From yashodhan.barve at gmail.com  Tue Jul  1 00:44:12 2008
From: yashodhan.barve at gmail.com (Yashodhan Barve)
Date: Tue Jul  1 00:44:19 2008
Subject: What is the best way to collect SPAM from users?
In-Reply-To: <loom.20080617T225411-913@post.gmane.org>
References: <48469ABC.6010208@gmail.com>
	<loom.20080617T225411-913@post.gmane.org>
Message-ID: <48696FCC.3010508@gmail.com>

Henry Kwan wrote:
> Yashodhan Barve <yashodhan.barve <at> gmail.com> writes:
>  
>> I was thinking of having a common mailbox in exchange to which users 
>> would move SPAM & HAM and then I would POP it and feed it to sa-learn.
>>
>> So what is a good approach that works? and how do I automate it?
> 
> Hi,
> 
> What did you end up doing?
> 
> I'm trying to figure out how to do the same thing on my Exchange 2007 setup. 
> I've setup a public folder that my users can dump ham/spam into but I'm not sure
> what the next step is.  How do I enable that public folder for IMAP so I can run
> some of the scripts that everyone mentions whenever I google?  Or alternative,
> how I convert all of the .msg's into a format that sa-learn can use?
> 
> Thanks.
> 
> 
The client had a Exchange 2003 setup. So I took the advice offered by 
the list members and ended up creating public folders ham/spam and the 
pull the email via imap.

You will have to enable IMAP4 for Exchnage 2007 (look in services) then 
you should be able to do the same.

I have a test exchange 2007 setup. I will try it on that and post an 
update if anything different needs to be done.

regards,
yashodhan
From marcel-ml at irc-addicts.de  Tue Jul  1 01:45:34 2008
From: marcel-ml at irc-addicts.de (Marcel Blenkers)
Date: Tue Jul  1 01:46:18 2008
Subject: Question regarding sendmail
Message-ID: <Pine.LNX.4.63.0807010243470.19472@marcel.netfinish.de>

Hi there,

currently i am receiving the following line within my maillog:

alias database /etc/aliases.db out of date

I just deleted aliases.db and rebuild it.

Still the same.

I am running sendmail 8.13.4 with MailScanner and milter-gris and 
milter-null from Snertsoft..

Any ideas around here?

Would be glad to get some help.

Thanks in advance

Greetings

Marcel


From marcel-ml at irc-addicts.de  Tue Jul  1 01:55:03 2008
From: marcel-ml at irc-addicts.de (Marcel Blenkers)
Date: Tue Jul  1 01:55:50 2008
Subject: Forget my last mail
Message-ID: <Pine.LNX.4.63.0807010254330.20430@marcel.netfinish.de>

Gosh,

it is way to late to do something.. :(

Sorry for the stupid question..

and good night..

Marcel
From alex at rtpty.com  Tue Jul  1 01:58:14 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  1 01:58:41 2008
Subject: Question regarding sendmail
In-Reply-To: <Pine.LNX.4.63.0807010243470.19472@marcel.netfinish.de>
References: <Pine.LNX.4.63.0807010243470.19472@marcel.netfinish.de>
Message-ID: <D78EAFD0-8B0B-4669-8A22-B4DF3D8F8BDB@rtpty.com>

Don't feed the list Nazis... That's an MTA issue...

Seriously, your /etc/aliases is what that file is created from. That  
file may have a weird date. Your system itself might also have a weird  
date. Check those and see.

Sent from my iPhone

On Jun 30, 2008, at 7:45 PM, Marcel Blenkers <marcel-ml@irc- 
addicts.de> wrote:

> Hi there,
>
> currently i am receiving the following line within my maillog:
>
> alias database /etc/aliases.db out of date
>
> I just deleted aliases.db and rebuild it.
>
> Still the same.
>
> I am running sendmail 8.13.4 with MailScanner and milter-gris and
> milter-null from Snertsoft..
>
> Any ideas around here?
>
> Would be glad to get some help.
>
> Thanks in advance
>
> Greetings
>
> Marcel
>
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Tue Jul  1 09:10:10 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  1 09:11:15 2008
Subject: Question about white and blacklisting in Mailscanner
In-Reply-To: <EMEW-k5YDnGf2bb22838b98cbd179aef22030b41475-000e01c8daaf$1337b8d0$39a72a70$@dk>
References: <EMEW-k5YDnGf2bb22838b98cbd179aef22030b41475-000e01c8daaf$1337b8d0$39a72a70$@dk>
Message-ID: <4869E662.4000806@ecs.soton.ac.uk>



Jonas Akrouh Larsen wrote:
>
> Hi all (Jules)
>
> For some time i have been wondering if what I want to do is possible 
> with MailScanner.
>
> I use the mailwatch database for white and blacklisting.
>
> For those not using mailwatch this means I set
>
> Is Definitely Not Spam = &SQLWhitelist
>
> Is Definitely Spam = &SQLBlacklist
>
> Which makes mailscanner do a lookup to check if a mail is white or 
> blacklisted.
>
> Now what has always wondered me is why both white and blacklisted mail 
> are STILL processed through spamassin regardless of their status.
>
That should only happen if you have asked to always get a SpamAssassin 
report.
>
> My logic is: If something is blacklisted I do not want to waste 
> resources on scanning it, since it won?t be delivered anyway.
>
> The reverse can be true for some locations I guess, ie. Not wanting to 
> scan white listed mails.
>
> At the very least I think it would make sense to make it an option, so 
> those with plenty of resources to spare can keep stats etc accurate by 
> still scanning the mails.
>
> So my question is: Can I make mailscanner 4.70.7-1 do this, or is it 
> not possible do save cpu/ram/network in this way with the current code?
>
> I guess maybe Jules is the best to answer, but I?m sure somebody else 
> might know as well.
>
> Best regards
>
> Jonas A. Larsen
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From henker at evendi.de  Tue Jul  1 09:30:19 2008
From: henker at evendi.de (Steffan Henke)
Date: Tue Jul  1 09:30:39 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <alpine.LFD.1.10.0806272300540.22025@henker>
References: <c2558da714eac944b0d6536fb8ad44d5@solidstatelogic.com>
	<alpine.WNT.1.10.0806271107290.2952@henker.shcom.us>
	<g43ji2$4g8$1@ger.gmane.org>
	<alpine.LFD.1.10.0806272300540.22025@henker>
Message-ID: <alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>


I am still debugging my SpamAssassin problems - meanwhile I noticed that 
the only rules that ever increase the score are Botnet and one KAM rule:

SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, KAM_BADIPHTTP 
2.00)
SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, 
autolearn=disabled, BOTNET 2.00)

- the majority of all emails is still not marked at all - which is the 
reason I disabled autolearning by now:

SpamAssassin (nicht gecached, Wertung=0, benoetigt 5.5, 
autolearn=disabled)

SA itself is working as it always was, spamd is running in combination 
with spamass-milter.

I wonder why still no tests show up in MailScanner however:

10:27:20 [13867] dbg: check: tests=
10:27:20 [13867] dbg: check: subtests=__BOTNET_NOTRUST

Regards,

Steffan

From martinh at solidstatelogic.com  Tue Jul  1 11:59:25 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  1 11:59:36 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>
Message-ID: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com>

Stefan

If you're calling Spamassassin from spamass-milter why are you calling it again from mailScanner??

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Steffan Henke
> Sent: 01 July 2008 09:30
> To: MailScanner discussion
> Subject: Re: SpamAssassin 3.2.5 woes
>
>
> I am still debugging my SpamAssassin problems - meanwhile I
> noticed that the only rules that ever increase the score are
> Botnet and one KAM rule:
>
> SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, KAM_BADIPHTTP
> 2.00)
> SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5,
> autolearn=disabled, BOTNET 2.00)
>
> - the majority of all emails is still not marked at all -
> which is the reason I disabled autolearning by now:
>
> SpamAssassin (nicht gecached, Wertung=0, benoetigt 5.5,
> autolearn=disabled)
>
> SA itself is working as it always was, spamd is running in
> combination with spamass-milter.
>
> I wonder why still no tests show up in MailScanner however:
>
> 10:27:20 [13867] dbg: check: tests=
> 10:27:20 [13867] dbg: check: subtests=__BOTNET_NOTRUST
>
> Regards,
>
> Steffan
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From MailScanner at ecs.soton.ac.uk  Tue Jul  1 12:24:28 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  1 12:24:54 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <EMEW-k60C032a18d816a11fce00776219b1acceb0f1-alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>
References: <c2558da714eac944b0d6536fb8ad44d5@solidstatelogic.com>	<alpine.WNT.1.10.0806271107290.2952@henker.shcom.us>	<g43ji2$4g8$1@ger.gmane.org>	<alpine.LFD.1.10.0806272300540.22025@henker>
	<EMEW-k60C032a18d816a11fce00776219b1acceb0f1-alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>
Message-ID: <486A13EC.2090108@ecs.soton.ac.uk>



Steffan Henke wrote:
>
> I am still debugging my SpamAssassin problems - meanwhile I noticed 
> that the only rules that ever increase the score are Botnet and one 
> KAM rule:
>
> SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, KAM_BADIPHTTP 
> 2.00)
> SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, 
> autolearn=disabled, BOTNET 2.00)
>
> - the majority of all emails is still not marked at all - which is the 
> reason I disabled autolearning by now:
>
> SpamAssassin (nicht gecached, Wertung=0, benoetigt 5.5, 
> autolearn=disabled)
>
> SA itself is working as it always was, spamd is running in combination 
> with spamass-milter.
>
> I wonder why still no tests show up in MailScanner however:
>
> 10:27:20 [13867] dbg: check: tests=
> 10:27:20 [13867] dbg: check: subtests=__BOTNET_NOTRUST
This is odd. I use exactly the same MailScanner distribution as the rest 
of you, and the same SA install as you, and mine are working fine.

Can we start collecting evidence to try to discern some commonality 
between these systems where it's not working please?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From alex at rtpty.com  Tue Jul  1 12:35:16 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  1 12:36:55 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com>
References: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com>
Message-ID: <87D86EE8-4D06-45FD-9529-D0CF10D31635@rtpty.com>

Maybe to filter out stuff on a "first pass" before it gets to MS and  
then more finely or specifically (i.e. Rulesets) later? I've used some  
unorthodox methods before, depending on needs. I remember using  
clamavmilter way back when viruses outnumbered spam to ease the load.

Sent from my iPhone

On Jul 1, 2008, at 5:59 AM, "Martin.Hepworth" <martinh@solidstatelogic.com 
 > wrote:

> Stefan
>
> If you're calling Spamassassin from spamass-milter why are you  
> calling it again from mailScanner??
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Steffan Henke
>> Sent: 01 July 2008 09:30
>> To: MailScanner discussion
>> Subject: Re: SpamAssassin 3.2.5 woes
>>
>>
>> I am still debugging my SpamAssassin problems - meanwhile I
>> noticed that the only rules that ever increase the score are
>> Botnet and one KAM rule:
>>
>> SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5, KAM_BADIPHTTP
>> 2.00)
>> SpamAssassin (nicht gecached, Wertung=2, benoetigt 5.5,
>> autolearn=disabled, BOTNET 2.00)
>>
>> - the majority of all emails is still not marked at all -
>> which is the reason I disabled autolearning by now:
>>
>> SpamAssassin (nicht gecached, Wertung=0, benoetigt 5.5,
>> autolearn=disabled)
>>
>> SA itself is working as it always was, spamd is running in
>> combination with spamass-milter.
>>
>> I wonder why still no tests show up in MailScanner however:
>>
>> 10:27:20 [13867] dbg: check: tests=
>> 10:27:20 [13867] dbg: check: subtests=__BOTNET_NOTRUST
>>
>> Regards,
>>
>> Steffan
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From henker at evendi.de  Tue Jul  1 12:52:38 2008
From: henker at evendi.de (Steffan Henke)
Date: Tue Jul  1 12:52:56 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com>
References: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com>
Message-ID: <alpine.WNT.1.10.0807011348300.2900@henker.shcom.us>

On Tue, 1 Jul 2008, Martin.Hepworth wrote:

> If you're calling Spamassassin from spamass-milter why are you calling it again from mailScanner??

Martin,

I use spamass-milter as a first measure. Emails having a rather high score 
are rejected immediately with a rather simple ruleset.
After that, emails that passed the milter are processed by MailScanner.

Regards,

Steffan


From henker at evendi.de  Tue Jul  1 13:45:10 2008
From: henker at evendi.de (Steffan Henke)
Date: Tue Jul  1 13:45:19 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <486A13EC.2090108@ecs.soton.ac.uk>
References: <c2558da714eac944b0d6536fb8ad44d5@solidstatelogic.com>
	<alpine.WNT.1.10.0806271107290.2952@henker.shcom.us>
	<g43ji2$4g8$1@ger.gmane.org>
	<alpine.LFD.1.10.0806272300540.22025@henker>
	<EMEW-k60C032a18d816a11fce00776219b1acceb0f1-alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>
	<486A13EC.2090108@ecs.soton.ac.uk>
Message-ID: <alpine.WNT.1.10.0807011437090.2900@henker.shcom.us>

On Tue, 1 Jul 2008, Julian Field wrote:


> Can we start collecting evidence to try to discern some commonality between 
> these systems where it's not working please?

