Go for the ports, I think its the best :-) thumps up from here ... best regards Mikael Syska Michael McGovern wrote: > > Hi all, this is my first mail list post so I hope I am doing this right. > > I have installed MailScanner many times on FreeBSD but am by no means > a guru of either. My question is rather than installing SA, clamAV, > and all the rest of the ports manually before installing MS is there > any reason not to just install FreeBSD, pull my ports and sources down > and then install MailScanner from the FreeBSD port letting it install > the dependencies? I tried it in a test VM and it seems to work just > fine. I just want to know if there is a reason I should not do it that > way. > > Mike > > > From mailscanner at pdscc.com Wed Jan 30 19:54:23 2008 From: mailscanner at pdscc.com (Harondel J. Sibble) Date: Wed Jan 30 19:54:07 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <20080129204422.19173250@scorpio> References: <000f01c862ac$d81c2800$3c65a8c0@support01>, <479FA515.9070902@ecs.soton.ac.uk>, <20080129204422.19173250@scorpio> Message-ID: <20080130195405.CFDB782BF0@sinclaire.sibble.net> On 29 Jan 2008 at 20:44, Gerard wrote: > Personally, I believe this whole discussion is nothing more than a > useless exercise. In the end, what happens is what was suppose to > happen and nothing anyone of us does is going to change that. Other > than wasting bandwidth with useless rhetoric, nothing of any substance > is ever going to come about from all this banter. I disagree on that one, being a Trend Micro reseller, I can call up my sales rep and tell them I'll be pulling Trend Micro products out of my client sites unless they drop this useless lawsuit. I'll also suggest my colleagues who are Trend reseller's do the same. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) From gerard at seibercom.net Wed Jan 30 20:48:54 2008 From: gerard at seibercom.net (Gerard) Date: Wed Jan 30 20:49:22 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <20080130195405.CFDB782BF0@sinclaire.sibble.net> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479FA515.9070902@ecs.soton.ac.uk> <20080129204422.19173250@scorpio> <20080130195405.CFDB782BF0@sinclaire.sibble.net> Message-ID: <20080130154854.44414175@scorpio> On Wed, 30 Jan 2008 11:54:23 -0800 "Harondel J. Sibble" wrote: > On 29 Jan 2008 at 20:44, Gerard wrote: > > > Personally, I believe this whole discussion is nothing more than a > > useless exercise. In the end, what happens is what was suppose to > > happen and nothing anyone of us does is going to change that. Other > > than wasting bandwidth with useless rhetoric, nothing of any > > substance is ever going to come about from all this banter. > > I disagree on that one, being a Trend Micro reseller, I can call up > my sales rep and tell them I'll be pulling Trend Micro products out > of my client sites unless they drop this useless lawsuit. I'll also > suggest my colleagues who are Trend reseller's do the same. Glad to hear that your sales figures for Trend Micro are in the 6-7 figure range. Of course that does raise an interesting question; exactly how are you going to replace those lost sales once you have alienated your distributor? Please post back when you have brought them to their knees. -- Gerard gerard@seibercom.net For certain people, after fifty, litigation takes the place of sex. Gore Vidal -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080130/70b0c088/signature.bin From roland at inbox4u.de Wed Jan 30 20:49:29 2008 From: roland at inbox4u.de (Ehle, Roland) Date: Wed Jan 30 20:50:50 2008 Subject: Problems with TNEF and long filenames Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> Hi all, I use "Use TNEF Contents = replace" and "Deliver Unparsable TNEF = no" to get rid of the winmail.dat grab from Outlook clients using Outlook Richtext Format. It was brought to my attention, that this setting causes long filenames to be shortened: For example a file named "test datei mit sehr sehr langem dateinamen und viel bla bla.txt.txt" arrives as "test datei mit.txt" at the recipients mailbox. If I leave TNEF contents untouched, the filename is not changed. The above happens when using external TNEF decoder and the internal one. Same behavior with both. Has somebody experienced the same problem? Any hints to avoid the problem, other than sending files with long filenames inside a ZIP-file? Thanks. Regards, Roland -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080130/ac9484a3/attachment.html From MailScanner at ecs.soton.ac.uk Wed Jan 30 21:00:31 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 30 21:00:55 2008 Subject: Problems with TNEF and long filenames In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> Message-ID: <47A0E56F.1090908@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ehle, Roland wrote: > > Hi all, > > I use ?Use TNEF Contents = replace? and ?Deliver Unparsable TNEF = no? > to get rid of the winmail.dat grab from Outlook clients using Outlook > Richtext Format. > > It was brought to my attention, that this setting causes long > filenames to be shortened: For example a file named ?test datei mit > sehr sehr langem dateinamen und viel bla bla.txt.txt? arrives as ?test > datei mit.txt? at the recipients mailbox. > > If I leave TNEF contents untouched, the filename is not changed. > > The above happens when using external TNEF decoder and the internal > one. Same behavior with both. > > Has somebody experienced the same problem? Any hints to avoid the > problem, other than sending files with long filenames inside a ZIP-file? > Do you mean a ZIP file or a TNEF file? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: windows-1252 wj8DBQFHoOVyEfZZRxQVtlQRAtElAJ44yqDNUaZst44Ih6mnZQ0vIEaupgCdG6en 5NLowBbjmXYPFL86blykxiU= =IPiu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Wed Jan 30 21:54:00 2008 From: alex at nkpanama.com (Alex Neuman) Date: Wed Jan 30 21:54:39 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A09469.4090008@cegep-ste-foy.qc.ca> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479F923B.5080502@ecs.soton.ac.uk> <479F9518.9030003@ecs.soton.ac.uk> <47A01C20.6020408@vanderkooij.org> <47A09095.7070808@utwente.nl> <47A09469.4090008@cegep-ste-foy.qc.ca> Message-ID: <5B4038DE-7255-4CB7-9FE3-758F9DCF736E@nkpanama.com> That, and the fact that it causes SWAPPING!!! OMGZPONIES!!!ONEONEONE!!!! On Jan 30, 2008, at 10:14 AM, Charles Lacroix wrote: > True, it's just playing directly with the mails in queue which > Wietse is still mad at jules for :) From alex at nkpanama.com Wed Jan 30 21:59:52 2008 From: alex at nkpanama.com (Alex Neuman) Date: Wed Jan 30 22:00:19 2008 Subject: Internal use only In-Reply-To: <200801301131.14619.dyioulos@firstbhph.com> References: <200801301131.14619.dyioulos@firstbhph.com> Message-ID: Couldn't this be done (and wouldn't it be better) at the MTA level? On Jan 30, 2008, at 11:31 AM, Dimitri Yioulos wrote: > Hi, folks. > > A particular department in our company wants to restrict its > employees to > sending email to, and receiving it from, our domain only. I came > across a > post that discusses that, using CustomConfig.pm and > internal.accounts.conf > (at least to limit sending to domain only). I have a couple of > questions: > > do I add &InternalActions to the directives I already, as in: > > "Non Spam Actions = deliver &InternalActions" > "Spam Actions = store deliver &InternalActions" > > etc.? > > Does this also limit inbound messages to the user to domain mail > only? If > not, how do I accomplish that? > > Anthing else I should know/do to limit a user to domain mail only? > > Thanks. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Wed Jan 30 22:02:17 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jan 30 22:02:45 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <20080130154854.44414175@scorpio> References: <000f01c862ac$d81c2800$3c65a8c0@support01> <479FA515.9070902@ecs.soton.ac.uk> <20080129204422.19173250@scorpio> <20080130195405.CFDB782BF0@sinclaire.sibble.net> <20080130154854.44414175@scorpio> Message-ID: <47A0F3E9.8040204@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerard wrote: | On Wed, 30 Jan 2008 11:54:23 -0800 | "Harondel J. Sibble" wrote: | |> On 29 Jan 2008 at 20:44, Gerard wrote: |> |>> Personally, I believe this whole discussion is nothing more than a |>> useless exercise. In the end, what happens is what was suppose to |>> happen and nothing anyone of us does is going to change that. Other |>> than wasting bandwidth with useless rhetoric, nothing of any |>> substance is ever going to come about from all this banter. |> I disagree on that one, being a Trend Micro reseller, I can call up |> my sales rep and tell them I'll be pulling Trend Micro products out |> of my client sites unless they drop this useless lawsuit. I'll also |> suggest my colleagues who are Trend reseller's do the same. | | Glad to hear that your sales figures for Trend Micro are in the 6-7 | figure range. Of course that does raise an interesting question; | exactly how are you going to replace those lost sales once you have | alienated your distributor? Well. The first one may be just a drop in the bucket. But in fact all you need to do to fill the bucket is add more drops. I think not all TM representatives will like the aproach choosen by their US office. But they may not be at liberty to say so publicly. But if we send them the message that this attitude is going to cost them a lot of goodwill and sales it may have a real impact. In simple terms. They were loosing the fight on technical grounds and have now choosen to aim below the belt. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHoPPnBvzDRVjxmYERAsXmAKCoctnko4iv35bLlSWdBxgDz9imgQCfX8bf n/LceLDPmloV/Ar25W5ZqBI= =nABY -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Wed Jan 30 22:09:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 30 22:09:48 2008 Subject: Internal use only In-Reply-To: <200801301131.14619.dyioulos@firstbhph.com> References: <200801301131.14619.dyioulos@firstbhph.com> Message-ID: <47A0F595.9010000@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dimitri Yioulos wrote: > Hi, folks. > > A particular department in our company wants to restrict its employees to > sending email to, and receiving it from, our domain only. I came across a > post that discusses that, using CustomConfig.pm and internal.accounts.conf > (at least to limit sending to domain only). I have a couple of questions: > > do I add &InternalActions to the directives I already, as in: > > "Non Spam Actions = deliver &InternalActions" > "Spam Actions = store deliver &InternalActions" > No, you can use either the standard options, eg "store deliver" or a Custom Function (&InternalActions), but not both at the same time. You need to read a bit more about how Custom Functions work, and how their return value is used. > etc.? > > Does this also limit inbound messages to the user to domain mail only? If > not, how do I accomplish that? > > Anthing else I should know/do to limit a user to domain mail only? > Read up about Custom Functions, then study CustomConfig.pm and look at the code to see what it does and how it works. You need to understand a bit of Perl to be able to use your own Custom Functions properly. Sorry. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHoPWXEfZZRxQVtlQRAgh7AKD9YAKmXX2dIBZrlJoUw3LHdGrU5ACgteww gu02Qhp9lXX8P63JfHYcpQY= =Wska -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Wed Jan 30 22:15:04 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jan 30 22:15:22 2008 Subject: Internal use only In-Reply-To: References: <200801301131.14619.dyioulos@firstbhph.com> Message-ID: <200801301715.04362.dyioulos@firstbhph.com> On Wednesday 30 January 2008 4:59 pm, Alex Neuman wrote: > Couldn't this be done (and wouldn't it be better) at the MTA level? > > On Jan 30, 2008, at 11:31 AM, Dimitri Yioulos wrote: > > Hi, folks. > > > > A particular department in our company wants to restrict its > > employees to > > sending email to, and receiving it from, our domain only. I came > > across a > > post that discusses that, using CustomConfig.pm and > > internal.accounts.conf > > (at least to limit sending to domain only). I have a couple of > > questions: > > > > do I add &InternalActions to the directives I already, as in: > > > > "Non Spam Actions = deliver &InternalActions" > > "Spam Actions = store deliver &InternalActions" > > > > etc.? > > > > Does this also limit inbound messages to the user to domain mail > > only? If > > not, how do I accomplish that? > > > > Anthing else I should know/do to limit a user to domain mail only? > > > > Thanks. > > > > Dimitri > > Alex, You may be right, but I know niether if it could or if it should be done at the MTA (which, btw, is sendmail). At least as far as limiting a user's outbound mail, there is a mechanism w/in MS to do that. So, I assume there's a good reason for it being there. Using (il)logic, I thought there might also be a way to limit a user's inbound mail via MS. If doing this via the MTA is a better solution (not that I know how, but I can find out), why? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dyioulos at firstbhph.com Wed Jan 30 22:16:46 2008 From: dyioulos at firstbhph.com (Dimitri Yioulos) Date: Wed Jan 30 22:17:02 2008 Subject: Internal use only In-Reply-To: <47A0F595.9010000@ecs.soton.ac.uk> References: <200801301131.14619.dyioulos@firstbhph.com> <47A0F595.9010000@ecs.soton.ac.uk> Message-ID: <200801301716.46569.dyioulos@firstbhph.com> On Wednesday 30 January 2008 5:09 pm, Julian Field wrote: > Dimitri Yioulos wrote: > > Hi, folks. > > > > A particular department in our company wants to restrict its employees to > > sending email to, and receiving it from, our domain only. I came across > > a post that discusses that, using CustomConfig.pm and > > internal.accounts.conf (at least to limit sending to domain only). I > > have a couple of questions: > > > > do I add &InternalActions to the directives I already, as in: > > > > "Non Spam Actions = deliver &InternalActions" > > "Spam Actions = store deliver &InternalActions" > > No, you can use either the standard options, eg "store deliver" or a > Custom Function (&InternalActions), but not both at the same time. You > need to read a bit more about how Custom Functions work, and how their > return value is used. > > > etc.? > > > > Does this also limit inbound messages to the user to domain mail only? > > If not, how do I accomplish that? > > > > Anthing else I should know/do to limit a user to domain mail only? > > Read up about Custom Functions, then study CustomConfig.pm and look at > the code to see what it does and how it works. You need to understand a > bit of Perl to be able to use your own Custom Functions properly. Sorry. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > Thanks, Jules. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Jan 30 22:46:16 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Jan 30 22:46:28 2008 Subject: backscatter by DSN: Service unavailable In-Reply-To: References: <223f97700801240559g1b0396c9rc94636e162c962e0@mail.gmail.com> <479DB334.7090804@gmail.com> Message-ID: <223f97700801301446i1959c0a0k332af92dd359c1ae@mail.gmail.com> On 30/01/2008, Joachim Holzfuss wrote: > Thanks for your input! > > Ronny T. Lampert wrote: > >>> our primary mailserver tags the spam and relays mail to other > >>> mailservers. > >>> Those sometimes have a different view of accepting messages > >>> and frequently reject spam mail > >>> (different view of DNS, different RFC inforcement). The primary server > >>> backscatters the tagged spam to falsified sender addresses. > >> > >> > >> Do you already do recipient verification (call ahead type of thing)? > >> Might solve a few of your problems:-). > > > > Actually, when thinking more about the problem -- your problem is kinda > > hard. SMTP is a store and forward system, and once anybody in your whole > > routing domain has accepted a mail, he's stuck with it. > > > > The cleanest solution would be to talk with those subdomain admins and > > try to improve your frontend up to a level they will gladly accept. > So many people, so many systems, changing every month... > > > > The quickest solution is to try and reduce the bounces by doing some > > kind of milter-ahead solution; this will maybe reduce the backscatter by > > around 50% (rule of experience) but cannot completely eliminate it. > > Are you familiar with that kind of setup? If not, tell us what SMTPd > > you're using and we can point you into a direction. > I thought milter ahead will reduce backscatter from DSN send because of > not existing wrong rcpt to: messages (Am I wrong here?). True enough. > Those are not the problem at the moment. > I get spammy non-conformous mail_from domains (valid A record , invalid MX) that > my sendmail 8.13.8 relays but other postfixes may not. Also DNS name resolution > might differ between different servers. Right, so then you need syncronize your views... Are these separate organizations or are they under the same policy? > > > > You also can reduce the time mail is kept in your queues in case a > > server goes down, that will expire those backscatter more quickly. > wait wait, that's another backscatter source, if one (sub) server goes down for 4 hours, > all the invalid senders of queued spam messages get notified (i got this horrible scenario once) > > > > > > As for the watermarking - MailScanner can do that and you can have a > > "shared secret" so you can trust those watermarks. > > ATM I'm quite unsure how to use that in your setting, though, as those > > watermarks would have to contain some kind of commands, like > > "backscatter mail, delete it" or so. > I wish it would be possible in mailscanner to have > if (from (subserver = TRUE) AND (watermark OK) and (SPAM = TRUE)) delete (I saw it, others don't want it) > if (from (subserver = TRUE) AND (SPAM = TRUE)) bounce back to sender@subserver, (rewrite your email) IIRC Jules has at times viewed that as "being part of the problem" ... at least potentially:-). > All in all I would like to stick with mailserver and no milters, but .... > I just can't catch those DSN replies, they are sent without getting processed by mailscanner. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at nkpanama.com Wed Jan 30 22:47:16 2008 From: alex at nkpanama.com (Alex Neuman) Date: Wed Jan 30 22:49:25 2008 Subject: Internal use only In-Reply-To: <200801301715.04362.dyioulos@firstbhph.com> References: <200801301131.14619.dyioulos@firstbhph.com> <200801301715.04362.dyioulos@firstbhph.com> Message-ID: <2A00955C-7873-469C-8DB8-CD0A75EC8092@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: Internal use only is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. Date: 20080130 pts rule name description ---- ---------------------- -------------------------------------------------- 1.5 RCVD_IN_UCE_PFSM_3 RBL: Received via a relay in UCE_PFSM_3 [201.226.247.98 listed in dnsbl-3.uceprotect.net] 1.5 RCVD_IN_UCE_PFSM_2 RBL: Received via a relay in UCE_PFSM_2 [201.226.247.98 listed in dnsbl-2.uceprotect.net] 0.0 BOTNET_NORDNS IP address has no PTR record 0.7 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?id=alex%40nkpanama.com&ip=201.226.247.98&receiver=nkserver.nkpanama.com] -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20% [score: 0.1107] 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 2.0 BOTNET Any Botnet rule hit -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman Subject: Re: Internal use only Date: Wed, 30 Jan 2008 17:47:16 -0500 Size: 1315 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080130/98860faf/attachment.mht From bo.bulger at gmail.com Thu Jan 31 02:01:52 2008 From: bo.bulger at gmail.com (Bo Bulger) Date: Thu Jan 31 02:02:02 2008 Subject: Routing mail based on attachment extension Message-ID: <308c0ded0801301801y66bffbf4v439baea61dbaafb3@mail.gmail.com> Good day, Would I use a rule or a custom function to accomplish the following issue? I want to route a message sent to mailbox1, if the message contains a specific attachment type, send the message to mailbox2. Example, message to mailbox1 contains attachment.eml. Do not send to mailbox1, instead send to mailbox2. It seems similar to spam or blacklist quarantine, but I am looking for something that is per mailbox and per attachment. This is my first post to the mailing list. Please correct me if I have not followed posting standards. Bo Bulger -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080130/4575a210/attachment.html From roland at inbox4u.de Thu Jan 31 04:09:39 2008 From: roland at inbox4u.de (Ehle, Roland) Date: Thu Jan 31 04:10:32 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <47A0E56F.1090908@ecs.soton.ac.uk> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> <47A0E56F.1090908@ecs.soton.ac.uk> Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA136A@ts-dc2.TS-Webarts.local> > > Ehle, Roland wrote: > > > > Hi all, > > > > I use "Use TNEF Contents = replace" and "Deliver Unparsable TNEF = > no" > > to get rid of the winmail.dat grab from Outlook clients using Outlook > > Richtext Format. > > > > It was brought to my attention, that this setting causes long > > filenames to be shortened: For example a file named "test datei mit > > sehr sehr langem dateinamen und viel bla bla.txt.txt" arrives as > "test > > datei mit.txt" at the recipients mailbox. > > > > If I leave TNEF contents untouched, the filename is not changed. > > > > The above happens when using external TNEF decoder and the internal > > one. Same behavior with both. > > > > Has somebody experienced the same problem? Any hints to avoid the > > problem, other than sending files with long filenames inside a ZIP- > file? > > > Do you mean a ZIP file or a TNEF file? The problem is TNEF. Roland -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3758 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080131/a6b2b31e/smime.bin From hvdkooij at vanderkooij.org Thu Jan 31 06:26:56 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jan 31 06:27:29 2008 Subject: Internal use only In-Reply-To: <2A00955C-7873-469C-8DB8-CD0A75EC8092@nkpanama.com> References: <200801301131.14619.dyioulos@firstbhph.com> <200801301715.04362.dyioulos@firstbhph.com> <2A00955C-7873-469C-8DB8-CD0A75EC8092@nkpanama.com> Message-ID: <47A16A30.4040600@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | Our MailScanner believes that the attachment to this message sent to you | | From: alex@nkpanama.com | Subject: Re: Internal use only Sounds to me someone is sending back messages due to a poor configuration of MS. Jules, can you instruct him on the proper usage of MS? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHoWouBvzDRVjxmYERAkZ9AJ4q+FkYLGkXKU+PzgAaQGApn2dFhQCgkD1a NV1RDrWnNw/K3hvaJ1yZGcw= =oIvF -----END PGP SIGNATURE----- From uxbod at splatnix.net Thu Jan 31 08:36:12 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 08:36:47 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <20080130154854.44414175@scorpio> Message-ID: <15695614.01201768572763.JavaMail.root@office.splatnix.net> >Glad to hear that your sales figures for Trend Micro are in the 6-7 >figure range. Of course that does raise an interesting question; >exactly how are you going to replace those lost sales once you have >alienated your distributor? >Please post back when you have brought them to their knees. >-- >Gerard >gerard@seibercom.net I would imagine by switching to a decent AV product ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Thu Jan 31 08:38:08 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 08:38:37 2008 Subject: Trend Micro Sues Barracuda Over Open Source Anti-Virus In-Reply-To: <47A0F3E9.8040204@vanderkooij.org> Message-ID: <9090402.31201768688741.JavaMail.root@office.splatnix.net> >In simple terms. They were loosing the fight on technical grounds and >have now choosen to aim below the belt. Nicely put Hugo and completely spot on. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From telecaadmin at gmail.com Thu Jan 31 08:56:39 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Thu Jan 31 08:57:10 2008 Subject: backscatter by DSN: Service unavailable In-Reply-To: References: <223f97700801240559g1b0396c9rc94636e162c962e0@mail.gmail.com> <479DB334.7090804@gmail.com> Message-ID: <47A18D47.3090308@gmail.com> >> The cleanest solution would be to talk with those subdomain admins and >> try to improve your frontend up to a level they will gladly accept. > So many people, so many systems, changing every month... Well, what can I say ... University at its best :o) Guess you should get together with them on a more personal level and try to improve the situation. And afterwards present to the problem and a possible solution with estimate to your boss. >> The quickest solution is to try and reduce the bounces by doing some >> kind of milter-ahead solution; this will maybe reduce the backscatter by > I thought milter ahead will reduce backscatter from DSN send because of > not existing wrong rcpt to: messages (Am I wrong here?). > Those are not the problem at the moment. > I get spammy non-conformous mail_from domains (valid A record , invalid MX) that > my sendmail 8.13.8 relays but other postfixes may not. Also DNS name resolution > might differ between different servers. Only partially wrong :) With milter-ahead you can reduce the backscatter of mail from: <...> rejections, because you will first ask the accepting mail server "will you accept a mail, from: -> to: ?". Or you could just ditch sendmail and use postfix with a similar rejection policy instead? Cheers, Ronny From MailScanner at ecs.soton.ac.uk Thu Jan 31 09:33:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 09:33:38 2008 Subject: Routing mail based on attachment extension In-Reply-To: <308c0ded0801301801y66bffbf4v439baea61dbaafb3@mail.gmail.com> References: <308c0ded0801301801y66bffbf4v439baea61dbaafb3@mail.gmail.com> Message-ID: <47A195DA.8050109@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bo Bulger wrote: > Good day, > > Would I use a rule or a custom function to accomplish the following issue? The simple answer is "yes". A Custom Function would do it. You would have to play with the recipients list depending on what you found in the attachments directory. It could be done at almost any stage after the virus scanning has been done. I mess with the recipients list in other places, so you can see how I do it. If you can't find any code that does that bit, I've definitely got some here (my local auto-spam-deletion code does it in a Custom Function). Surfing the attachments directory is the easy bit. What would you do with messages with multiple recipients? > > I want to route a message sent to mailbox1, if the message contains a > specific attachment type, send the message to mailbox2. > > Example, message to mailbox1 contains attachment.eml. Do not send to > mailbox1, instead send to mailbox2. > > It seems similar to spam or blacklist quarantine, but I am looking for > something that is per mailbox and per attachment. > > This is my first post to the mailing list. Please correct me if I have > not followed posting standards. > > Bo Bulger Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj4DBQFHoZXaEfZZRxQVtlQRAjqPAKDTIKpHm0sczLkg5c/DH12f+2iT3QCSA6Lj 6Q0zB5tAk3xa2rh023vHew== =wtlp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 31 09:33:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 09:34:13 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA136A@ts-dc2.TS-Webarts.local> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> <47A0E56F.1090908@ecs.soton.ac.uk> <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA136A@ts-dc2.TS-Webarts.local> Message-ID: <47A195FF.908@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ehle, Roland wrote: >> Ehle, Roland wrote: >> >>> Hi all, >>> >>> I use "Use TNEF Contents = replace" and "Deliver Unparsable TNEF = >>> >> no" >> >>> to get rid of the winmail.dat grab from Outlook clients using Outlook >>> Richtext Format. >>> >>> It was brought to my attention, that this setting causes long >>> filenames to be shortened: For example a file named "test datei mit >>> sehr sehr langem dateinamen und viel bla bla.txt.txt" arrives as >>> >> "test >> >>> datei mit.txt" at the recipients mailbox. >>> >>> If I leave TNEF contents untouched, the filename is not changed. >>> >>> The above happens when using external TNEF decoder and the internal >>> one. Same behavior with both. >>> >>> Has somebody experienced the same problem? Any hints to avoid the >>> problem, other than sending files with long filenames inside a ZIP- >>> >> file? >> >> Do you mean a ZIP file or a TNEF file? >> > > The problem is TNEF. > I'll take a look and see if I can find any likely cause. > Roland > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHoZX/EfZZRxQVtlQRAip4AKCdRbPo6a7gJOmc0EfjicaYwLWDrgCg9vGh N/luj3m5enyXAKhr489FhVs= =Oy7I -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 31 09:37:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 09:37:43 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA136A@ts-dc2.TS-Webarts.local> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> <47A0E56F.1090908@ecs.soton.ac.uk> <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA136A@ts-dc2.TS-Webarts.local> Message-ID: <47A196D1.50907@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ehle, Roland wrote: >> Ehle, Roland wrote: >> >>> Hi all, >>> >>> I use "Use TNEF Contents = replace" and "Deliver Unparsable TNEF = >>> >> no" >> >>> to get rid of the winmail.dat grab from Outlook clients using Outlook >>> Richtext Format. >>> >>> It was brought to my attention, that this setting causes long >>> filenames to be shortened: For example a file named "test datei mit >>> sehr sehr langem dateinamen und viel bla bla.txt.txt" arrives as >>> >> "test >> >>> datei mit.txt" at the recipients mailbox. >>> >>> If I leave TNEF contents untouched, the filename is not changed. >>> >>> The above happens when using external TNEF decoder and the internal >>> one. Same behavior with both. >>> >>> Has somebody experienced the same problem? Any hints to avoid the >>> problem, other than sending files with long filenames inside a ZIP- >>> >> file? >> >> Do you mean a ZIP file or a TNEF file? >> > > The problem is TNEF. > > Roland > Well I have found it, but I'm a bit reluctant to change it: $safename = $message->MakeNameSafe($_->longname, $dir); push @replacements, $safename; #print STDERR "Safe name is \"$safename\"\n"; $message->{entity}->attach(Type => "application/octet-stream", Encoding => "base64", Disposition => "attachment", Filename => $safename, Path => $filename); Putting a dangerous filename back in the e-mail is a bit dodgy from a security point of view. But I could change Filename => $safename, to Filename => $_->longname, which should fix it. What does anyone think? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHoZbSEfZZRxQVtlQRAg5+AKD8vJsRt/9b7S9fvEhzg9a+NZUJ8gCggsHH bFlYbE2iksE60j3MLwJOGcI= =iEBo -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Thu Jan 31 09:58:59 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 09:59:40 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <47A196D1.50907@ecs.soton.ac.uk> Message-ID: <23743730.181201773539501.JavaMail.root@office.splatnix.net> I personally would not like to sacrifice security so could it be a option ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Jan 31 10:05:04 2008 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Jan 31 10:05:42 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <47A196D1.50907@ecs.soton.ac.uk> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> <47A0E56F.1090908@ecs.soton.ac.uk><9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA136A@ts-dc2.TS-Webarts.local> <47A196D1.50907@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA02D78C03@HC-MBX02.herefordshire.gov.uk> You could alsways add a Safe TNEF Filenames option in MailScanner.conf Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: 31 January 2008 09:37 > To: MailScanner discussion > Subject: Re: AW: Problems with TNEF and long filenames > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Ehle, Roland wrote: > >> Ehle, Roland wrote: > >> > >>> Hi all, > >>> > >>> I use "Use TNEF Contents = replace" and "Deliver Unparsable TNEF = > >>> > >> no" > >> > >>> to get rid of the winmail.dat grab from Outlook clients > using Outlook > >>> Richtext Format. > >>> > >>> It was brought to my attention, that this setting causes long > >>> filenames to be shortened: For example a file named "test > datei mit > >>> sehr sehr langem dateinamen und viel bla bla.txt.txt" arrives as > >>> > >> "test > >> > >>> datei mit.txt" at the recipients mailbox. > >>> > >>> If I leave TNEF contents untouched, the filename is not changed. > >>> > >>> The above happens when using external TNEF decoder and > the internal > >>> one. Same behavior with both. > >>> > >>> Has somebody experienced the same problem? Any hints to avoid the > >>> problem, other than sending files with long filenames > inside a ZIP- > >>> > >> file? > >> > >> Do you mean a ZIP file or a TNEF file? > >> > > > > The problem is TNEF. > > > > Roland > > > Well I have found it, but I'm a bit reluctant to change it: > > $safename = $message->MakeNameSafe($_->longname, $dir); > push @replacements, $safename; > #print STDERR "Safe name is \"$safename\"\n"; > $message->{entity}->attach(Type => > "application/octet-stream", > Encoding => "base64", > Disposition => "attachment", > Filename => $safename, > Path => $filename); > > Putting a dangerous filename back in the e-mail is a bit dodgy from a > security point of view. But I could change > Filename => $safename, > to > Filename => $_->longname, > which should fix it. > > What does anyone think? > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.7.0 (Build 1012) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFHoZbSEfZZRxQVtlQRAg5+AKD8vJsRt/9b7S9fvEhzg9a+NZUJ8gCggsHH > bFlYbE2iksE60j3MLwJOGcI= > =iEBo > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Thu Jan 31 10:18:42 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 10:19:06 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <23743730.181201773539501.JavaMail.root@office.splatnix.net> References: <23743730.181201773539501.JavaMail.root@office.splatnix.net> Message-ID: <47A1A082.2000902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is it really worth making this yet another settable option? Does anyone (except the original poster) want to be able to tweak this setting? - --[ UxBoD ]-- wrote: > I personally would not like to sacrifice security so could it be a option ? > > Regards, > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: UTF-8 wj8DBQFHoaCDEfZZRxQVtlQRAp+LAKCjd7KOhz0taRHDEHjGts/0JlxPTQCg9UbW ukpUhuWO6jHpQJgTayKynV0= =JYvB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Jan 31 10:48:16 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 31 10:48:25 2008 Subject: backscatter by DSN: Service unavailable In-Reply-To: <47A18D47.3090308@gmail.com> References: <223f97700801240559g1b0396c9rc94636e162c962e0@mail.gmail.com> <479DB334.7090804@gmail.com> <47A18D47.3090308@gmail.com> Message-ID: <223f97700801310248s2f746c74rfc386ae38a7a35ba@mail.gmail.com> On 31/01/2008, Ronny T. Lampert wrote: (snip) > >> The quickest solution is to try and reduce the bounces by doing some > >> kind of milter-ahead solution; this will maybe reduce the backscatter by > > I thought milter ahead will reduce backscatter from DSN send because of > > not existing wrong rcpt to: messages (Am I wrong here?). > > Those are not the problem at the moment. > > I get spammy non-conformous mail_from domains (valid A record , invalid MX) that > > my sendmail 8.13.8 relays but other postfixes may not. Also DNS name resolution > > might differ between different servers. > > Only partially wrong :) > With milter-ahead you can reduce the backscatter of mail from: <...> > rejections, because you will first ask the accepting mail server "will > you accept a mail, from: -> to: ?". Exactle, in this situation, whatever is done to reduce the total amount of backscatter will be a Good Thing(tm). > Or you could just ditch sendmail and use postfix with a similar > rejection policy instead? You and I know the Superior Power of Postfix, but airing it like this... This is the way flamewars start, you know Ronny...?:-) > Cheers, > Ronny Indeed, cheers ... :) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Jan 31 10:52:24 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 31 10:52:34 2008 Subject: Internal use only In-Reply-To: <47A16A30.4040600@vanderkooij.org> References: <200801301131.14619.dyioulos@firstbhph.com> <200801301715.04362.dyioulos@firstbhph.com> <2A00955C-7873-469C-8DB8-CD0A75EC8092@nkpanama.com> <47A16A30.4040600@vanderkooij.org> Message-ID: <223f97700801310252v14ed8ee7nb4f09fc67d0ce301@mail.gmail.com> On 31/01/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Neuman wrote: > | Our MailScanner believes that the attachment to this message sent to you > | > | From: alex@nkpanama.com > | Subject: Re: Internal use only > > Sounds to me someone is sending back messages due to a poor > configuration of MS. Jules, can you instruct him on the proper usage of MS? > > Hugo. > Yeah... Friend Alex hass been around long-time and should know better! Quite OK to scan outgoing, but then one needs make _exceptions_ for the mailing list (in MS, of course)... Oh well, with the timeAlex has spent on FB lately, perhaps there is where we should tell him... this likely never makes it into his inbox:-):-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From roland at inbox4u.de Thu Jan 31 11:07:39 2008 From: roland at inbox4u.de (Ehle, Roland) Date: Thu Jan 31 11:08:31 2008 Subject: AW: AW: Problems with TNEF and long filenames In-Reply-To: <47A196D1.50907@ecs.soton.ac.uk> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> <47A0E56F.1090908@ecs.soton.ac.uk> <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA136A@ts-dc2.TS-Webarts.local>, <47A196D1.50907@ecs.soton.ac.uk> Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBCB687@ts-dc2.TS-Webarts.local> Jules, thanks again for your help. Just to have a better understanding: the filename check probably takes place after unpacking TNEF files? If so, I do not see a security problem. Regards, Roland Jules wrote: Well I have found it, but I'm a bit reluctant to change it: $safename = $message->MakeNameSafe($_->longname, $dir); push @replacements, $safename; #print STDERR "Safe name is \"$safename\"\n"; $message->{entity}->attach(Type => "application/octet-stream", Encoding => "base64", Disposition => "attachment", Filename => $safename, Path => $filename); Putting a dangerous filename back in the e-mail is a bit dodgy from a security point of view. But I could change Filename => $safename, to Filename => $_->longname, which should fix it. What does anyone think? From MailScanner at ecs.soton.ac.uk Thu Jan 31 11:56:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 11:57:16 2008 Subject: AW: AW: Problems with TNEF and long filenames In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBCB687@ts-dc2.TS-Webarts.local> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA1369@ts-dc2.TS-Webarts.local> <47A0E56F.1090908@ecs.soton.ac.uk> <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBA136A@ts-dc2.TS-Webarts.local>, <47A196D1.50907@ecs.soton.ac.uk> <9A519AA4E4FCED4582DCCAEFE0E0C6F927BCBCB687@ts-dc2.TS-Webarts.local> Message-ID: <47A1B784.1040208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fair enough. It will be in the next release. Ehle, Roland wrote: > Jules, > > thanks again for your help. > > Just to have a better understanding: the filename check probably takes place after unpacking TNEF files? If so, I do not see a security problem. > > Regards, > Roland > > > Jules wrote: > Well I have found it, but I'm a bit reluctant to change it: > > $safename = $message->MakeNameSafe($_->longname, $dir); > push @replacements, $safename; > #print STDERR "Safe name is \"$safename\"\n"; > $message->{entity}->attach(Type => "application/octet-stream", > Encoding => "base64", > Disposition => "attachment", > Filename => $safename, > Path => $filename); > > Putting a dangerous filename back in the e-mail is a bit dodgy from a > security point of view. But I could change > Filename => $safename, > to > Filename => $_->longname, > which should fix it. > > What does anyone think? > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHobeFEfZZRxQVtlQRAof8AJ9NRDccA3XBvahCHltCRWmx91rBJQCgv3md IM6HIN8EHG3PXE1kWZ11tFU= =rpIj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gugafer51 at gmail.com Thu Jan 31 13:58:51 2008 From: gugafer51 at gmail.com (Gustavo FC) Date: Thu Jan 31 13:58:59 2008 Subject: User's notifications. Message-ID: <73e0f9580801310558q458594b1p1f3c74bb7c8d6b96@mail.gmail.com> In my Mailscanner.conf, the "Spam Actions" attribute has only the "store" option, but the users receive the notification's emails. Spam Actions = store There are any other configuration that I can do? Gustavo FC Gustavo FC wrote: > Hi > > How can I disable the notifications send to users when theirs email is > deleted, stored, etc? > > > Gustavo F.C. In your MailScanner.conf you will have this setting with similar actions. # What to do with spam # -------------------- # notify - Send the recipients a short notification that # spam addressed to them was not delivered. They # can then take action to request retrieval of # the original message if they think it was not # spam. Spam Actions = store deliver notify Take out the notify. Update the same for the other "Actions" sections. Restart MailScanner Done! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080131/2719581c/attachment.html From dgottsc at emory.edu Thu Jan 31 14:09:02 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Jan 31 14:09:19 2008 Subject: MCP Header Line Message-ID: Hi all, Is it possible to remove the header that MCP adds if it finds a match? I'd prefer not to have that in the header after the email is delivered. Thanks! David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From MailScanner at ecs.soton.ac.uk Thu Jan 31 14:26:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 14:26:29 2008 Subject: User's notifications. In-Reply-To: <73e0f9580801310558q458594b1p1f3c74bb7c8d6b96@mail.gmail.com> References: <73e0f9580801310558q458594b1p1f3c74bb7c8d6b96@mail.gmail.com> Message-ID: <47A1DA7E.1060905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But are they receiving notifications about spam or something else? What does a sample notification say? Gustavo FC wrote: > In my Mailscanner.conf, the "Spam Actions" attribute has only the > "store" option, but the users receive the notification's emails. > > Spam Actions = store > > There are any other configuration that I can do? > > Gustavo FC > > > Gustavo FC wrote: > > Hi > > > > How can I disable the notifications send to users when theirs email is > > deleted, stored, etc? > > > > > > Gustavo F.C. > In your MailScanner.conf you will have this setting with similar actions. > # What to do with spam > # -------------------- > # notify - Send the recipients a short > notification that > # spam addressed to them was not delivered. > They > # can then take action to request > retrieval of > # the original message if they think it > was not > # spam. > Spam Actions = store deliver notify > > Take out the notify. > Update the same for the other "Actions" sections. > > Restart MailScanner > > Done! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHodqAEfZZRxQVtlQRAvikAJsElI3er4w2pa+YNGhy9Osx6WQsYQCfdUSb SsWW++8t8/K23YG0mXA7v74= =H3fL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at sequestered.net Thu Jan 31 14:40:23 2008 From: lists at sequestered.net (Jay Chandler) Date: Thu Jan 31 14:40:34 2008 Subject: Perl Modules Message-ID: <47A1DDD7.7090505@sequestered.net> I'm installing MailScanner on CentOS5 (I usually live in FreeBSD land, so it's a bit trippy for me at the moment!) and had a question. I seem to recall reading something about particular versions of perl modules being needed. If I install MailScanner from the RPM package on the mailscanner.info site, and then do a yum update, am I going to break things? For instance, yum currently wants to upgrade: perl-Archive-Zip noarch 1.16-1.2.1 base 138 k perl-Compress-Zlib i386 1.42-1.fc6 base 52 k perl-HTML-Tagset noarch 3.10-2.1.1 base 15 k perl-TimeDate noarch 1:1.16-5.el5 base 32 k I'd just prefer not to stomp all over the work I'm doing... -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) From uxbod at splatnix.net Thu Jan 31 14:51:34 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 14:51:46 2008 Subject: Perl Modules In-Reply-To: <47A1DDD7.7090505@sequestered.net> Message-ID: <30074543.1181201791094717.JavaMail.root@office.splatnix.net> I am running CentOS5 here and the latest MS RPM ... I have also performed a full YUM update with no problems. But as always test it on a non-production machine first, especially if you are using other repos. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at sequestered.net Thu Jan 31 15:18:16 2008 From: lists at sequestered.net (Jay Chandler) Date: Thu Jan 31 15:18:27 2008 Subject: Perl Modules In-Reply-To: <30074543.1181201791094717.JavaMail.root@office.splatnix.net> References: <30074543.1181201791094717.JavaMail.root@office.splatnix.net> Message-ID: <47A1E6B8.7050208@sequestered.net> --[ UxBoD ]-- wrote: > I am running CentOS5 here and the latest MS RPM ... I have also performed a full YUM update with no problems. But as always test it on a non-production machine first, especially if you are using other repos. > > Regards, > > Sorry to have to step by step this, but I'll add anything we learn to the wiki... I installed clamav, clamd, and clamav-db (Version 0.92) from the Dag Wieers repository as the install script says, but I get this during the compilation: Attempting to build and install Mail-ClamAV-0.21 Unpacking perl-tar/Mail-ClamAV-0.21.tar.gz Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are Mail-ClamAV and Mail-SpamAssassin. WARNING ------------------------------------------------ WARNING You have an older version of clamav or WARNING clamav-config is not in your path WARNING If you get compile errors you will either WARNING need to upgrade clamav to atleast 0.73 WARNING or make sure clamav-config is in your path WARNING ------------------------------------------------ The clamav version you are using is too old. Please upgrade to atleast 0.90 make: *** No targets specified and no makefile found. Stop. -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) From uxbod at splatnix.net Thu Jan 31 15:44:39 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 15:44:57 2008 Subject: Perl Modules In-Reply-To: <47A1E6B8.7050208@sequestered.net> Message-ID: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> what does rpm -qa | grep -i clam show you ? looks like you have both RPM and source installed Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at sequestered.net Thu Jan 31 15:49:58 2008 From: lists at sequestered.net (Jay Chandler) Date: Thu Jan 31 15:50:08 2008 Subject: Perl Modules In-Reply-To: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> Message-ID: <47A1EE26.9020802@sequestered.net> --[ UxBoD ]-- wrote: > what does rpm -qa | grep -i clam show you ? looks like you have both RPM and source installed > > Regards, > > [root@prmx032 install-Clam-0.92-SA-3.2.4]# rpm -qa | grep -i clam clamd-0.92-1.el5.rf clamav-0.92-1.el5.rf clamav-db-0.92-1.el5.rf [root@prmx032 install-Clam-0.92-SA-3.2.4]# What's your second guess? :-D -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) From lists at sequestered.net Thu Jan 31 15:53:18 2008 From: lists at sequestered.net (Jay Chandler) Date: Thu Jan 31 15:53:28 2008 Subject: Perl Modules In-Reply-To: <47A1EE26.9020802@sequestered.net> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> <47A1EE26.9020802@sequestered.net> Message-ID: <47A1EEEE.90208@sequestered.net> Jay Chandler wrote: > --[ UxBoD ]-- wrote: >> what does rpm -qa | grep -i clam show you ? looks like you have both >> RPM and source installed >> >> Regards, >> >> > [root@prmx032 install-Clam-0.92-SA-3.2.4]# rpm -qa | grep -i clam > clamd-0.92-1.el5.rf > clamav-0.92-1.el5.rf > clamav-db-0.92-1.el5.rf > [root@prmx032 install-Clam-0.92-SA-3.2.4]# > > What's your second guess? :-D > Er... reading the error message a bit more thoroughly reveals something interesting. [root@prmx032 install-Clam-0.92-SA-3.2.4]# which clamav-config /usr/bin/which: no clamav-config in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin) [root@prmx032 install-Clam-0.92-SA-3.2.4]# So where does clamav-config come from? -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) From telecaadmin at gmail.com Thu Jan 31 15:57:58 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Thu Jan 31 16:08:46 2008 Subject: Perl Modules In-Reply-To: <47A1EEEE.90208@sequestered.net> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> <47A1EE26.9020802@sequestered.net> <47A1EEEE.90208@sequestered.net> Message-ID: <47A1F006.4050706@gmail.com> > So where does clamav-config come from? Only in clamav-devel or similar. Please also give us the output of #> clamscan --version #> which clamscan #> which freshclam From lists at sequestered.net Thu Jan 31 16:12:12 2008 From: lists at sequestered.net (Jay Chandler) Date: Thu Jan 31 16:12:22 2008 Subject: Perl Modules In-Reply-To: <47A1F006.4050706@gmail.com> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> <47A1EE26.9020802@sequestered.net> <47A1EEEE.90208@sequestered.net> <47A1F006.4050706@gmail.com> Message-ID: <47A1F35C.30006@sequestered.net> Ronny T. Lampert wrote: >> So where does clamav-config come from? > > Only in clamav-devel or similar. > That's not mentioned as being something to install on the Wiki. Should I add it anyway? > Please also give us the output of > > #> clamscan --version > #> which clamscan > #> which freshclam > [root@prmx032 MailScanner]# clamscan --version ClamAV 0.92/5626/Thu Jan 31 06:37:31 2008 [root@prmx032 MailScanner]# which clamscan /usr/bin/clamscan [root@prmx032 MailScanner]# which freshclam /usr/bin/freshclam -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) From telecaadmin at gmail.com Thu Jan 31 16:18:50 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Thu Jan 31 16:19:20 2008 Subject: Perl Modules In-Reply-To: <47A1F35C.30006@sequestered.net> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> <47A1EE26.9020802@sequestered.net> <47A1EEEE.90208@sequestered.net> <47A1F006.4050706@gmail.com> <47A1F35C.30006@sequestered.net> Message-ID: <47A1F4EA.4030807@gmail.com> >>> So where does clamav-config come from? >> >> Only in clamav-devel or similar. >> > That's not mentioned as being something to install on the Wiki. Should > I add it anyway? I think - problem found. Please install the clamav-devel. [ The thing is, if you do a source install, all headers and libs and the clamav-config will be installed; when you do a rpm install, those are split and available in the -devel rpm only! ] Report back! Cheers, Ronny From uxbod at splatnix.net Thu Jan 31 16:23:49 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 16:24:20 2008 Subject: Perl Modules In-Reply-To: <9056803.1391201796575045.JavaMail.root@office.splatnix.net> Message-ID: <14409993.1411201796629726.JavaMail.root@office.splatnix.net> I do not have the devel package installed, and I was able to install the SA/Clam package from Jules with no problems at all. Just installed the Dag RPMs and away I went. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ronny T. Lampert" wrote: >>> So where does clamav-config come from? >> >> Only in clamav-devel or similar. >> > That's not mentioned as being something to install on the Wiki. Should > I add it anyway? I think - problem found. Please install the clamav-devel. [ The thing is, if you do a source install, all headers and libs and the clamav-config will be installed; when you do a rpm install, those are split and available in the -devel rpm only! ] Report back! Cheers, Ronny -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at sequestered.net Thu Jan 31 16:25:47 2008 From: lists at sequestered.net (Jay Chandler) Date: Thu Jan 31 16:25:57 2008 Subject: Perl Modules In-Reply-To: <47A1F4EA.4030807@gmail.com> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> <47A1EE26.9020802@sequestered.net> <47A1EEEE.90208@sequestered.net> <47A1F006.4050706@gmail.com> <47A1F35C.30006@sequestered.net> <47A1F4EA.4030807@gmail.com> Message-ID: <47A1F68B.3090500@sequestered.net> Ronny T. Lampert wrote: >>>> So where does clamav-config come from? >>> >>> Only in clamav-devel or similar. >>> >> That's not mentioned as being something to install on the Wiki. >> Should I add it anyway? > > I think - problem found. > Please install the clamav-devel. > > [ The thing is, if you do a source install, all headers and libs and > the clamav-config will be installed; when you do a rpm install, those > are split and available in the -devel rpm only! ] > > Report back! > > Cheers, > Ronny Closer-- definitely closer. New error now during the build of the same module-- this is a freshly installed CentOS5 minimal install, so it's probably a dependancy issue: Running Mkbootstrap for Mail::ClamAV () chmod 644 ClamAV.bs rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so gcc -shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib ClamAV.o -o blib/arch/auto/Mail/ClamAV/ClamAV.so \ -L/usr/lib -lz -lbz2 -lgmp -lclamav \ /usr/bin/ld: cannot find -lz collect2: ld returned 1 exit status make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1 make[1]: Leaving directory `/tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV' A problem was encountered while attempting to compile and install your Inline C code. The command that failed was: make The build directory was: /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV To debug the problem, cd to the build directory, and inspect the output files. at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 178 BEGIN failed--compilation aborted at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 556. Compilation failed in require. BEGIN failed--compilation aborted. make: *** [ClamAV.inl] Error 25 -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) From telecaadmin at gmail.com Thu Jan 31 16:35:14 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Thu Jan 31 16:35:22 2008 Subject: Perl Modules In-Reply-To: <47A1F68B.3090500@sequestered.net> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> <47A1EE26.9020802@sequestered.net> <47A1EEEE.90208@sequestered.net> <47A1F006.4050706@gmail.com> <47A1F35C.30006@sequestered.net> <47A1F4EA.4030807@gmail.com> <47A1F68B.3090500@sequestered.net> Message-ID: <47A1F8C2.6040406@gmail.com> > rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so > gcc -shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 > -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib ClamAV.o > -o blib/arch/auto/Mail/ClamAV/ClamAV.so \ > -L/usr/lib -lz -lbz2 -lgmp -lclamav \ > /usr/bin/ld: cannot find -lz > collect2: ld returned 1 exit status > make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1 > make[1]: Leaving directory > `/tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV' #> yum install zlib-devel bzip2-devel gmp-devel and you're golden. From MailScanner at ecs.soton.ac.uk Thu Jan 31 16:35:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 16:35:47 2008 Subject: MCP Header Line In-Reply-To: References: Message-ID: <47A1F8C8.4000300@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just set the relevant MCP header to be totally blank, and it shouldn't add it at all. Gottschalk, David wrote: > Hi all, > Is it possible to remove the header that MCP adds if it finds a match? I'd prefer not to have that in the header after the email is delivered. > > Thanks! > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > > > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHofjJEfZZRxQVtlQRAoBtAJ41lFV/NHrjcv2IHsexTDESIlp4IACgqqvf EJ3JeHJdPbgidlmHzZg+2zA= =fIQz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pablo at lacnic.net Thu Jan 31 15:35:40 2008 From: pablo at lacnic.net (Pablo Allietti) Date: Thu Jan 31 16:36:58 2008 Subject: clamd with mailscanner Message-ID: <47A1EACC.2030105@lacnic.net> i have a problem. i recently buy a server with core 2 duo and install mailscanner with calamv i have a 200 e-mail daily traffic.. (nothing) but clamav eating my CPU. 100% with clamav process when processing a e-mail. is any option or sintax to add to clamav to dont "eat" my cpu? -- From uxbod at splatnix.net Thu Jan 31 16:02:46 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 16:37:24 2008 Subject: Perl Modules In-Reply-To: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> Message-ID: <30768185.1271201795366118.JavaMail.root@office.splatnix.net> locate clamscan ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 31 16:38:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 16:38:42 2008 Subject: Perl Modules In-Reply-To: <47A1F68B.3090500@sequestered.net> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> <47A1EE26.9020802@sequestered.net> <47A1EEEE.90208@sequestered.net> <47A1F006.4050706@gmail.com> <47A1F35C.30006@sequestered.net> <47A1F4EA.4030807@gmail.com> <47A1F68B.3090500@sequestered.net> Message-ID: <47A1F97A.7080800@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jay Chandler wrote: > Ronny T. Lampert wrote: >>>>> So where does clamav-config come from? >>>> >>>> Only in clamav-devel or similar. >>>> >>> That's not mentioned as being something to install on the Wiki. >>> Should I add it anyway? >> >> I think - problem found. >> Please install the clamav-devel. >> >> [ The thing is, if you do a source install, all headers and libs and >> the clamav-config will be installed; when you do a rpm install, those >> are split and available in the -devel rpm only! ] >> >> Report back! >> >> Cheers, >> Ronny > Closer-- definitely closer. New error now during the build of the > same module-- this is a freshly installed CentOS5 minimal install, so > it's probably a dependancy issue: > > Running Mkbootstrap for Mail::ClamAV () > chmod 644 ClamAV.bs > rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so > gcc -shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 > -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib ClamAV.o > -o blib/arch/auto/Mail/ClamAV/ClamAV.so \ > -L/usr/lib -lz -lbz2 -lgmp -lclamav \ > /usr/bin/ld: cannot find -lz > collect2: ld returned 1 exit status You need the RPMs "zlib" and "zlib-devel". > make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1 > make[1]: Leaving directory > `/tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV' > > A problem was encountered while attempting to compile and install your > Inline > C code. The command that failed was: > make > > The build directory was: > /tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV > > To debug the problem, cd to the build directory, and inspect the > output files. > > at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 178 > BEGIN failed--compilation aborted at > /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 556. > Compilation failed in require. > BEGIN failed--compilation aborted. > make: *** [ClamAV.inl] Error 25 > > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHofl7EfZZRxQVtlQRAvCwAJ9bbNQrn4qK/JIfHISBllcMA42sVACeK1gl RnQCsGxDdfLm+zRJ3TWnMyA= =Shj1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lists at sequestered.net Thu Jan 31 16:39:11 2008 From: lists at sequestered.net (Jay Chandler) Date: Thu Jan 31 16:39:21 2008 Subject: Perl Modules In-Reply-To: <47A1F8C2.6040406@gmail.com> References: <21439388.1211201794279085.JavaMail.root@office.splatnix.net> <47A1EE26.9020802@sequestered.net> <47A1EEEE.90208@sequestered.net> <47A1F006.4050706@gmail.com> <47A1F35C.30006@sequestered.net> <47A1F4EA.4030807@gmail.com> <47A1F68B.3090500@sequestered.net> <47A1F8C2.6040406@gmail.com> Message-ID: <47A1F9AF.2020203@sequestered.net> Ronny T. Lampert wrote: >> rm -f blib/arch/auto/Mail/ClamAV/ClamAV.so >> gcc -shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions >> -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 >> -mtune=generic -fasynchronous-unwind-tables -L/usr/local/lib >> ClamAV.o -o blib/arch/auto/Mail/ClamAV/ClamAV.so \ >> -L/usr/lib -lz -lbz2 -lgmp -lclamav \ >> /usr/bin/ld: cannot find -lz >> collect2: ld returned 1 exit status >> make[1]: *** [blib/arch/auto/Mail/ClamAV/ClamAV.so] Error 1 >> make[1]: Leaving directory >> `/tmp/Mail-ClamAV-0.21/_Inline/build/Mail/ClamAV' > > #> yum install zlib-devel bzip2-devel gmp-devel > > and you're golden. We'd like to hope, but: Finished Build Compile Stage Manifying blib/man3/Mail::ClamAV.3pm PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV.... # Failed test 'use Mail::ClamAV;' # at t/Mail-ClamAV.t line 9. # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/tmp/Mail-ClamAV-0.21/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: /tmp/Mail-ClamAV-0.21/blib/arch/auto/Mail/ClamAV/ClamAV.so: failed to map segment from shared object: Operation not permitted at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.8/Inline.pm line 500 # # # at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 173 # BEGIN failed--compilation aborted at t/Mail-ClamAV.t line 9. # Compilation failed in require at (eval 3) line 2. # BEGIN failed--compilation aborted at (eval 3) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. # Looks like you failed 1 test of 1 run. t/Mail-ClamAV....dubious Test returned status 1 (wstat 256, 0x100) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Mail-ClamAV.t 1 256 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 1 -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) From uxbod at splatnix.net Thu Jan 31 16:42:57 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 16:43:34 2008 Subject: Perl Modules In-Reply-To: <47A1F68B.3090500@sequestered.net> Message-ID: <22042053.1501201797777593.JavaMail.root@office.splatnix.net> If you are going to be using FuzzyOcr with SA aswell you will need these :- yum install rpm-build gcc postfix gcc-c++ openssl-devel mysql-devel zlib-devel yum install giflib giflib-utils netpbm netpbm-progs libungif-bin Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Jay Chandler" wrote: > Ronny T. Lampert wrote: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Thu Jan 31 16:34:23 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 16:53:15 2008 Subject: Perl Modules In-Reply-To: <47A1F68B.3090500@sequestered.net> Message-ID: <26607696.1441201797263008.JavaMail.root@office.splatnix.net> Jay, You are missing some packages :- yum install rpm-build gcc gcc-c++ you will need these ;) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Jay Chandler" wrote: > Ronny T. Lampert wrote: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dgottsc at emory.edu Thu Jan 31 16:53:29 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Jan 31 16:53:44 2008 Subject: MCP Header Line In-Reply-To: <47A1F8C8.4000300@ecs.soton.ac.uk> References: <47A1F8C8.4000300@ecs.soton.ac.uk> Message-ID: Thanks Julian. I'll try that. I had commented it out entirely, but that didn't seem to work. David Gottschalk UTS Infrastructure Technology Services david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, January 31, 2008 11:35 AM To: MailScanner discussion Subject: Re: MCP Header Line -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just set the relevant MCP header to be totally blank, and it shouldn't add it at all. Gottschalk, David wrote: > Hi all, > Is it possible to remove the header that MCP adds if it finds a match? I'd prefer not to have that in the header after the email is delivered. > > Thanks! > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > > > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHofjJEfZZRxQVtlQRAoBtAJ41lFV/NHrjcv2IHsexTDESIlp4IACgqqvf EJ3JeHJdPbgidlmHzZg+2zA= =fIQz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From uxbod at splatnix.net Thu Jan 31 16:59:11 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 16:59:47 2008 Subject: Perl Modules In-Reply-To: <31684793.1531201798678717.JavaMail.root@office.splatnix.net> Message-ID: <23405387.1551201798751172.JavaMail.root@office.splatnix.net> Jay, I installed a fresh CentOS5 the other day. Here were the main steps :- 1) Install base CentOS5 (accept all defaults) 2) Yum update 3) /usr/bin/system-config-securitylevel as I disable SELinux 4)service sendmail stop 5)chkconfig ?level 2345 sendmail off 6)yum install rpm-build gcc postfix gcc-c++ openssl-devel mysql-devel zlib-devel 7)yum install openldap-clients php-mysql giflib giflib-utils netpbm netpbm-progs libungif-bin 8)yum remove spamassassin Some extra packages there for MailWatch etc and LDAP directory integration. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Jay Chandler" wrote: > Ronny T. Lampert wrote: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at lubik.ca Thu Jan 31 17:03:59 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Jan 31 17:04:36 2008 Subject: clamd with mailscanner In-Reply-To: <47A1EACC.2030105@lacnic.net> References: <47A1EACC.2030105@lacnic.net> Message-ID: Pablo Allietti wrote: > i have a problem. i recently buy a server with core 2 duo and install > mailscanner with calamv i have a 200 e-mail daily traffic.. (nothing) > > but clamav eating my CPU. 100% with clamav process when processing a > e-mail. is any option or sintax to add to clamav to dont "eat" my cpu? Are you using clamd or clamav? If you're using clamav, you should try clamavmodule, or clamd, which are more efficient. However, keep in mind that MailScanner and other components will use 100 of the CPU if it is available. From lists at sequestered.net Thu Jan 31 17:05:24 2008 From: lists at sequestered.net (Jay Chandler) Date: Thu Jan 31 17:05:35 2008 Subject: Perl Modules In-Reply-To: <22042053.1501201797777593.JavaMail.root@office.splatnix.net> References: <22042053.1501201797777593.JavaMail.root@office.splatnix.net> Message-ID: <47A1FFD4.8000906@sequestered.net> --[ UxBoD ]-- wrote: > If you are going to be using FuzzyOcr with SA aswell you will need these :- > > yum install rpm-build gcc postfix gcc-c++ openssl-devel mysql-devel zlib-devel > yum install giflib giflib-utils netpbm netpbm-progs libungif-bin > Regards, > > Made sure that all of these were installed. Still getting: Manifying blib/man3/Mail::ClamAV.3pm PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV.... # Failed test 'use Mail::ClamAV;' # at t/Mail-ClamAV.t line 9. # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/tmp/Mail-ClamAV-0.21/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: /tmp/Mail-ClamAV-0.21/blib/arch/auto/Mail/ClamAV/ClamAV.so: failed to map segment from shared object: Operation not permitted at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.8/Inline.pm line 500 # # # at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 173 # BEGIN failed--compilation aborted at t/Mail-ClamAV.t line 9. # Compilation failed in require at (eval 3) line 2. # BEGIN failed--compilation aborted at (eval 3) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. # Looks like you failed 1 test of 1 run. t/Mail-ClamAV....dubious Test returned status 1 (wstat 256, 0x100) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Mail-ClamAV.t 1 256 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 1 -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) From MailScanner at ecs.soton.ac.uk Thu Jan 31 17:06:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 17:06:48 2008 Subject: clamd with mailscanner In-Reply-To: <47A1EACC.2030105@lacnic.net> References: <47A1EACC.2030105@lacnic.net> Message-ID: <47A2000B.9010009@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pablo Allietti wrote: > i have a problem. i recently buy a server with core 2 duo and install > mailscanner with calamv i have a 200 e-mail daily traffic.. (nothing) > > but clamav eating my CPU. 100% with clamav process when processing a > e-mail. is any option or sintax to add to clamav to dont "eat" my cpu? > How did you install ClamAV and clamd? And where did you get them from? What is your "Virus Scanners =" setting in MailScanner.conf? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHogANEfZZRxQVtlQRAve2AKChNFZgi7a630Wz0kGr25j8NxlWWQCgi/Nf P3KujHG7nOJj962nXYckBVw= =FS/V -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From pablo at lacnic.net Thu Jan 31 17:45:48 2008 From: pablo at lacnic.net (Pablo Allietti) Date: Thu Jan 31 17:46:58 2008 Subject: clamd with mailscanner In-Reply-To: <47A2000B.9010009@ecs.soton.ac.uk> References: <47A1EACC.2030105@lacnic.net> <47A2000B.9010009@ecs.soton.ac.uk> Message-ID: <47A2094C.9060809@lacnic.net> i solve the problem... i have clamav 0.88 toooo old.. i upgrade to 0.92 and its work perfectly now. thanks a lot Julian Field wrote: > > > Pablo Allietti wrote: >> i have a problem. i recently buy a server with core 2 duo and install >> mailscanner with calamv i have a 200 e-mail daily traffic.. (nothing) > >> but clamav eating my CPU. 100% with clamav process when processing a >> e-mail. is any option or sintax to add to clamav to dont "eat" my cpu? > > How did you install ClamAV and clamd? And where did you get them from? > What is your "Virus Scanners =" setting in MailScanner.conf? > > Jules > -- .- Pablo Allietti E-mail: pablo@lacnic.net | LACNIC Phone : +598 2 6042222 | http://LACNIC.NET From uxbod at splatnix.net Thu Jan 31 17:55:27 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Jan 31 17:55:49 2008 Subject: Perl Modules In-Reply-To: <47A1FFD4.8000906@sequestered.net> Message-ID: <1536822.1611201802127345.JavaMail.root@office.splatnix.net> Hmmm, something looks very broken :( can you do the install again and redirect all errors to a logfile and post that up somewhere ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Jay Chandler" wrote: --[ UxBoD ]-- wrote: > If you are going to be using FuzzyOcr with SA aswell you will need these :- > > yum install rpm-build gcc postfix gcc-c++ openssl-devel mysql-devel zlib-devel > yum install giflib giflib-utils netpbm netpbm-progs libungif-bin > Regards, > > Made sure that all of these were installed. Still getting: Manifying blib/man3/Mail::ClamAV.3pm PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/Mail-ClamAV.... # Failed test 'use Mail::ClamAV;' # at t/Mail-ClamAV.t line 9. # Tried to use 'Mail::ClamAV'. # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' # # Can't load '/tmp/Mail-ClamAV-0.21/blib/arch/auto/Mail/ClamAV/ClamAV.so' for module Mail::ClamAV: /tmp/Mail-ClamAV-0.21/blib/arch/auto/Mail/ClamAV/ClamAV.so: failed to map segment from shared object: Operation not permitted at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 230. # at /usr/lib/perl5/site_perl/5.8.8/Inline.pm line 500 # # # at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 173 # BEGIN failed--compilation aborted at t/Mail-ClamAV.t line 9. # Compilation failed in require at (eval 3) line 2. # BEGIN failed--compilation aborted at (eval 3) line 2. t/Mail-ClamAV....NOK 1"all" is not defined in %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 Can't continue after import errors at t/Mail-ClamAV.t line 11 # Looks like you planned 10 tests but only ran 1. # Looks like you failed 1 test of 1 run. t/Mail-ClamAV....dubious Test returned status 1 (wstat 256, 0x100) DIED. FAILED tests 1-10 Failed 10/10 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/Mail-ClamAV.t 1 256 10 19 190.00% 