Julian

the only spamassassin part that shows up as modified is:

rpm -qV spamassassin
S.5....T  c /etc/rc.d/init.d/spamassassin - I usually modify the startup 
script to use a TMPDIR on /dev/shm.

Apart from that, I even ran a diff over /usr/lib/MailScanner between the 
two systems:
diff -qr /usr/lib/MailScanner /backups/MailScanner
Files /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm and 
/backups/MailScanner/MailScanner/CustomFunctions/MailWatch.pm 
differ

- nothing else...

Regards,

Steffan

From alex at rtpty.com  Tue Jul  1 13:59:42 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  1 14:00:04 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <alpine.WNT.1.10.0807011348300.2900@henker.shcom.us>
References: <2b2dd2594caba8438ba7875c9aadd794@solidstatelogic.com>
	<alpine.WNT.1.10.0807011348300.2900@henker.shcom.us>
Message-ID: <6DE70561-EFE8-4E96-925D-09B4B8E38FC5@rtpty.com>

Told you so! :-) makes sense...

Sent from my iPhone

On Jul 1, 2008, at 6:52 AM, Steffan Henke <henker@evendi.de> wrote:

> On Tue, 1 Jul 2008, Martin.Hepworth wrote:
>
>> If you're calling Spamassassin from spamass-milter why are you  
>> calling it again from mailScanner??
>
> Martin,
>
> I use spamass-milter as a first measure. Emails having a rather high  
> score are rejected immediately with a rather simple ruleset.
> After that, emails that passed the milter are processed by  
> MailScanner.
>
> Regards,
>
> Steffan
>
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Tue Jul  1 15:08:24 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  1 15:08:42 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <EMEW-k60E8ve4bbea84249670f4dca9bf2883d74308-alpine.WNT.1.10.0807011437090.2900@henker.shcom.us>
References: <c2558da714eac944b0d6536fb8ad44d5@solidstatelogic.com>	<alpine.WNT.1.10.0806271107290.2952@henker.shcom.us>	<g43ji2$4g8$1@ger.gmane.org>	<alpine.LFD.1.10.0806272300540.22025@henker>	<EMEW-k60C032a18d816a11fce00776219b1acceb0f1-alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>	<486A13EC.2090108@ecs.soton.ac.uk>
	<EMEW-k60E8ve4bbea84249670f4dca9bf2883d74308-alpine.WNT.1.10.0807011437090.2900@henker.shcom.us>
Message-ID: <486A3A58.5030500@ecs.soton.ac.uk>



Steffan Henke wrote:
> On Tue, 1 Jul 2008, Julian Field wrote:
>
>
>> Can we start collecting evidence to try to discern some commonality 
>> between these systems where it's not working please?
>
> Julian
>
> the only spamassassin part that shows up as modified is:
>
> rpm -qV spamassassin
> S.5....T  c /etc/rc.d/init.d/spamassassin - I usually modify the 
> startup script to use a TMPDIR on /dev/shm.
Just mount /tmp using tmpfs, you don't need to mess with /dev/shm, 
that's only really there as an example, as far as I'm concerned.

Check that whatever user you are running MailScanner as, can actually 
read all the SpamAssasssin rules. Dodgy permissions somewhere near the 
top of the /var/lib/spamasssassin(?) tree would break it fairly well.
>
> Apart from that, I even ran a diff over /usr/lib/MailScanner between 
> the two systems:
> diff -qr /usr/lib/MailScanner /backups/MailScanner
> Files /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm 
> and /backups/MailScanner/MailScanner/CustomFunctions/MailWatch.pm differ
>
> - nothing else...
>
> Regards,
>
> Steffan
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jcputter at centerweb.co.za  Tue Jul  1 15:47:04 2008
From: jcputter at centerweb.co.za (JC Putter)
Date: Tue Jul  1 15:48:20 2008
Subject: New to  mailscanner
Message-ID: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>

Hi 

 

Does mailscanner send out an email to users says they have email in
they're quarantine ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/07dd206c/attachment.html
From prandal at herefordshire.gov.uk  Tue Jul  1 16:35:07 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Tue Jul  1 16:35:30 2008
Subject: New to  mailscanner
In-Reply-To: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>
References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk>

It can do, but there are a few good reasons why it shouldn't.
 
First off, there's not much point in replacing incoming spam emails by
emails from MailScanner.  You might as well just deliver it all and let
the user decide.
 
Secondly, a lot of the subject lines in spam are deeply offensive to
various people, so even telling end users the email subject lines could
be troublesome.
 
MailWatch can be configured to send users summary reports of what's been
blocked, but see above.
 
Cheers,
 
Phil
-- 
Phil Randal 
Networks Engineer 
Herefordshire Council 
Hereford, UK 
 

________________________________

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of JC
Putter
Sent: 01 July 2008 15:47
To: mailscanner@lists.mailscanner.info
Subject: New to mailscanner



Hi 

 

Does mailscanner send out an email to users says they have email in
they're quarantine ?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/21375081/attachment.html
From ssilva at sgvwater.com  Tue Jul  1 16:52:40 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jul  1 16:53:07 2008
Subject: Health update
In-Reply-To: <48661B72.3030207@ecs.soton.ac.uk>
References: <4852BC3D.3050802@ecs.soton.ac.uk>	<200806132114.m5DLE4gQ018541@mxt.1bigthink.com>	<223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com>	<48625894.9020703@utwente.nl>	<EMEW-k5ONb2f634cc8bd9c422165306591095f40d15-g3uh37$u4m$1@ger.gmane.org>
	<48661B72.3030207@ecs.soton.ac.uk>
Message-ID: <g4djs9$13k$1@ger.gmane.org>

on 6-28-2008 4:07 AM Julian Field spake the following:
> 
> 
> Scott Silva wrote:
>> on 6-25-2008 7:39 AM Peter Peters spake the following:
>>> Glenn Steen wrote on 13-6-2008 23:20:
>>>
>>>> Same here... Well. Haven't donated any organs (yet), and some of them
>>>> are really shoddy... But I do carry my donor card with me at all
>>>> times... Who knows when time is up?!
>>>
>>> My girlfriend does not feel to good about the idea of them cutting into
>>> me after I am dead. I am still trying to convince her.
>>
>> What is she going to do? Have you freeze-dried and prop you up in the 
>> corner?
>>
>> Tell her that it is a way for a part of you to live on after your gone.
>>
>>>
>>> At the meantime I donate blood every 3 to 4 months and will start
>>> donating blood plasm in a short while.
>>
>> I had to stop for a while as my blood pressure is too high for their 
>> liking, but not high enough for the doctor to put me on meds. But here 
>> is my donor card, and since I will most likely be cremated, my wife 
>> doesn't have a problem with it.
> I don't know if anyone here understands blood pressure figures, but 
> here's a couple to make you laugh. I normally have very low blood 
> pressure, and have to live on beta-blockers as well, which lower it 
> further.
> 
> Up and walking around the house, some paramedics once measured me (and 
> checked it as they didn't believe it) at 64/45. The last time I had an 
> endoscopy, it dropped to 65/39. That had them a little worried, to put 
> it mildly, but I had warned them in advance that this does tend to 
> happen. I've now had 31 endoscopies, and I know exactly how my body 
> reacts to them, i.e. not kindly :-)
Who reacts to them well? Not the most fun way to spend an afternoon! And they 
have the gall to tell you to relax!

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/d2fc839a/signature.bin
From ssilva at sgvwater.com  Tue Jul  1 16:54:51 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jul  1 16:55:10 2008
Subject: Can't install CentOS 5.2 update?
In-Reply-To: <486541B0.30200@vanderkooij.org>
References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com>	<g43cgt$b0p$1@ger.gmane.org>
	<486541B0.30200@vanderkooij.org>
Message-ID: <g4dk0a$13k$2@ger.gmane.org>

on 6-27-2008 12:38 PM Hugo van der Kooij spake the following:
> Scott Silva wrote:
> 
> | I think that Hugo V. was experimenting with setting up a repo for
> | mailscanner with a dummy package that had all the requires, but I
> | haven't heard any more about it.
> | It worked pretty well until rpmforge released an incompatible perl 
> module.
> 
> The surname is definitely not V. Alphabetically my surname starts with a K.
> 
> Once this whole moving business is done and everything is more or less
> in place again I will see if I can setup a more up-to-date repo. Perhaps
> even manage to keep it up-to-date.
> 
> Hugo van der Kooij.
> 
Sorry Hugo! Got in a hurry, and fat fingered it. No excuse...

Apologies..
-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/144b9de7/signature.bin
From ssilva at sgvwater.com  Tue Jul  1 17:25:16 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue Jul  1 17:25:49 2008
Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!!
In-Reply-To: <B6CE61DD-3B36-486E-A3F0-6C377D8E8177@rtpty.com>
References: <48688627.3080900@alexb.ch> <48688CD0.4000808@vanderkooij.org>
	<B6CE61DD-3B36-486E-A3F0-6C377D8E8177@rtpty.com>
Message-ID: <g4dlpf$auo$1@ger.gmane.org>

on 6-30-2008 4:20 AM Alex Neuman spake the following:
> What's the general experience with, say, RPMPAN?
> 
I use cpan2rpm on many packages if I can't find them somewhere else first.



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/f54b715d/signature.bin
From richard.siddall at elirion.net  Tue Jul  1 17:50:27 2008
From: richard.siddall at elirion.net (Richard Siddall)
Date: Tue Jul  1 17:51:04 2008
Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!!
In-Reply-To: <g4dlpf$auo$1@ger.gmane.org>
References: <48688627.3080900@alexb.ch>
	<48688CD0.4000808@vanderkooij.org>	<B6CE61DD-3B36-486E-A3F0-6C377D8E8177@rtpty.com>
	<g4dlpf$auo$1@ger.gmane.org>
Message-ID: <486A6053.8010203@elirion.net>

Scott Silva wrote:
> on 6-30-2008 4:20 AM Alex Neuman spake the following:
>> What's the general experience with, say, RPMPAN?
>>
> I use cpan2rpm on many packages if I can't find them somewhere else first.
> 

I use ovid (http://search.cpan.org/~gyepi/Ovid-0.12/) as it will build 
RPMs of the dependencies.  I'm intending to try cpanspec 
(http://cpanspec.sourceforge.net/) as (according to the author) it 
checks a repository to see if the RPM already exists before building it.

Regards,

	Richard
From dnsadmin at 1bigthink.com  Tue Jul  1 18:00:49 2008
From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com)
Date: Tue Jul  1 18:01:24 2008
Subject: Can't install CentOS 5.2 update?
In-Reply-To: <g4dk0a$13k$2@ger.gmane.org>
References: <67a55ed50806270614u12bb9bcap655908da041ba201@mail.gmail.com>
	<g43cgt$b0p$1@ger.gmane.org> <486541B0.30200@vanderkooij.org>
	<g4dk0a$13k$2@ger.gmane.org>
Message-ID: <200807011700.m61H0x5S002454@mxt.1bigthink.com>

At 11:54 AM 7/1/2008, you wrote:
>on 6-27-2008 12:38 PM Hugo van der Kooij spake the following:
>>Scott Silva wrote:
>>| I think that Hugo V. was experimenting with setting up a repo for
>>| mailscanner with a dummy package that had all the requires, but I
>>| haven't heard any more about it.
>>| It worked pretty well until rpmforge released an incompatible perl module.
>>The surname is definitely not V. Alphabetically my surname starts with a K.
>>Once this whole moving business is done and everything is more or less
>>in place again I will see if I can setup a more up-to-date repo. Perhaps
>>even manage to keep it up-to-date.
>>Hugo van der Kooij.
>Sorry Hugo! Got in a hurry, and fat fingered it. No excuse...
>
>Apologies..

I was listening in and didn't know that any how.. being the Ugly 
American that I am.. but I like learning <|;>). 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jcputter at centerweb.co.za  Tue Jul  1 19:39:37 2008
From: jcputter at centerweb.co.za (JC Putter)
Date: Tue Jul  1 19:40:54 2008
Subject: New to  mailscanner
References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>
	<7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk>
Message-ID: <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>

Hi Again 
 
Thank for the quick answer, i have a another question:
 
if you compare mailscanner to amavis-new which is better catching spam? both uses DCC,Razor,Pyzor and Spamassassin? 
 
i am busy building a mailgateway with ubuntu, mailscanner and postfix...for the first time
 
Thanks
 
 
 

________________________________

From: mailscanner-bounces@lists.mailscanner.info on behalf of Randal, Phil
Sent: Tue 2008/07/01 05:35 PM
To: MailScanner discussion
Subject: RE: New to mailscanner


It can do, but there are a few good reasons why it shouldn't.
 
First off, there's not much point in replacing incoming spam emails by emails from MailScanner.  You might as well just deliver it all and let the user decide.
 
Secondly, a lot of the subject lines in spam are deeply offensive to various people, so even telling end users the email subject lines could be troublesome.
 
MailWatch can be configured to send users summary reports of what's been blocked, but see above.
 
Cheers,
 
Phil
-- 
Phil Randal 
Networks Engineer 
Herefordshire Council 
Hereford, UK 
 

________________________________

From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of JC Putter
Sent: 01 July 2008 15:47
To: mailscanner@lists.mailscanner.info
Subject: New to mailscanner



Hi 

 

Does mailscanner send out an email to users says they have email in they're quarantine ?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 6284 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080701/111144fa/attachment.bin
From ecasarero at gmail.com  Tue Jul  1 19:53:23 2008
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Tue Jul  1 19:53:32 2008
Subject: OT: Run MScanner in a virtualized environment.
Message-ID: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>

Hi guys, i know that it's not recomendable to run MS on virtualized HW
because of it's high cpu/io load. However, i'm doing some research
because my boss required it.

What products do you think that will work best? VMware? Xen? The
objective is that it has to be simple and quick to deploy. Also will
be useful in case the HW dies, so you quickly can have the emails
flowing (may be with delay, but working), until HW gets repaired.

We all know that installing MS servers takes a while, so having a
pre-installed image will reduce times.

Any thoughts?

Everything will be appreciated.

Eduardo.
From drew.marshall at technologytiger.net  Tue Jul  1 20:38:21 2008
From: drew.marshall at technologytiger.net (Drew Marshall)
Date: Tue Jul  1 20:38:47 2008
Subject: New to  mailscanner
In-Reply-To: <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>
References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>
	<7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk>
	<7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>
Message-ID: <3684A5C8-7F40-47DE-A577-475F067125E9@technologytiger.net>

On 1 Jul 2008, at 19:39, JC Putter wrote:

> Hi Again
>
> Thank for the quick answer, i have a another question:
>
> if you compare mailscanner to amavis-new which is better catching  
> spam? both uses DCC,Razor,Pyzor and Spamassassin?
>
> i am busy building a mailgateway with ubuntu, mailscanner and  
> postfix...for the first time

The answer to that question is neither. Both actually use SpamAssassin  
to catch the spam and what ever you can do with SA you can do with  
both. What you actually want to be comparing is extra features that  
each of the 'glue' (Glue because MS & Amavis both glue other  
applications together) processes offer e.g watermarking and look at  
the pros and cons to the different mail handling techniques i.e. batch  
over stream.

Drew

--
In line with our policy, this message has been scanned for viruses and dangerous 
content by Technology Tiger's Mail Launder system <www.mail-launder.com>
Our email policy can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ


From J.Ede at birchenallhowden.co.uk  Tue Jul  1 20:50:02 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue Jul  1 20:50:27 2008
Subject: Run MScanner in a virtualized environment.
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C6566BD5ECF@server02.bhl.local>

We had a small scale virtual running mailscaner that happily did for a business of 30ish people and ran for about 3 years and was only retired last week so it is possible but the virtual did struggle and mail was sometimes slow going through it but that didn't really matter in that case.

In that case it was a microsoft virtual environment and I think the virtual had just over 500MB to play with.

jason

-----Original Message-----
From: Eduardo Casarero <ecasarero@gmail.com>
Sent: 01 July 2008 20:26
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: OT: Run MScanner in a virtualized environment.


Hi guys, i know that it's not recomendable to run MS on virtualized HW
because of it's high cpu/io load. However, i'm doing some research
because my boss required it.

What products do you think that will work best? VMware? Xen? The
objective is that it has to be simple and quick to deploy. Also will
be useful in case the HW dies, so you quickly can have the emails
flowing (may be with delay, but working), until HW gets repaired.

We all know that installing MS servers takes a while, so having a
pre-installed image will reduce times.

Any thoughts?

Everything will be appreciated.

Eduardo.
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From alex at rtpty.com  Tue Jul  1 21:08:49 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  1 21:09:11 2008
Subject: New to  mailscanner
In-Reply-To: <7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>
References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>
	<7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk>
	<7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>
Message-ID: <68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com>

Amavis iirc is serial in nature, ms scales better, and is more  
flexible/configurable. Plus the creator is a swell guy, too!

On the downside if you use postfix it can cause swapping. ;-)

Sent from my iPhone

On Jul 1, 2008, at 1:39 PM, "JC Putter" <jcputter@centerweb.co.za>  
wrote:

> Hi Again
>
> Thank for the quick answer, i have a another question:
>
> if you compare mailscanner to amavis-new which is better catching  
> spam? both uses DCC,Razor,Pyzor and Spamassassin?
>
> i am busy building a mailgateway with ubuntu, mailscanner and  
> postfix...for the first time
>
> Thanks
>
>
>
>
> ________________________________
>
> From: mailscanner-bounces@lists.mailscanner.info on behalf of  
> Randal, Phil
> Sent: Tue 2008/07/01 05:35 PM
> To: MailScanner discussion
> Subject: RE: New to mailscanner
>
>
> It can do, but there are a few good reasons why it shouldn't.
>
> First off, there's not much point in replacing incoming spam emails  
> by emails from MailScanner.  You might as well just deliver it all  
> and let the user decide.
>
> Secondly, a lot of the subject lines in spam are deeply offensive to  
> various people, so even telling end users the email subject lines  
> could be troublesome.
>
> MailWatch can be configured to send users summary reports of what's  
> been blocked, but see above.
>
> Cheers,
>
> Phil
> -- 
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
>
>
> ________________________________
>
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info 
> ] On Behalf Of JC Putter
> Sent: 01 July 2008 15:47
> To: mailscanner@lists.mailscanner.info
> Subject: New to mailscanner
>
>
>
> Hi
>
>
>
> Does mailscanner send out an email to users says they have email in  
> they're quarantine ?
>
> <winmail.dat>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From ajcartmell at fonant.com  Tue Jul  1 21:56:23 2008
From: ajcartmell at fonant.com (Anthony Cartmell)
Date: Tue Jul  1 21:56:44 2008
Subject: OT: Run MScanner in a virtualized environment.
In-Reply-To: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>
References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>
Message-ID: <op.udmsf9df53oa6f@ajc5.lan>

> Hi guys, i know that it's not recomendable to run MS on virtualized HW
> because of it's high cpu/io load. However, i'm doing some research
> because my boss required it.

I have it running on a high-powered Xen VPS (with 2G RAM available and  
eight processor cores shared between the VPS instances) and it works fine.  
Only processing ~800 messages per day so probably not a very useful test  
though. I'll be moving more mail through it soon, so might get to see how  
well it works then. My other server, non VPS but with the same memory but  
only twin processors, manages 10,000 messages per day without much problem.

HTH,

Anthony
-- 
www.fonant.com - Quality web sites
From hvdkooij at vanderkooij.org  Tue Jul  1 22:07:38 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue Jul  1 22:07:53 2008
Subject: New to  mailscanner
In-Reply-To: <68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com>
References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>	<7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk>	<7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>
	<68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com>
Message-ID: <486A9C9A.3060103@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Neuman wrote:
| Amavis iirc is serial in nature, ms scales better, and is more
| flexible/configurable. Plus the creator is a swell guy, too!
|
| On the downside if you use postfix it can cause swapping. ;-)

MS is an equal opportunity program. It eats as much memory with any
other MTA.

Darn Iphone user ;-)

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIapyZBvzDRVjxmYERArkRAJ9Bz8mSBSmIAcwuHd7ifpp4P/ze0ACfZYkw
jlY3km64bsrsTuEFS9Sfp1c=
=VKbQ
-----END PGP SIGNATURE-----
From glenn.steen at gmail.com  Tue Jul  1 22:20:50 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue Jul  1 22:21:01 2008
Subject: Health update
In-Reply-To: <g4djs9$13k$1@ger.gmane.org>
References: <4852BC3D.3050802@ecs.soton.ac.uk>
	<200806132114.m5DLE4gQ018541@mxt.1bigthink.com>
	<223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com>
	<48625894.9020703@utwente.nl>
	<EMEW-k5ONb2f634cc8bd9c422165306591095f40d15-g3uh37$u4m$1@ger.gmane.org>
	<48661B72.3030207@ecs.soton.ac.uk> <g4djs9$13k$1@ger.gmane.org>
Message-ID: <223f97700807011420o6147f905idd4d1859df0c05cb@mail.gmail.com>

2008/7/1 Scott Silva <ssilva@sgvwater.com>:
> on 6-28-2008 4:07 AM Julian Field spake the following:
>>
>>
>> Scott Silva wrote:
>>>
>>> on 6-25-2008 7:39 AM Peter Peters spake the following:
>>>>
>>>> Glenn Steen wrote on 13-6-2008 23:20:
>>>>
>>>>> Same here... Well. Haven't donated any organs (yet), and some of them
>>>>> are really shoddy... But I do carry my donor card with me at all
>>>>> times... Who knows when time is up?!
>>>>
>>>> My girlfriend does not feel to good about the idea of them cutting into
>>>> me after I am dead. I am still trying to convince her.
>>>
>>> What is she going to do? Have you freeze-dried and prop you up in the
>>> corner?
>>>
>>> Tell her that it is a way for a part of you to live on after your gone.
>>>
>>>>
>>>> At the meantime I donate blood every 3 to 4 months and will start
>>>> donating blood plasm in a short while.
>>>
>>> I had to stop for a while as my blood pressure is too high for their
>>> liking, but not high enough for the doctor to put me on meds. But here is my
>>> donor card, and since I will most likely be cremated, my wife doesn't have a
>>> problem with it.
>>
>> I don't know if anyone here understands blood pressure figures, but here's
>> a couple to make you laugh. I normally have very low blood pressure, and
>> have to live on beta-blockers as well, which lower it further.
>>
>> Up and walking around the house, some paramedics once measured me (and
>> checked it as they didn't believe it) at 64/45. The last time I had an
>> endoscopy, it dropped to 65/39. That had them a little worried, to put it
>> mildly, but I had warned them in advance that this does tend to happen. I've
>> now had 31 endoscopies, and I know exactly how my body reacts to them, i.e.
>> not kindly :-)
>
> Who reacts to them well? Not the most fun way to spend an afternoon! And
> they have the gall to tell you to relax!
>
Through the mouth is pure horror,I agree. The other end.... Is simpler
to live with. One can actually tell 'em to hold it when it hurts too
much... not an option with a hose down your gullet:-).

Can't say I react good to them either... then again, as you say
Scott.... Who does?

Jules, what can one say....? It's a miracle enough oxygene permeates
your body! How  your brain can function as spectaularly as it does....
is beyond that!!!

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From alex at rtpty.com  Tue Jul  1 23:02:57 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  1 23:03:18 2008
Subject: New to  mailscanner
In-Reply-To: <486A9C9A.3060103@vanderkooij.org>
References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>
	<7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk>
	<7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>
	<68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com>
	<486A9C9A.3060103@vanderkooij.org>
Message-ID: <FD3F1631-1AE0-4B97-A304-B13C753D7712@rtpty.com>

Yes, but you know how concerned mr. VietseV enema is about those issues!

Sent from my iPhone

On Jul 1, 2008, at 4:07 PM, Hugo van der Kooij  
<hvdkooij@vanderkooij.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Alex Neuman wrote:
> | Amavis iirc is serial in nature, ms scales better, and is more
> | flexible/configurable. Plus the creator is a swell guy, too!
> |
> | On the downside if you use postfix it can cause swapping. ;-)
>
> MS is an equal opportunity program. It eats as much memory with any
> other MTA.
>
> Darn Iphone user ;-)
>
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>    A: Yes.
>    >Q: Are you sure?
>    >>A: Because it reverses the logical flow of conversation.
>    >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIapyZBvzDRVjxmYERArkRAJ9Bz8mSBSmIAcwuHd7ifpp4P/ze0ACfZYkw
> jlY3km64bsrsTuEFS9Sfp1c=
> =VKbQ
> -----END PGP SIGNATURE-----
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From sodapopplus at hotmail.com  Wed Jul  2 04:53:19 2008
From: sodapopplus at hotmail.com (Matthew B)
Date: Wed Jul  2 04:53:30 2008
Subject: Digitally Signed Emails
Message-ID: <BAY108-W374D927993C8A93BC49619A3990@phx.gbl>

Hello Everyone,
          I am { Running onLinux sv1mail03.mydomain.com.au 2.6.18-53.1.19.el5 #1 SMP Wed May 7 08:22:53 EDT 2008 x86_64 x86_64 x86_64 GNU/LinuxThis is CentOS release 5 (Final)This is Perl version 5.008008 (5.8.8)
This is MailScanner version 4.69.9 } MailScanner and I am scanning all ingress and egress mail (Egress mail passed from an Exchange Server 2007) prior to scanning and delivery. The issue that I have is where some clients are Signing an email with a Digital Certificate (SMIME/SHA1/AES Certificate). When the email is passed through MailScanner it modifies the header and indeed the footer of the email, thus rendering the certificate invalid and throwing an error in the recipients email client. 
 