1-10 Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 1 -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Well fix that in the next (upgrade, update, patch release, service pack) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 31 17:33:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 17:59:42 2008 Subject: Perl Modules In-Reply-To: <47A1FFD4.8000906@sequestered.net> References: <22042053.1501201797777593.JavaMail.root@office.splatnix.net> <47A1FFD4.8000906@sequestered.net> Message-ID: <47A20655.80406@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jay Chandler wrote: > --[ UxBoD ]-- wrote: >> If you are going to be using FuzzyOcr with SA aswell you will need >> these :- >> >> yum install rpm-build gcc postfix gcc-c++ openssl-devel mysql-devel >> zlib-devel >> yum install giflib giflib-utils netpbm netpbm-progs libungif-bin >> Regards, >> >> > Made sure that all of these were installed. > > Still getting: > > Manifying blib/man3/Mail::ClamAV.3pm > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > t/Mail-ClamAV.... > # Failed test 'use Mail::ClamAV;' > # at t/Mail-ClamAV.t line 9. > # Tried to use 'Mail::ClamAV'. > # Error: Had problems bootstrapping Inline module 'Mail::ClamAV' > # > # Can't load > '/tmp/Mail-ClamAV-0.21/blib/arch/auto/Mail/ClamAV/ClamAV.so' for > module Mail::ClamAV: > /tmp/Mail-ClamAV-0.21/blib/arch/auto/Mail/ClamAV/ClamAV.so: failed to > map segment from shared object: Operation not permitted at > /usr/lib/perl5/5.8.8/i386-linux-thread-multi/DynaLoader.pm line 230. Make sure you aren't mounting /tmp with the "noexec" flag. Check your /etc/fstab for this. If you do find noexec there, then (a) remove it and save /etc/fstab and (b) remount your current /tmp without the flag. This command should do it: mount -o remount,rw,defaults /tmp > # at /usr/lib/perl5/site_perl/5.8.8/Inline.pm line 500 > # > # > # at /tmp/Mail-ClamAV-0.21/blib/lib/Mail/ClamAV.pm line 173 > # BEGIN failed--compilation aborted at t/Mail-ClamAV.t line 9. > # Compilation failed in require at (eval 3) line 2. > # BEGIN failed--compilation aborted at (eval 3) line 2. > t/Mail-ClamAV....NOK 1"all" is not defined in > %Mail::ClamAV::EXPORT_TAGS at t/Mail-ClamAV.t line 11 > Can't continue after import errors at t/Mail-ClamAV.t line 11 > # Looks like you planned 10 tests but only ran 1. > # Looks like you failed 1 test of 1 run. > t/Mail-ClamAV....dubious > > Test returned status 1 (wstat 256, 0x100) > DIED. FAILED tests 1-10 > Failed 10/10 tests, 0.00% okay > Failed Test Stat Wstat Total Fail Failed List of Failed > ------------------------------------------------------------------------------- > > t/Mail-ClamAV.t 1 256 10 19 190.00% 1-10 > Failed 1/1 test scripts, 0.00% okay. 10/10 subtests failed, 0.00% okay. > make: *** [test_dynamic] Error 1 > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHogZYEfZZRxQVtlQRApNrAJ4pBd3F6SF687qqbbrVXs3t5pw5uwCcDY2I pI6UHsVogLnmVhbPYDohwk8= =FmhT -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 31 17:29:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 17:59:44 2008 Subject: MCP Header Line In-Reply-To: References: <47A1F8C8.4000300@ecs.soton.ac.uk> Message-ID: <47A2056C.30102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you comment it out entirely, it uses the hard-wired default value. This is needed for people who are missing configuration settings from their MailScanner.conf if they haven't run upgrade_MailScanner_conf. Gottschalk, David wrote: > Thanks Julian. > > I'll try that. I had commented it out entirely, but that didn't seem to work. > > David Gottschalk > UTS Infrastructure Technology Services > david.gottschalk@emory.edu > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Thursday, January 31, 2008 11:35 AM > To: MailScanner discussion > Subject: Re: MCP Header Line > > > * PGP Signed by an unmatched address: 01/31/08 at 16:35:21 > > Just set the relevant MCP header to be totally blank, and it shouldn't > add it at all. > > Gottschalk, David wrote: > >> Hi all, >> Is it possible to remove the header that MCP adds if it finds a match? I'd prefer not to have that in the header after the email is delivered. >> >> Thanks! >> >> David Gottschalk >> UTS Infrastructure Technology Services >> david.gottschalk@emory.edu >> >> >> >> This e-mail message (including any attachments) is for the sole use of >> the intended recipient(s) and may contain confidential and privileged >> information. If the reader of this message is not the intended >> recipient, you are hereby notified that any dissemination, distribution >> or copying of this message (including any attachments) is strictly >> prohibited. >> >> If you have received this message in error, please contact >> the sender by reply e-mail message and destroy all copies of the >> original message (including attachments). >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > * Julian Field > * 0x1415B654(L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHogVuEfZZRxQVtlQRAk2aAKCVim/YLLSj9w1DFuL+rmR2nAotsACg/x/T 3+XhObtD5LqOltRbWRF2Fx4= =GT1J -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 31 18:14:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 18:15:16 2008 Subject: clamd with mailscanner In-Reply-To: <47A2094C.9060809@lacnic.net> References: <47A1EACC.2030105@lacnic.net> <47A2000B.9010009@ecs.soton.ac.uk> <47A2094C.9060809@lacnic.net> Message-ID: <47A21017.9020002@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also, make sure you are using the "clamavmodule" or "clamd" setting in "Virus Scanners =" in MailScanner.conf. Don't use the "clamav" setting as it is very slow and inefficient compared to either of the other two ways of using that scanner. Pablo Allietti wrote: > i solve the problem... i have clamav 0.88 toooo old.. > > i upgrade to 0.92 and its work perfectly now. thanks a lot > > Julian Field wrote: > >> Pablo Allietti wrote: >> >>> i have a problem. i recently buy a server with core 2 duo and install >>> mailscanner with calamv i have a 200 e-mail daily traffic.. (nothing) >>> >>> but clamav eating my CPU. 100% with clamav process when processing a >>> e-mail. is any option or sintax to add to clamav to dont "eat" my cpu? >>> >> How did you install ClamAV and clamd? And where did you get them from? >> What is your "Virus Scanners =" setting in MailScanner.conf? >> >> Jules >> >> > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: ISO-8859-1 wj8DBQFHohAeEfZZRxQVtlQRArbXAJ0SJfJBx3NQy1TcgGyv25uZL4DcDwCgid87 isURiNBhLwmGV+9TO7F2Z8w= =6kCP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at usherbrooke.ca Thu Jan 31 19:12:17 2008 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Thu Jan 31 19:18:01 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <47A1A082.2000902@ecs.soton.ac.uk> References: <23743730.181201773539501.JavaMail.root@office.splatnix.net> <47A1A082.2000902@ecs.soton.ac.uk> Message-ID: <47A21D91.6060909@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is it really worth making this yet another settable option? > Does anyone (except the original poster) want to be able to tweak this > setting? > > Julian, What was this about exactly? I vaguely remember files within TNEF containers having shorter names than originally. But what were you to do about it? Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Thu Jan 31 19:27:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 31 19:28:13 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <47A21D91.6060909@USherbrooke.ca> References: <23743730.181201773539501.JavaMail.root@office.splatnix.net> <47A1A082.2000902@ecs.soton.ac.uk> <47A21D91.6060909@USherbrooke.ca> Message-ID: <47A2212F.2070903@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis Beauchemin wrote: > Julian Field a ?crit : >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Is it really worth making this yet another settable option? >> Does anyone (except the original poster) want to be able to tweak >> this setting? >> >> > > Julian, > > What was this about exactly? I vaguely remember files within TNEF > containers having shorter names than originally. But what were you to > do about it? When TNEF files were being replaced with the original attachments, MailScanner was using shortened "safe" filenames, rather than the original long filenames. I have changed it to use the original long filenames. This thread isn't very old, you should be able to find the whole thread pretty easily (last day or two at most). > > Denis > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.0 (Build 1012) Comment: Use Thunderbird's Enigmail add-on to verify this message Charset: UTF-8 wj8DBQFHoiE2EfZZRxQVtlQRAkeVAKDX2S3aeTUsgjOiJIVPmDri/5ku6ACgjUIr VtPROpmkBzchZsPfspdiC+4= =YHkr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at usherbrooke.ca Thu Jan 31 19:36:17 2008 From: Denis.Beauchemin at usherbrooke.ca (Denis Beauchemin) Date: Thu Jan 31 19:37:31 2008 Subject: AW: Problems with TNEF and long filenames In-Reply-To: <47A2212F.2070903@ecs.soton.ac.uk> References: <23743730.181201773539501.JavaMail.root@office.splatnix.net> <47A1A082.2000902@ecs.soton.ac.uk> <47A21D91.6060909@USherbrooke.ca> <47A2212F.2070903@ecs.soton.ac.uk> Message-ID: <47A22331.5060505@USherbrooke.ca> Julian Field a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Denis Beauchemin wrote: > >> Julian Field a ?crit : >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Is it really worth making this yet another settable option? >>> Does anyone (except the original poster) want to be able to tweak >>> this setting? >>> >>> >>> >> Julian, >> >> What was this about exactly? I vaguely remember files within TNEF >> containers having shorter names than originally. But what were you to >> do about it? >> > When TNEF files were being replaced with the original attachments, > MailScanner was using shortened "safe" filenames, rather than the > original long filenames. I have changed it to use the original long > filenames. > If the long filenames don't trigger any rule in filename.rules.conf, then I don't see the need to shorten them or even sanitize them. Denis PS: I know the thread was not old but I don't have the emails anymore and I was too lazy to search them on the net... :-/ -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045