My question is: Is there an easy and simple way of ensuring that MailScanner does not manipulate signed emails? There is with AlterMIME, which is what we were originally using, however MailScanner seemed far more efficient and robust, with this one exception. 
 
If you would like any further detail, please let me know.. 
 
Cheers,
Matt.
 
_________________________________________________________________
Be part of history. Take part in Australia's first e-mail archive with Email Australia.
http://emailaustralia.ninemsn.com.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/8f07b235/attachment-0001.html
From hvdkooij at vanderkooij.org  Wed Jul  2 08:20:27 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed Jul  2 08:20:36 2008
Subject: New to  mailscanner
In-Reply-To: <FD3F1631-1AE0-4B97-A304-B13C753D7712@rtpty.com>
References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>	<7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk>	<7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>	<68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com>	<486A9C9A.3060103@vanderkooij.org>
	<FD3F1631-1AE0-4B97-A304-B13C753D7712@rtpty.com>
Message-ID: <486B2C3B.3020803@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Neuman wrote:
| Yes, but you know how concerned mr. VietseV enema is about those issues!

Wietse may be as Dutch as I am but. But that does not make him right all
the time. ;-)

Do you recall the debate between Linus and Tannenbaum? Being too
principal can get you nowhere.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIayw4BvzDRVjxmYERAiOrAKCJ0y5ELLUYg+CgLGZ/vAEDzk28HwCfWyzy
+wS8VNVG9qw4xM2xq6xxsJE=
=V/kT
-----END PGP SIGNATURE-----
From arjan at anymore.nl  Wed Jul  2 08:31:55 2008
From: arjan at anymore.nl (Arjan Schrijver)
Date: Wed Jul  2 08:32:05 2008
Subject: OT: Run MScanner in a virtualized environment.
In-Reply-To: <op.udmsf9df53oa6f@ajc5.lan>
References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>
	<op.udmsf9df53oa6f@ajc5.lan>
Message-ID: <486B2EEB.8020502@anymore.nl>

Anthony Cartmell wrote:
>> Hi guys, i know that it's not recomendable to run MS on virtualized HW
>> because of it's high cpu/io load. However, i'm doing some research
>> because my boss required it.
>
> I have it running on a high-powered Xen VPS (with 2G RAM available and 
> eight processor cores shared between the VPS instances) and it works 
> fine. Only processing ~800 messages per day so probably not a very 
> useful test though. I'll be moving more mail through it soon, so might 
> get to see how well it works then. My other server, non VPS but with 
> the same memory but only twin processors, manages 10,000 messages per 
> day without much problem.
>
Running OpenVZ here (no performance impact), on 4 virtual MailScanner 
servers. They each process about 40.000 messages a day, through both 
SpamAssassin and ClamAV. The hardware consists of four servers with 
4x2GHz cores and 2GB RAM. Each server runs one container. The 
performance is exactly the same as when the same servers were running 
MailScanner natively (not virtualized).
But this is of course only possible with OpenVZ or Virtuozzo, because it 
doesn't virtualize the complete hardware but only the kernel.

Kind regards,
Arjan
From henker at evendi.de  Wed Jul  2 09:16:43 2008
From: henker at evendi.de (Steffan Henke)
Date: Wed Jul  2 09:16:56 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <486A3A58.5030500@ecs.soton.ac.uk>
References: <c2558da714eac944b0d6536fb8ad44d5@solidstatelogic.com>
	<alpine.WNT.1.10.0806271107290.2952@henker.shcom.us>
	<g43ji2$4g8$1@ger.gmane.org>
	<alpine.LFD.1.10.0806272300540.22025@henker>
	<EMEW-k60C032a18d816a11fce00776219b1acceb0f1-alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>
	<486A13EC.2090108@ecs.soton.ac.uk>
	<EMEW-k60E8ve4bbea84249670f4dca9bf2883d74308-alpine.WNT.1.10.0807011437090.2900@henker.shcom.us>
	<486A3A58.5030500@ecs.soton.ac.uk>
Message-ID: <alpine.WNT.1.10.0807021010120.3236@henker.shcom.us>

On Tue, 1 Jul 2008, Julian Field wrote:


> Check that whatever user you are running MailScanner as, can actually read 
> all the SpamAssasssin rules. Dodgy permissions somewhere near the top of the 
> /var/lib/spamasssassin(?) tree would break it fairly well.

Jules,

thank you for your suggestions - however, MS runs as root. Since *some* 
rules (atm KAM.cf and Botnet.cf) are triggered, I assume, everything is 
accessible from MailScanner.
When the textcat plugin is enabled, I see a couple of errors in the logs:

textcat: languages filename not defined
Use of uninitialized value in hash element at 
/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/TextCat.pm line 
413

- but I don't think this is actually related to my problems. Disabling 
textcat made no real difference so far.

Regards,

Steffan
From vpdose at kirchenweg.de  Wed Jul  2 09:17:03 2008
From: vpdose at kirchenweg.de (Volker Dose)
Date: Wed Jul  2 09:17:32 2008
Subject: Somtimes Spam-Mail are not recognized 
Message-ID: <g4fdhv$uhq$1@ger.gmane.org>

Hello,

I run a linux mail-relay with Mailscanner 4.46.2-2 and use mailwatch-1.0.4
as Gui for maintenance. The server is al linux sles9 with postfix and I
habe installed spamassassin 3.1.0

The systems runs very well and most of the spam mail is tagged.

But today I realized, that somtime spammails get through. When I have a look
in mailwatch, I see, that the mail is not tagged and in the section "Spam
Report" the "Score" is "rebuilding".

In the mail-log I can see, that MailScanner tagged the mail because of one
RBL-check, but Spamassassion seems to sleep or?



YOu can check your system,if you open the mailwatch-gui, check in "Reports"
for "Spam Report contains 'rebuilding'". On my system, there are several
mails every day, and it happens always at about 14:00. Yesterday from 14:15
until 14.16, the day before from 14:08 until 14:09 and so on.

Has anybody any idea, why SA does not work?
With kind regards,

Volker Dose

From list-mailscanner at linguaphone.com  Wed Jul  2 09:36:37 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Wed Jul  2 10:01:08 2008
Subject: Somtimes Spam-Mail are not recognized
In-Reply-To: <g4fdhv$uhq$1@ger.gmane.org>
References: <g4fdhv$uhq$1@ger.gmane.org>
Message-ID: <1214987797.12469.1.camel@gblades-suse.linguaphone-intranet.co.uk>

Go through your mailscanner configuration and configure it to perform
the bayes rebuild (rather than spamassassin). Then enable the option to
wait while the rebuild is in progress.

On Wed, 2008-07-02 at 09:17, Volker Dose wrote:
> Hello,
> 
> I run a linux mail-relay with Mailscanner 4.46.2-2 and use mailwatch-1.0.4
> as Gui for maintenance. The server is al linux sles9 with postfix and I
> habe installed spamassassin 3.1.0
> 
> The systems runs very well and most of the spam mail is tagged.
> 
> But today I realized, that somtime spammails get through. When I have a look
> in mailwatch, I see, that the mail is not tagged and in the section "Spam
> Report" the "Score" is "rebuilding".
> 
> In the mail-log I can see, that MailScanner tagged the mail because of one
> RBL-check, but Spamassassion seems to sleep or?
> 
> 
> 
> YOu can check your system,if you open the mailwatch-gui, check in "Reports"
> for "Spam Report contains 'rebuilding'". On my system, there are several
> mails every day, and it happens always at about 14:00. Yesterday from 14:15
> until 14.16, the day before from 14:08 until 14:09 and so on.
> 
> Has anybody any idea, why SA does not work?
> With kind regards,
> 
> Volker Dose

From telecaadmin at gmail.com  Wed Jul  2 10:25:44 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Wed Jul  2 10:28:15 2008
Subject: Somtimes Spam-Mail are not recognized
In-Reply-To: <1214987797.12469.1.camel@gblades-suse.linguaphone-intranet.co.uk>
References: <g4fdhv$uhq$1@ger.gmane.org>
	<1214987797.12469.1.camel@gblades-suse.linguaphone-intranet.co.uk>
Message-ID: <486B4998.4040906@gmail.com>

> Go through your mailscanner configuration and configure it to perform
> the bayes rebuild (rather than spamassassin). Then enable the option to
> wait while the rebuild is in progress.

A quick paste of the config keys for Volker:

MailScanner.cf:
Wait During Bayes Rebuild = yes

spam.assassin.prefs.conf:
#bayes_auto_expire 0


Question - I do have the following set. And I get the feeling those 
defaults are just wrong:


MailScanner.cf:
Rebuild Bayes Every = 0

spam.assassin.prefs.conf:
# FSL Note: we run Bayes expire from a cron job
#bayes_auto_expire 0


MUST / SHOULD I set the Rebuild in MS (because there somehow is no 
cronjob fiddeling around with the bayes autoexpire)?
I somehow did not find any conclusive information on that topic.


Cheers,
Ronny
From henker at evendi.de  Wed Jul  2 10:51:42 2008
From: henker at evendi.de (Steffan Henke)
Date: Wed Jul  2 10:51:51 2008
Subject: SpamAssassin 3.2.5 woes 
In-Reply-To: <alpine.WNT.1.10.0807021010120.3236@henker.shcom.us>
References: <c2558da714eac944b0d6536fb8ad44d5@solidstatelogic.com>
	<alpine.WNT.1.10.0806271107290.2952@henker.shcom.us>
	<g43ji2$4g8$1@ger.gmane.org>
	<alpine.LFD.1.10.0806272300540.22025@henker>
	<EMEW-k60C032a18d816a11fce00776219b1acceb0f1-alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>
	<486A13EC.2090108@ecs.soton.ac.uk>
	<EMEW-k60E8ve4bbea84249670f4dca9bf2883d74308-alpine.WNT.1.10.0807011437090.2900@henker.shcom.us>
	<486A3A58.5030500@ecs.soton.ac.uk>
	<alpine.WNT.1.10.0807021010120.3236@henker.shcom.us>
Message-ID: <alpine.WNT.1.10.0807021111160.3236@henker.shcom.us>


Looks like my system is working again as it was with SA 3.2.5...
In the end, there was still an old process that never died.
Upon killing the process 
Jun26   0:00 sendmail: sm-scanner
and restarting MS, everything is OK again...

Have a great day everybody and thank you for your suggestions !

/me updating MailScanner now :)

Steffan




From vpdose at kirchenweg.de  Wed Jul  2 11:17:07 2008
From: vpdose at kirchenweg.de (Volker Dose)
Date: Wed Jul  2 11:17:25 2008
Subject: Somtimes Spam-Mail are not recognized
References: <g4fdhv$uhq$1@ger.gmane.org>
	<1214987797.12469.1.camel@gblades-suse.linguaphone-intranet.co.uk>
	<486B4998.4040906@gmail.com>
Message-ID: <g4fkj3$pa8$1@ger.gmane.org>

Thank you very much - that sound very reasonable.


I have changed the setting an wait, if it works now better.

With kind regards,

Volker Dose


Ronny T. Lampert wrote:

>> Go through your mailscanner configuration and configure it to perform
>> the bayes rebuild (rather than spamassassin). Then enable the option to
>> wait while the rebuild is in progress.
> 
> A quick paste of the config keys for Volker:
> 
> MailScanner.cf:
> Wait During Bayes Rebuild = yes
> 
> spam.assassin.prefs.conf:
> #bayes_auto_expire 0
> 
> 
> Question - I do have the following set. And I get the feeling those
> defaults are just wrong:
> 
> 
> MailScanner.cf:
> Rebuild Bayes Every = 0
> 
> spam.assassin.prefs.conf:
> # FSL Note: we run Bayes expire from a cron job
> #bayes_auto_expire 0
> 
> 
> MUST / SHOULD I set the Rebuild in MS (because there somehow is no
> cronjob fiddeling around with the bayes autoexpire)?
> I somehow did not find any conclusive information on that topic.
> 
> 
> Cheers,
> Ronny


From kte at nexis.be  Wed Jul  2 11:24:27 2008
From: kte at nexis.be (kte@nexis.be)
Date: Wed Jul  2 11:24:38 2008
Subject: Milter-ahead configuration problem I still have the same problem
Message-ID: <OF5430E66A.BBAB5E98-ONC125747A.0038F92B-C125747A.00392C04@nexis.be>

Hallo 

How do I configure the milter-ahead on sendmail, because I always go looks 
like a local recipient, skipping 

Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: 
version mi
smatch application: 4 != milter: 2 
Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead: smfi_register: 
version mi
smatch application: 3 != milter: 2 
Jun 10 12:40:30 mail milter-ahead[1970]: process ruid=501 rgid=501 
euid=501 egid
=501 
Jun 10 12:40:30 mail milter-ahead[1970]: milter-ahead/1.0.97 Copyright 
2004, 200
5 by Anthony Howe. All rights reserved.
Jun 10 12:40:30 mail milter-ahead[1970]: LibSnert/1.56.769 Copyright 1996, 
2005 
by Anthony Howe. All rights reserved. 
Jun 10 12:40:30 mail milter-ahead[1970]: libmilter version 2 (4) 
Jun 10 12:40:30 mail milter-ahead[1970]: Sleepycat Software: Berkeley DB 
4.2.52:
 (January  7, 2007) 
Jun 10 14:22:53 mail milter-ahead[1957]: 00001 m5ACMYYw002181: looks like 
a local recipient, skipping 


[root@mail ~]# more /etc/mail/mailertable 
nexis.be        esmtp:[mailserver.nexis.be] 

[root@mail ~]# more /etc/mail/access 
# Check the /usr/share/doc/sendmail/README.cf file for a description 
# of the format of this file. (search for access_db in that file) 
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc 
# package. 
# 
# by default we allow relaying from localhost... 
Connect:localhost.localdomain           RELAY 
Connect:localhost                       RELAY 
Connect:127.0.0.1                       RELAY 
nexis.be                                RELAY 


mx record refers to our real mailserver 

where can I disable that he says it looks like a local recipient?? 


sendmail.mc
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`greet_pause',6500)dnl
sinclude(`/etc/mail/dnsbl.mc')dnl
sinclude(`/etc/mail/milter-ahead.mc')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock'
)dnl
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')dnl
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')dnl
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')dnl
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')dnl

milter-ahead.cf
-m -c 86400 -f /etc/mail/sendmail.cf 
unix:/var/run/milter/milter-ahead.socket

Koen 


 


Koen Teugels | Information & Communication Technology Engineer 
E-mail: kte@nexis.be | Phone: +32 (0)10 81.81.81 | Fax: +32 (0)10 81.81.80 

ICT Support: ict-support@nexis.be

NEXIS | Mission Statement | E-mail Disclaimer | General Sales Conditions 
Chauss?e de Namur, 79 | B-1300 Wavre | E-mail: info@nexis.be 
Bisdom, 8 | B-3090 Overijse | http://www.nexis.be 

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/ffecfc93/attachment.html
From alex at rtpty.com  Wed Jul  2 13:03:05 2008
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jul  2 13:03:21 2008
Subject: Digitally Signed Emails
In-Reply-To: <BAY108-W374D927993C8A93BC49619A3990@phx.gbl>
References: <BAY108-W374D927993C8A93BC49619A3990@phx.gbl>
Message-ID: <B66CA54A-07FF-47C5-BF0D-3426633408DB@rtpty.com>

Find a characteristic which only exists on signed e-mails. Create a  
custom function that returns "no" for signed e-mails, then use

Scan Messages = &MyCustomFunctionThatScansForSignedEmails

... or whatever you called it.

I'm just "talking out of my rear" on this one, since I've never done  
this myself, but if I follow the logic so far, this is what would need  
to be done, right?

On Jul 1, 2008, at 10:53 PM, Matthew B wrote:

> My question is: Is there an easy and simple way of ensuring that  
> MailScanner does not manipulate signed emails?

From alex at rtpty.com  Wed Jul  2 13:10:35 2008
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jul  2 13:10:47 2008
Subject: New to  mailscanner
In-Reply-To: <486B2C3B.3020803@vanderkooij.org>
References: <7E7DC3FD4BF9984F967B800E53D9D64006729C@dc1.centerweb.internal>	<7EF0EE5CB3B263488C8C18823239BEBA0419AF1B@HC-MBX02.herefordshire.gov.uk>	<7E7DC3FD4BF9984F967B800E53D9D64018A8@dc1.centerweb.internal>	<68648E57-61C2-42A5-9D3E-94F0F39C7C84@rtpty.com>	<486A9C9A.3060103@vanderkooij.org>
	<FD3F1631-1AE0-4B97-A304-B13C753D7712@rtpty.com>
	<486B2C3B.3020803@vanderkooij.org>
Message-ID: <48A8D6C5-E08A-4135-934C-5C35E1DF7501@rtpty.com>

He's the exception. We are the rule.

Regards,

Alex Neuman *van der Hans* ... ;-)

On Jul 2, 2008, at 2:20 AM, Hugo van der Kooij wrote:

> Wietse may be as Dutch as I am but. But that does not make him right  
> all
> the time. ;-)

From jra at baylink.com  Wed Jul  2 13:58:05 2008
From: jra at baylink.com (Jay R. Ashworth)
Date: Wed Jul  2 13:58:24 2008
Subject: use_bayes not working
In-Reply-To: <42821.208.40.237.128.1214423847.squirrel@webmail.marcsnet.com>
References: <00dd01c8d4e7$37c09140$a741b3c0$@com>
	<loom.20080623T190916-321@post.gmane.org>
	<4860DFDF.8070701@marcsnet.com>
	<loom.20080624T185221-164@post.gmane.org>
	<4862097D.1000605@marcsnet.com> <48621083.2090705@vanderkooij.org>
	<48622231.70704@marcsnet.com>
	<loom.20080625T182851-798@post.gmane.org>
	<42821.208.40.237.128.1214423847.squirrel@webmail.marcsnet.com>
Message-ID: <20080702125805.GB26290@cgi.jachomes.com>

On Thu, Jun 26, 2008 at 05:57:27AM +1000, Marc Lucke wrote:
>    First thing I tried when spamassassin broke.
>    > Marc Lucke <marc <at> marcsnet.com> writes:
>    >
>    >>
>    >> spamassassin broke completely. sa-learn didn't work. Perhaps there's a
>    >> Perl version / rpm version conflict?
>    >>
>    >
>    > Perhaps you can try installing MS and SA again? Then perhaps run a debug
>    > session to see what outputs at that point?
>    >
>    >
>    > --
>    > MailScanner mailing list
>    > mailscanner@lists.mailscanner.info
>    > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>    >
>    > Before posting, read http://wiki.mailscanner.info/posting
>    >
>    > Support MailScanner development - buy the book off the website!
>    >


That's exactly what your posting looked like when it got to me, Marc.

If you could, to make reader's lives a bit easier, could you 

1) Find the HTML mail knob on your mailer, and turn it off
(expita.com/nomime.html)
2) Not top post
3) Trim your quotes to exclude the list trailer and such?

It makes your postings much easier to follow, and will probably
increase your chances of getting your problem solved.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)
From jonas at vrt.dk  Wed Jul  2 14:51:45 2008
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Wed Jul  2 14:52:02 2008
Subject: Question about white and blacklisting in Mailscanner
In-Reply-To: <4869E662.4000806@ecs.soton.ac.uk>
References: <EMEW-k5YDnGf2bb22838b98cbd179aef22030b41475-000e01c8daaf$1337b8d0$39a72a70$@dk>
	<4869E662.4000806@ecs.soton.ac.uk>
Message-ID: <00bc01c8dc4a$c44bc610$4ce35230$@dk>

>> Now what has always wondered me is why both white and blacklisted mail 
>> are STILL processed through spamassin regardless of their status.
>>
>That should only happen if you have asked to always get a SpamAssassin 
>report.

If you mean the spamassassin report that's inserted into mail headers so you
can see which checks was run and what score was given, then I do indeed
always get that.

Do you mean that if I change Always Include SpamAssassin Report = yes
to no, then a hit on the whitelist/blacklist will mean MS skips the SA
check?



From jra at baylink.com  Wed Jul  2 14:56:28 2008
From: jra at baylink.com (Jay R. Ashworth)
Date: Wed Jul  2 14:56:38 2008
Subject: filename.rules.conf - .bmp
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC8C7D53D@city-exch-w3e.cbj.local>
References: <20080627183953.GK22330@cgi.jachomes.com>
	<D1587DCF6294524BAFA2C9944312FCC8C7D53D@city-exch-w3e.cbj.local>
Message-ID: <20080702135628.GC26290@cgi.jachomes.com>

On Fri, Jun 27, 2008 at 12:27:34PM -0800, Kevin Miller wrote:
> Jay R. Ashworth wrote:
> > My boss has just nattered at me because he tried to send along to a
> > third party a .bmp file sent to *him* by his attorney.
> > 
> > Brushing aside for the moment all the obvious questions like "why
> > would 
> > an attorney be sending out a .bmp file?", we're left with "if
> > MailScanner is intercepting this filetype on the way *out* of our
> > mail system, why isn't it intercepting it on the way *in*, too?"
> > 
> > Is that really direction sensitive?
> 
> I don't think it normally cares, but you can configure direction
> specific rule sets.  Maybe your predecessor got it backwards or
> whitelisted it for inbound?

Possibly, I guess.  I'm going to look around a little further... once I
get done blowing in 600 feet of fiber to replace the 300 feet of -5e
that's running across the neighbor's roof to our other building...

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)
From jra at baylink.com  Wed Jul  2 15:29:08 2008
From: jra at baylink.com (Jay R. Ashworth)
Date: Wed Jul  2 15:29:18 2008
Subject: Centos 4.6 post Yum update / perl-IO - Watch it!!!!
In-Reply-To: <48688627.3080900@alexb.ch>
References: <48688627.3080900@alexb.ch>
Message-ID: <20080702142908.GD26290@cgi.jachomes.com>

On Mon, Jun 30, 2008 at 09:07:19AM +0200, Alex Broens wrote:
> On a running MailScanner 4.69.8 / Centos 4.6 box, after "latest yum 
> upgrade" MailScanner refused to start due to
> 
> **** ERROR: You must upgrade your perl IO module to at least
> **** ERROR: version 1.2301 or MailScanner will not work!
> 
> a "cpan upgrade IO" fixed it BUT as others have stated, if we start 
> seeing frequent module version issues, Julian's "easy & safe" package 
> becomes questionable.
> 
> comments?

Ah... dependency hell.

My favorite solution to this problem was the makedeps/testdeps approach
I saw in one of my favorite packages, but I don't remember which one it
was...

While I'm babbling on, though, I'd like to see some more commentary
concerning on-machine upgrades, and specifically, what effort there has
been made to make backing out such updates easier if they fail without
having to have a second machine.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)
From dyioulos at firstbhph.com  Wed Jul  2 16:04:38 2008
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Wed Jul  2 16:05:06 2008
Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN"
Message-ID: <200807021104.40057.dyioulos@firstbhph.com>

Hi all.

I hope it's OK to ask this here of you bright people, as come up with no 
answer despite a mythic search:

I recntly got a smart phone, primarily so that I could manage my network in an 
emergency if away from the office and a computer.  (As an aside, using the 
mobile versions of OpenVPN, VNC, and Putty, among others, I'm able to do so 
quite nicely). As another peice, I'd like to connect to our Sendmail MTA 
(used in conjuction with MailScanner, MailWatch, Spamassassin, clamav, 
Synonym) for emailing purposes. I've tried a few different MUA's, and can 
receive mail, but am unable to send it.  The error at the seerver is:

Jul  2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498: 
81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue MAIL/EXPN/VRFY/ETRN 
during connection to MTA

I feel I should know how to configure my mail system to accept mail from this 
source, but I don't. Any help would be appreciated.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Wed Jul  2 16:20:16 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul  2 16:20:42 2008
Subject: Question about white and blacklisting in Mailscanner
In-Reply-To: <00bc01c8dc4a$c44bc610$4ce35230$@dk>
References: <EMEW-k5YDnGf2bb22838b98cbd179aef22030b41475-000e01c8daaf$1337b8d0$39a72a70$@dk>	<4869E662.4000806@ecs.soton.ac.uk>
	<00bc01c8dc4a$c44bc610$4ce35230$@dk>
Message-ID: <g4g6bf$jn$1@ger.gmane.org>

on 7-2-2008 6:51 AM Jonas Akrouh Larsen spake the following:
>>> Now what has always wondered me is why both white and blacklisted mail 
>>> are STILL processed through spamassin regardless of their status.
>>>
>> That should only happen if you have asked to always get a SpamAssassin 
>> report.
> 
> If you mean the spamassassin report that's inserted into mail headers so you
> can see which checks was run and what score was given, then I do indeed
> always get that.
> 
> Do you mean that if I change Always Include SpamAssassin Report = yes
> to no, then a hit on the whitelist/blacklist will mean MS skips the SA
> check?
> 
> 
> 
Yes that should help. When you have "Always Include SpamAssassin Report = yes" 
then you always have to run a message through spamassassin to get that report.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/026805a5/signature.bin
From alex at rtpty.com  Wed Jul  2 17:05:03 2008
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jul  2 17:05:29 2008
Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN"
In-Reply-To: <200807021104.40057.dyioulos@firstbhph.com>
References: <200807021104.40057.dyioulos@firstbhph.com>
Message-ID: <C813848D-65A4-4605-88E2-095112C704C6@rtpty.com>

Could be several issues. Have you tried setting up a port other than  
25 and enabling authentication?

Sent from my iPhone

On Jul 2, 2008, at 10:04 AM, Dimitri Yioulos <dyioulos@firstbhph.com>  
wrote:

> Hi all.
>
> I hope it's OK to ask this here of you bright people, as come up  
> with no
> answer despite a mythic search:
>
> I recntly got a smart phone, primarily so that I could manage my  
> network in an
> emergency if away from the office and a computer.  (As an aside,  
> using the
> mobile versions of OpenVPN, VNC, and Putty, among others, I'm able  
> to do so
> quite nicely). As another peice, I'd like to connect to our Sendmail  
> MTA
> (used in conjuction with MailScanner, MailWatch, Spamassassin, clamav,
> Synonym) for emailing purposes. I've tried a few different MUA's,  
> and can
> receive mail, but am unable to send it.  The error at the seerver is:
>
> Jul  2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498:
> 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue MAIL/EXPN/ 
> VRFY/ETRN
> during connection to MTA
>
> I feel I should know how to configure my mail system to accept mail  
> from this
> source, but I don't. Any help would be appreciated.
>
> Dimitri
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Wed Jul  2 18:17:30 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jul  2 18:17:52 2008
Subject: New feature -- antiword support
Message-ID: <486BB82A.30306@ecs.soton.ac.uk>

Hi folks!

I felt a bit bored at home this afternoon, supposedly having a day off...

So I added support for the "antiword" program.
Basically what MailScanner can now do is find *.doc files attached to 
your email messages, convert them to plain text (with a bit of 
*highlighting* like that) and add the text as new attachments to the 
messages.
This means that when someone mails you a simple Word doc, you don't have 
to save the attachment, possibly switch OS and computer, and crank up 
Word just to read a few lines of text.

The "ChangeLog" tells you how to use it. Basically install antiword from
http://www.winfield.demon.nl/
(or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
then set "Add Text Of Doc = yes" to your MailScanner.conf (having run 
upgrade_MailScanner_conf of course!).

And you're away.

Have fun,

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Wed Jul  2 18:19:05 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jul  2 18:19:23 2008
Subject: Health update
In-Reply-To: <EMEW-k60NJL96f0184ca0b58e19f3075e07401639e3-223f97700807011420o6147f905idd4d1859df0c05cb@mail.gmail.com>
References: <4852BC3D.3050802@ecs.soton.ac.uk>	<200806132114.m5DLE4gQ018541@mxt.1bigthink.com>	<223f97700806131420j4bb7e2f5w1e4d192101002bde@mail.gmail.com>	<48625894.9020703@utwente.nl>	<EMEW-k5ONb2f634cc8bd9c422165306591095f40d15-g3uh37$u4m$1@ger.gmane.org>	<48661B72.3030207@ecs.soton.ac.uk>
	<g4djs9$13k$1@ger.gmane.org>
	<EMEW-k60NJL96f0184ca0b58e19f3075e07401639e3-223f97700807011420o6147f905idd4d1859df0c05cb@mail.gmail.com>
Message-ID: <486BB889.2030602@ecs.soton.ac.uk>



Glenn Steen wrote:
> 2008/7/1 Scott Silva <ssilva@sgvwater.com>:
>   
>> on 6-28-2008 4:07 AM Julian Field spake the following:
>>     
>>> Scott Silva wrote:
>>>       
>>>> on 6-25-2008 7:39 AM Peter Peters spake the following:
>>>>         
>>>>> Glenn Steen wrote on 13-6-2008 23:20:
>>>>>
>>>>>           
>>>>>> Same here... Well. Haven't donated any organs (yet), and some of them
>>>>>> are really shoddy... But I do carry my donor card with me at all
>>>>>> times... Who knows when time is up?!
>>>>>>             
>>>>> My girlfriend does not feel to good about the idea of them cutting into
>>>>> me after I am dead. I am still trying to convince her.
>>>>>           
>>>> What is she going to do? Have you freeze-dried and prop you up in the
>>>> corner?
>>>>
>>>> Tell her that it is a way for a part of you to live on after your gone.
>>>>
>>>>         
>>>>> At the meantime I donate blood every 3 to 4 months and will start
>>>>> donating blood plasm in a short while.
>>>>>           
>>>> I had to stop for a while as my blood pressure is too high for their
>>>> liking, but not high enough for the doctor to put me on meds. But here is my
>>>> donor card, and since I will most likely be cremated, my wife doesn't have a
>>>> problem with it.
>>>>         
>>> I don't know if anyone here understands blood pressure figures, but here's
>>> a couple to make you laugh. I normally have very low blood pressure, and
>>> have to live on beta-blockers as well, which lower it further.
>>>
>>> Up and walking around the house, some paramedics once measured me (and
>>> checked it as they didn't believe it) at 64/45. The last time I had an
>>> endoscopy, it dropped to 65/39. That had them a little worried, to put it
>>> mildly, but I had warned them in advance that this does tend to happen. I've
>>> now had 31 endoscopies, and I know exactly how my body reacts to them, i.e.
>>> not kindly :-)
>>>       
>> Who reacts to them well? Not the most fun way to spend an afternoon! And
>> they have the gall to tell you to relax!
>>
>>     
> Through the mouth is pure horror,I agree. The other end.... Is simpler
> to live with. One can actually tell 'em to hold it when it hurts too
> much... not an option with a hose down your gullet:-).
>   
I've had the other version done a couple of times, it's not half as bad.
> Can't say I react good to them either... then again, as you say
> Scott.... Who does?
>   
Indeed!
> Jules, what can one say....? It's a miracle enough oxygene permeates
> your body! How  your brain can function as spectaularly as it does....
> is beyond that!!!
>   
Aw shucks... <blush>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From david at gnsa.us  Wed Jul  2 18:23:38 2008
From: david at gnsa.us (David Nalley)
Date: Wed Jul  2 18:23:54 2008
Subject: New feature -- antiword support
In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
Message-ID: <d6e6dfeb0807021023sd9a580atf683e243bd18e6ac@mail.gmail.com>

Busman's Holiday huh?
I have often wondered about finding a way to run MCP against the content in
Word and Excel files, perhaps antiword can be used for such an endeavour.

On Wed, Jul 2, 2008 at 1:17 PM, Julian Field <MailScanner@ecs.soton.ac.uk>
wrote:

> Hi folks!
>
> I felt a bit bored at home this afternoon, supposedly having a day off...
>
> So I added support for the "antiword" program.
> Basically what MailScanner can now do is find *.doc files attached to your
> email messages, convert them to plain text (with a bit of *highlighting*
> like that) and add the text as new attachments to the messages.
> This means that when someone mails you a simple Word doc, you don't have to
> save the attachment, possibly switch OS and computer, and crank up Word just
> to read a few lines of text.
>
> The "ChangeLog" tells you how to use it. Basically install antiword from
> http://www.winfield.demon.nl/
> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
> then set "Add Text Of Doc = yes" to your MailScanner.conf (having run
> upgrade_MailScanner_conf of course!).
>
> And you're away.
>
> Have fun,
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules@Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/32b7a379/attachment.html
From ssilva at sgvwater.com  Wed Jul  2 18:28:38 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul  2 18:28:40 2008
Subject: New feature -- antiword support
In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
Message-ID: <g4gdrl$av$1@ger.gmane.org>

on 7-2-2008 10:17 AM Julian Field spake the following:
> Hi folks!
> 
> I felt a bit bored at home this afternoon, supposedly having a day off...
> 
> So I added support for the "antiword" program.
> Basically what MailScanner can now do is find *.doc files attached to 
> your email messages, convert them to plain text (with a bit of 
> *highlighting* like that) and add the text as new attachments to the 
> messages.
> This means that when someone mails you a simple Word doc, you don't have 
> to save the attachment, possibly switch OS and computer, and crank up 
> Word just to read a few lines of text.
> 
> The "ChangeLog" tells you how to use it. Basically install antiword from
> http://www.winfield.demon.nl/
> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
> then set "Add Text Of Doc = yes" to your MailScanner.conf (having run 
> upgrade_MailScanner_conf of course!).
> 
> And you're away.
> 
> Have fun,
> 
> Jules
> 
I can't imagine what you might add if you had a week off!

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080702/1433535d/signature.bin
From MailScanner at ecs.soton.ac.uk  Wed Jul  2 18:38:15 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed Jul  2 18:38:54 2008
Subject: New feature -- antiword support
In-Reply-To: <EMEW-k61IWd1d687cedae33d543340d99d19c4e6b25-d6e6dfeb0807021023sd9a580atf683e243bd18e6ac@mail.gmail.com>
References: <486BB82A.30306@ecs.soton.ac.uk>
	<EMEW-k61IWd1d687cedae33d543340d99d19c4e6b25-d6e6dfeb0807021023sd9a580atf683e243bd18e6ac@mail.gmail.com>
Message-ID: <486BBD07.4000109@ecs.soton.ac.uk>



David Nalley wrote:
> Busman's Holiday huh?
> I have often wondered about finding a way to run MCP against the 
> content in Word and Excel files, perhaps antiword can be used for such 
> an endeavour.
You already can. Read the end of the "Patches" section at
http://www.mailscanner.info/mcp.html#patches

>
> On Wed, Jul 2, 2008 at 1:17 PM, Julian Field 
> <MailScanner@ecs.soton.ac.uk <mailto:MailScanner@ecs.soton.ac.uk>> wrote:
>
>     Hi folks!
>
>     I felt a bit bored at home this afternoon, supposedly having a day
>     off...
>
>     So I added support for the "antiword" program.
>     Basically what MailScanner can now do is find *.doc files attached
>     to your email messages, convert them to plain text (with a bit of
>     *highlighting* like that) and add the text as new attachments to
>     the messages.
>     This means that when someone mails you a simple Word doc, you
>     don't have to save the attachment, possibly switch OS and
>     computer, and crank up Word just to read a few lines of text.
>
>     The "ChangeLog" tells you how to use it. Basically install
>     antiword from
>     http://www.winfield.demon.nl/
>     (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
>     then set "Add Text Of Doc = yes" to your MailScanner.conf (having
>     run upgrade_MailScanner_conf of course!).
>
>     And you're away.
>
>     Have fun,
>
>     Jules
>
>     -- 
>     Julian Field MEng CITP CEng
>     www.MailScanner.info <http://www.MailScanner.info>
>     Buy the MailScanner book at www.MailScanner.info/store
>     <http://www.MailScanner.info/store>
>
>     MailScanner customisation, or any advanced system administration help?
>     Contact me at Jules@Jules.FM
>
>     PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>     PGP public key: http://www.jules.fm/julesfm.asc
>
>
>     -- 
>     This message has been scanned for viruses and
>     dangerous content by MailScanner, and is
>     believed to be clean.
>
>     -- 
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     <mailto:mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From alex at rtpty.com  Wed Jul  2 18:45:29 2008
From: alex at rtpty.com (Alex Neuman)
Date: Wed Jul  2 18:45:50 2008
Subject: New feature -- antiword support
In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
Message-ID: <10204EF6-22D5-495F-91CC-F089A435A812@rtpty.com>

Cool!

Sent from my iPhone

On Jul 2, 2008, at 12:17 PM, Julian Field  
<MailScanner@ecs.soton.ac.uk> wrote:

> Hi folks!
>
> I felt a bit bored at home this afternoon, supposedly having a day  
> off...
>
> So I added support for the "antiword" program.
> Basically what MailScanner can now do is find *.doc files attached  
> to your email messages, convert them to plain text (with a bit of  
> *highlighting* like that) and add the text as new attachments to the  
> messages.
> This means that when someone mails you a simple Word doc, you don't  
> have to save the attachment, possibly switch OS and computer, and  
> crank up Word just to read a few lines of text.
>
> The "ChangeLog" tells you how to use it. Basically install antiword  
> from
> http://www.winfield.demon.nl/
> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
> then set "Add Text Of Doc = yes" to your MailScanner.conf (having  
> run upgrade_MailScanner_conf of course!).
>
> And you're away.
>
> Have fun,
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules@Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From Kevin_Miller at ci.juneau.ak.us  Wed Jul  2 19:38:33 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed Jul  2 19:38:44 2008
Subject: New feature -- antiword support
In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D551@city-exch-w3e.cbj.local>

Julian Field wrote:
> Hi folks!
> 
> I felt a bit bored at home this afternoon, supposedly having a day
> off... 

An afternoon off & bored?  Don't they have fishing south of Scotland?
;-)


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From ajcartmell at fonant.com  Wed Jul  2 20:10:38 2008
From: ajcartmell at fonant.com (Anthony Cartmell)
Date: Wed Jul  2 20:10:52 2008
Subject: New feature -- antiword support
In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
Message-ID: <op.udoh70ih53oa6f@ajc5.lan>

> I felt a bit bored at home this afternoon, supposedly having a day off...

Have a few more days off on me :)

> So I added support for the "antiword" program.
> Basically what MailScanner can now do is find *.doc files attached to  
> your email messages, convert them to plain text (with a bit of  
> *highlighting* like that) and add the text as new attachments to the  
> messages.

Genius! I've been gnashing my teeth at a problem where some people are  
sending Word documents as e-mail messages that I want to read with a PHP  
script. If I AntiWord them with MailScanner into text/plain, my script  
will find them perfectly :)

Jules, many thanks for a most useful addition to a most useful tool! :)

Cheers!

Anthony
-- 
www.fonant.com - Quality web sites
From ajcartmell at fonant.com  Wed Jul  2 20:12:26 2008
From: ajcartmell at fonant.com (Anthony Cartmell)
Date: Wed Jul  2 20:12:38 2008
Subject: New feature -- antiword support
In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
Message-ID: <op.udoia0w353oa6f@ajc5.lan>

> The "ChangeLog" tells you how to use it. Basically install antiword from
> http://www.winfield.demon.nl/
> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
> then set "Add Text Of Doc = yes" to your MailScanner.conf (having run  
> upgrade_MailScanner_conf of course!).

FWIW "yum install antiword" works on Fedora for me :)

Anthony
-- 
www.fonant.com - Quality web sites
From rob at kettle.org.uk  Wed Jul  2 23:13:59 2008
From: rob at kettle.org.uk (Rob Kettle)
Date: Wed Jul  2 23:14:25 2008
Subject: New feature -- antiword support
In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
Message-ID: <486BFDA7.7020004@kettle.org.uk>

Julian Field wrote:
> Hi folks!
>
> I felt a bit bored at home this afternoon, supposedly having a day off...
>
> So I added support for the "antiword" program.
> Basically what MailScanner can now do is find *.doc files attached to 
> your email messages, convert them to plain text (with a bit of 
> *highlighting* like that) and add the text as new attachments to the 
> messages.
> This means that when someone mails you a simple Word doc, you don't 
> have to save the attachment, possibly switch OS and computer, and 
> crank up Word just to read a few lines of text.
>
> The "ChangeLog" tells you how to use it. Basically install antiword from
> http://www.winfield.demon.nl/
> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
> then set "Add Text Of Doc = yes" to your MailScanner.conf (having run 
> upgrade_MailScanner_conf of course!).
>
> And you're away.
>
> Have fun,
>
> Jules
>
Hi,

if I enable the new feature then MailScanner runs at almost 100% when 
any email arrives. Nothing gets processed. Disable thus feature and 
normal processing happens.

MailScanner --lint shows no errors. (Centos 5.2 system).

Rob

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ka at pacific.net  Wed Jul  2 23:26:58 2008
From: ka at pacific.net (Ken A)
Date: Wed Jul  2 23:27:04 2008
Subject: New feature -- antiword support
In-Reply-To: <486BFDA7.7020004@kettle.org.uk>
References: <486BB82A.30306@ecs.soton.ac.uk> <486BFDA7.7020004@kettle.org.uk>
Message-ID: <486C00B2.3020104@pacific.net>

Rob Kettle wrote:
> Julian Field wrote:
>> Hi folks!
>>
>> I felt a bit bored at home this afternoon, supposedly having a day off...
>>
>> So I added support for the "antiword" program.
>> Basically what MailScanner can now do is find *.doc files attached to 
>> your email messages, convert them to plain text (with a bit of 
>> *highlighting* like that) and add the text as new attachments to the 
>> messages.
>> This means that when someone mails you a simple Word doc, you don't 
>> have to save the attachment, possibly switch OS and computer, and 
>> crank up Word just to read a few lines of text.
>>
>> The "ChangeLog" tells you how to use it. Basically install antiword from
>> http://www.winfield.demon.nl/
>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having run 
>> upgrade_MailScanner_conf of course!).
>>
>> And you're away.
>>
>> Have fun,
>>
>> Jules
>>
> Hi,
> 
> if I enable the new feature then MailScanner runs at almost 100% when 
> any email arrives. Nothing gets processed. Disable thus feature and 
> normal processing happens.
> 
> MailScanner --lint shows no errors. (Centos 5.2 system).
> 
> Rob
> 

Seeing the same thing here. All mail gets passed through SA, then put 
back in the incoming queue and so on....
Ken

-- 
Ken Anderson
Pacific.Net

From rob at kettle.org.uk  Thu Jul  3 08:02:57 2008
From: rob at kettle.org.uk (Rob Kettle)
Date: Thu Jul  3 08:04:00 2008
Subject: New feature -- antiword support
In-Reply-To: <486C00B2.3020104@pacific.net>
References: <486BB82A.30306@ecs.soton.ac.uk> <486BFDA7.7020004@kettle.org.uk>
	<486C00B2.3020104@pacific.net>
Message-ID: <486C79A1.5050309@kettle.org.uk>



Ken A wrote:
> Rob Kettle wrote:
>> Julian Field wrote:
>>> Hi folks!
>>>
>>> I felt a bit bored at home this afternoon, supposedly having a day 
>>> off...
>>>
>>> So I added support for the "antiword" program.
>>> Basically what MailScanner can now do is find *.doc files attached 
>>> to your email messages, convert them to plain text (with a bit of 
>>> *highlighting* like that) and add the text as new attachments to the 
>>> messages.
>>> This means that when someone mails you a simple Word doc, you don't 
>>> have to save the attachment, possibly switch OS and computer, and 
>>> crank up Word just to read a few lines of text.
>>>
>>> The "ChangeLog" tells you how to use it. Basically install antiword 
>>> from
>>> http://www.winfield.demon.nl/
>>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
>>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having 
>>> run upgrade_MailScanner_conf of course!).
>>>
>>> And you're away.
>>>
>>> Have fun,
>>>
>>> Jules
>>>
>> Hi,
>>
>> if I enable the new feature then MailScanner runs at almost 100% when 
>> any email arrives. Nothing gets processed. Disable thus feature and 
>> normal processing happens.
>>
>> MailScanner --lint shows no errors. (Centos 5.2 system).
>>
>> Rob
>>
>
> Seeing the same thing here. All mail gets passed through SA, then put 
> back in the incoming queue and so on....
> Ken
>

Yup. That pretty much sums up what is happening with mine.

Rob

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jul  3 08:40:25 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul  3 08:40:59 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <EMEW-k61Auae2b85c21ee9b6dc300bfc90b71b36957-alpine.WNT.1.10.0807021111160.3236@henker.shcom.us>
References: <c2558da714eac944b0d6536fb8ad44d5@solidstatelogic.com>	<alpine.WNT.1.10.0806271107290.2952@henker.shcom.us>	<g43ji2$4g8$1@ger.gmane.org>	<alpine.LFD.1.10.0806272300540.22025@henker>	<EMEW-k60C032a18d816a11fce00776219b1acceb0f1-alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>	<486A13EC.2090108@ecs.soton.ac.uk>	<EMEW-k60E8ve4bbea84249670f4dca9bf2883d74308-alpine.WNT.1.10.0807011437090.2900@henker.shcom.us>	<486A3A58.5030500@ecs.soton.ac.uk>	<alpine.WNT.1.10.0807021010120.3236@henker.shcom.us>
	<EMEW-k61Auae2b85c21ee9b6dc300bfc90b71b36957-alpine.WNT.1.10.0807021111160.3236@henker.shcom.us>
Message-ID: <486C8269.6080709@ecs.soton.ac.uk>

When I want to shutdown MailScanner and sendmail together, I have to 
admit that I occasionally resort to
    service MailScanner stop
    service sendmail stop
The difference being that the MailScanner line stops sendmail listeners 
etc and won't let them start up any new processes, but leaves existing 
SMTP connections open. The sendmail line terminates all active 
connections and kills *all* sendmail processes. Not a very tidy thing to 
do in my view, which is why I haven't incorporated it into the 
MailScanner stop script, but occasionally it is necessary.

Steffan Henke wrote:
>
> Looks like my system is working again as it was with SA 3.2.5...
> In the end, there was still an old process that never died.
> Upon killing the process Jun26   0:00 sendmail: sm-scanner
> and restarting MS, everything is OK again...
>
> Have a great day everybody and thank you for your suggestions !
>
> /me updating MailScanner now :)
>
> Steffan
>
>
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jul  3 08:42:34 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul  3 08:43:11 2008
Subject: Question about white and blacklisting in Mailscanner
In-Reply-To: <EMEW-k61EvI25f345f04ac2640e14fa775922fdab9c-00bc01c8dc4a$c44bc610$4ce35230$@dk>
References: <EMEW-k5YDnGf2bb22838b98cbd179aef22030b41475-000e01c8daaf$1337b8d0$39a72a70$@dk>	<4869E662.4000806@ecs.soton.ac.uk>
	<EMEW-k61EvI25f345f04ac2640e14fa775922fdab9c-00bc01c8dc4a$c44bc610$4ce35230$@dk>
Message-ID: <486C82EA.9010705@ecs.soton.ac.uk>



Jonas Akrouh Larsen wrote:
>>> Now what has always wondered me is why both white and blacklisted mail 
>>> are STILL processed through spamassin regardless of their status.
>>>
>>>       
>> That should only happen if you have asked to always get a SpamAssassin 
>> report.
>>     
>
> If you mean the spamassassin report that's inserted into mail headers so you
> can see which checks was run and what score was given, then I do indeed
> always get that.
>
> Do you mean that if I change Always Include SpamAssassin Report = yes
> to no, then a hit on the whitelist/blacklist will mean MS skips the SA
> check?
>   
Correct.
You asked to always get a report, so it's giving you one :-) Don't ask 
it to, and it won't :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jul  3 08:43:42 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul  3 08:44:24 2008
Subject: New feature -- antiword support
In-Reply-To: <EMEW-k628BWa3e7733d2ff340ef550d5a5252fe365d-486C79A1.5050309@kettle.org.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
	<486BFDA7.7020004@kettle.org.uk>	<486C00B2.3020104@pacific.net>
	<EMEW-k628BWa3e7733d2ff340ef550d5a5252fe365d-486C79A1.5050309@kettle.org.uk>
Message-ID: <486C832E.60102@ecs.soton.ac.uk>



Rob Kettle wrote:
>
>
> Ken A wrote:
>> Rob Kettle wrote:
>>> Julian Field wrote:
>>>> Hi folks!
>>>>
>>>> I felt a bit bored at home this afternoon, supposedly having a day 
>>>> off...
>>>>
>>>> So I added support for the "antiword" program.
>>>> Basically what MailScanner can now do is find *.doc files attached 
>>>> to your email messages, convert them to plain text (with a bit of 
>>>> *highlighting* like that) and add the text as new attachments to 
>>>> the messages.
>>>> This means that when someone mails you a simple Word doc, you don't 
>>>> have to save the attachment, possibly switch OS and computer, and 
>>>> crank up Word just to read a few lines of text.
>>>>
>>>> The "ChangeLog" tells you how to use it. Basically install antiword 
>>>> from
>>>> http://www.winfield.demon.nl/
>>>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
>>>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having 
>>>> run upgrade_MailScanner_conf of course!).
>>>>
>>>> And you're away.
>>>>
>>>> Have fun,
>>>>
>>>> Jules
>>>>
>>> Hi,
>>>
>>> if I enable the new feature then MailScanner runs at almost 100% 
>>> when any email arrives. Nothing gets processed. Disable thus feature 
>>> and normal processing happens.
>>>
>>> MailScanner --lint shows no errors. (Centos 5.2 system).
>>>
>>> Rob
>>>
>>
>> Seeing the same thing here. All mail gets passed through SA, then put 
>> back in the incoming queue and so on....
>> Ken
>>
>
> Yup. That pretty much sums up what is happening with mine.
And what happens with a
    MailScanner --debug
?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jul  3 09:00:12 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul  3 09:00:42 2008
Subject: New feature -- antiword support
In-Reply-To: <EMEW-k628ncd76aef6f1600291ca3d258815d6cc9db-486C832E.60102@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>	<486BFDA7.7020004@kettle.org.uk>	<486C00B2.3020104@pacific.net>	<EMEW-k628BWa3e7733d2ff340ef550d5a5252fe365d-486C79A1.5050309@kettle.org.uk>
	<EMEW-k628ncd76aef6f1600291ca3d258815d6cc9db-486C832E.60102@ecs.soton.ac.uk>
Message-ID: <486C870C.7050903@ecs.soton.ac.uk>



Julian Field wrote:
>
>
> Rob Kettle wrote:
>>
>>
>> Ken A wrote:
>>> Rob Kettle wrote:
>>>> Julian Field wrote:
>>>>> Hi folks!
>>>>>
>>>>> I felt a bit bored at home this afternoon, supposedly having a day 
>>>>> off...
>>>>>
>>>>> So I added support for the "antiword" program.
>>>>> Basically what MailScanner can now do is find *.doc files attached 
>>>>> to your email messages, convert them to plain text (with a bit of 
>>>>> *highlighting* like that) and add the text as new attachments to 
>>>>> the messages.
>>>>> This means that when someone mails you a simple Word doc, you 
>>>>> don't have to save the attachment, possibly switch OS and 
>>>>> computer, and crank up Word just to read a few lines of text.
>>>>>
>>>>> The "ChangeLog" tells you how to use it. Basically install 
>>>>> antiword from
>>>>> http://www.winfield.demon.nl/
>>>>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
>>>>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having 
>>>>> run upgrade_MailScanner_conf of course!).
>>>>>
>>>>> And you're away.
>>>>>
>>>>> Have fun,
>>>>>
>>>>> Jules
>>>>>
>>>> Hi,
>>>>
>>>> if I enable the new feature then MailScanner runs at almost 100% 
>>>> when any email arrives. Nothing gets processed. Disable thus 
>>>> feature and normal processing happens.
>>>>
>>>> MailScanner --lint shows no errors. (Centos 5.2 system).
>>>>
>>>> Rob
>>>>
>>>
>>> Seeing the same thing here. All mail gets passed through SA, then 
>>> put back in the incoming queue and so on....
>>> Ken
>>>
>>
>> Yup. That pretty much sums up what is happening with mine.
> And what happens with a
>    MailScanner --debug
> ?
>
Cockup on my part. I forgot an "svn update" before I built the release. 
I am just putting up 4.71.2-2 as I type. There's one extra line in 
/usr/sbin/MailScanner.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From rob at kettle.org.uk  Thu Jul  3 09:35:36 2008
From: rob at kettle.org.uk (Rob Kettle)
Date: Thu Jul  3 09:36:40 2008
Subject: New feature -- antiword support
In-Reply-To: <486C870C.7050903@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>	<486BFDA7.7020004@kettle.org.uk>	<486C00B2.3020104@pacific.net>	<EMEW-k628BWa3e7733d2ff340ef550d5a5252fe365d-486C79A1.5050309@kettle.org.uk>	<EMEW-k628ncd76aef6f1600291ca3d258815d6cc9db-486C832E.60102@ecs.soton.ac.uk>
	<486C870C.7050903@ecs.soton.ac.uk>
Message-ID: <486C8F58.3080809@kettle.org.uk>

Julian Field wrote:
>
>
> Julian Field wrote:
>>
>>
>> Rob Kettle wrote:
>>>
>>>
>>> Ken A wrote:
>>>> Rob Kettle wrote:
>>>>> Julian Field wrote:
>>>>>> Hi folks!
>>>>>>
>>>>>> I felt a bit bored at home this afternoon, supposedly having a 
>>>>>> day off...
>>>>>>
>>>>>> So I added support for the "antiword" program.
>>>>>> Basically what MailScanner can now do is find *.doc files 
>>>>>> attached to your email messages, convert them to plain text (with 
>>>>>> a bit of *highlighting* like that) and add the text as new 
>>>>>> attachments to the messages.
>>>>>> This means that when someone mails you a simple Word doc, you 
>>>>>> don't have to save the attachment, possibly switch OS and 
>>>>>> computer, and crank up Word just to read a few lines of text.
>>>>>>
>>>>>> The "ChangeLog" tells you how to use it. Basically install 
>>>>>> antiword from
>>>>>> http://www.winfield.demon.nl/
>>>>>> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
>>>>>> then set "Add Text Of Doc = yes" to your MailScanner.conf (having 
>>>>>> run upgrade_MailScanner_conf of course!).
>>>>>>
>>>>>> And you're away.
>>>>>>
>>>>>> Have fun,
>>>>>>
>>>>>> Jules
>>>>>>
>>>>> Hi,
>>>>>
>>>>> if I enable the new feature then MailScanner runs at almost 100% 
>>>>> when any email arrives. Nothing gets processed. Disable thus 
>>>>> feature and normal processing happens.
>>>>>
>>>>> MailScanner --lint shows no errors. (Centos 5.2 system).
>>>>>
>>>>> Rob
>>>>>
>>>>
>>>> Seeing the same thing here. All mail gets passed through SA, then 
>>>> put back in the incoming queue and so on....
>>>> Ken
>>>>
>>>
>>> Yup. That pretty much sums up what is happening with mine.
>> And what happens with a
>>    MailScanner --debug
>> ?
>>
> Cockup on my part. I forgot an "svn update" before I built the 
> release. I am just putting up 4.71.2-2 as I type. There's one extra 
> line in /usr/sbin/MailScanner.
>
> Jules
>

Hi,

that seems to have fixed the bug.

thanks
Rob

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From gmatt at nerc.ac.uk  Thu Jul  3 10:03:56 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Thu Jul  3 10:04:35 2008
Subject: SpamAssassin 3.2.5 woes
In-Reply-To: <486C8269.6080709@ecs.soton.ac.uk>
References: <c2558da714eac944b0d6536fb8ad44d5@solidstatelogic.com>	<alpine.WNT.1.10.0806271107290.2952@henker.shcom.us>	<g43ji2$4g8$1@ger.gmane.org>	<alpine.LFD.1.10.0806272300540.22025@henker>	<EMEW-k60C032a18d816a11fce00776219b1acceb0f1-alpine.WNT.1.10.0807011020530.3436@henker.shcom.us>	<486A13EC.2090108@ecs.soton.ac.uk>	<EMEW-k60E8ve4bbea84249670f4dca9bf2883d74308-alpine.WNT.1.10.0807011437090.2900@henker.shcom.us>	<486A3A58.5030500@ecs.soton.ac.uk>	<alpine.WNT.1.10.0807021010120.3236@henker.shcom.us>	<EMEW-k61Auae2b85c21ee9b6dc300bfc90b71b36957-alpine.WNT.1.10.0807021111160.3236@henker.shcom.us>
	<486C8269.6080709@ecs.soton.ac.uk>
Message-ID: <486C95FC.6020506@nerc.ac.uk>

Julian Field wrote:
> When I want to shutdown MailScanner and sendmail together, I have to 
> admit that I occasionally resort to
>    service MailScanner stop
>    service sendmail stop

or pkill -HUP sendmail


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From hvdkooij at vanderkooij.org  Thu Jul  3 11:55:56 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu Jul  3 11:56:07 2008
Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN"
In-Reply-To: <200807021104.40057.dyioulos@firstbhph.com>
References: <200807021104.40057.dyioulos@firstbhph.com>
Message-ID: <486CB03C.6080902@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dimitri Yioulos wrote:

| Jul  2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498:
| 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue
MAIL/EXPN/VRFY/ETRN
| during connection to MTA
|
| I feel I should know how to configure my mail system to accept mail
from this
| source, but I don't. Any help would be appreciated.

I suggest you make a packet capture with tcpdump and take a good look at
it. Perhaps you can then tell us what the exact SMTP communication is.
Because the logs clearly indicates that the darn phone is not sticking
to the SMTP standard.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIbLA5BvzDRVjxmYERAhZtAKCP2NgG+q9AHaDjIV3bSSyP0NSJdwCgrxto
SacLmXRbac5L9ptRVHwkZqE=
=umvP
-----END PGP SIGNATURE-----
From peter at farrows.org  Thu Jul  3 13:35:10 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu Jul  3 13:35:34 2008
Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN"
In-Reply-To: <200807021104.40057.dyioulos@firstbhph.com>
References: <200807021104.40057.dyioulos@firstbhph.com>
Message-ID: <486CC77E.7090007@farrows.org>

Dimitri Yioulos wrote:
> Hi all.
>
> I hope it's OK to ask this here of you bright people, as come up with no 
> answer despite a mythic search:
>
> I recntly got a smart phone, primarily so that I could manage my network in an 
> emergency if away from the office and a computer.  (As an aside, using the 
> mobile versions of OpenVPN, VNC, and Putty, among others, I'm able to do so 
> quite nicely). As another peice, I'd like to connect to our Sendmail MTA 
> (used in conjuction with MailScanner, MailWatch, Spamassassin, clamav, 
> Synonym) for emailing purposes. I've tried a few different MUA's, and can 
> receive mail, but am unable to send it.  The error at the seerver is:
>
> Jul  2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498: 
> 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue MAIL/EXPN/VRFY/ETRN 
> during connection to MTA
>
> I feel I should know how to configure my mail system to accept mail from this 
> source, but I don't. Any help would be appreciated.
>
> Dimitri
>
>   
When Sendmail reports this in the logs, it means that the sending agent 
disconnected prematurely without sending any (valid) response to the 
greeting.

You can replicate the error by telneting to port 25 on the sendmail 
machine and then simply disconnecting before even beginning the smtp 
communication.

P.



-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From jonas at vrt.dk  Thu Jul  3 14:13:44 2008
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Thu Jul  3 14:14:00 2008
Subject: Question about white and blacklisting in Mailscanner
In-Reply-To: <486C82EA.9010705@ecs.soton.ac.uk>
References: <EMEW-k5YDnGf2bb22838b98cbd179aef22030b41475-000e01c8daaf$1337b8d0$39a72a70$@dk>	<4869E662.4000806@ecs.soton.ac.uk>	<EMEW-k61EvI25f345f04ac2640e14fa775922fdab9c-00bc01c8dc4a$c44bc610$4ce35230$@dk>
	<486C82EA.9010705@ecs.soton.ac.uk>
Message-ID: <002301c8dd0e$9ef535d0$dcdfa170$@dk>

>> Do you mean that if I change Always Include SpamAssassin Report = yes
>> to no, then a hit on the whitelist/blacklist will mean MS skips the SA
>> check?
>>   
>Correct.
>You asked to always get a report, so it's giving you one :-) Don't ask 
>it to, and it won't :-)
>
>Jules

I guess it makes sense :) I just hadn't considered it.

Thanks again, and get better soon.

Best regards

Jonas A. Larsen
 

From dyioulos at firstbhph.com  Thu Jul  3 14:23:25 2008
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Thu Jul  3 14:23:50 2008
Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN"
In-Reply-To: <486CC77E.7090007@farrows.org>
References: <200807021104.40057.dyioulos@firstbhph.com>
	<486CC77E.7090007@farrows.org>
Message-ID: <200807030923.25416.dyioulos@firstbhph.com>

On Thursday 03 July 2008 8:35 am, Peter Farrow wrote:
> Dimitri Yioulos wrote:
> > Hi all.
> >
> > I hope it's OK to ask this here of you bright people, as come up with no
> > answer despite a mythic search:
> >
> > I recntly got a smart phone, primarily so that I could manage my network
> > in an emergency if away from the office and a computer.  (As an aside,
> > using the mobile versions of OpenVPN, VNC, and Putty, among others, I'm
> > able to do so quite nicely). As another peice, I'd like to connect to our
> > Sendmail MTA (used in conjuction with MailScanner, MailWatch,
> > Spamassassin, clamav, Synonym) for emailing purposes. I've tried a few
> > different MUA's, and can receive mail, but am unable to send it.  The
> > error at the seerver is:
> >
> > Jul  2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498:
> > 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue
> > MAIL/EXPN/VRFY/ETRN during connection to MTA
> >
> > I feel I should know how to configure my mail system to accept mail from
> > this source, but I don't. Any help would be appreciated.
> >
> > Dimitri
>
> When Sendmail reports this in the logs, it means that the sending agent
> disconnected prematurely without sending any (valid) response to the
> greeting.
>
> You can replicate the error by telneting to port 25 on the sendmail
> machine and then simply disconnecting before even beginning the smtp
> communication.
>
> P.
>
>

Thanks, Peter.  Curious that no matter which MUA I use, I get the same 
response. Any idea how I would overcome the issue?

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From pedro.hoffmann at gmail.com  Thu Jul  3 14:58:02 2008
From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus)
Date: Thu Jul  3 14:58:13 2008
Subject: Phishing Links
Message-ID: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>

When Mailscanner finds some phishing link, it puts a message that this link
may be some phishing, but it don't remove the link.

Is there a way to remove links that mailscanner thinks is phishing?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080703/af7d2068/attachment.html
From peter at farrows.org  Thu Jul  3 15:13:12 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu Jul  3 15:13:36 2008
Subject: OT - "did not issue MAIL/EXPN/VRFY/ETRN"
In-Reply-To: <200807030923.25416.dyioulos@firstbhph.com>
References: <200807021104.40057.dyioulos@firstbhph.com>	<486CC77E.7090007@farrows.org>
	<200807030923.25416.dyioulos@firstbhph.com>
Message-ID: <486CDE78.9020402@farrows.org>

Dimitri Yioulos wrote:
> On Thursday 03 July 2008 8:35 am, Peter Farrow wrote:
>   
>> Dimitri Yioulos wrote:
>>     
>>> Hi all.
>>>
>>> I hope it's OK to ask this here of you bright people, as come up with no
>>> answer despite a mythic search:
>>>
>>> I recntly got a smart phone, primarily so that I could manage my network
>>> in an emergency if away from the office and a computer.  (As an aside,
>>> using the mobile versions of OpenVPN, VNC, and Putty, among others, I'm
>>> able to do so quite nicely). As another peice, I'd like to connect to our
>>> Sendmail MTA (used in conjuction with MailScanner, MailWatch,
>>> Spamassassin, clamav, Synonym) for emailing purposes. I've tried a few
>>> different MUA's, and can receive mail, but am unable to send it.  The
>>> error at the seerver is:
>>>
>>> Jul  2 10:07:10 mail1 sendmail[26498]: m62E6fSg026498:
>>> 81.sub-75-221-91.myvzw.com [75.221.91.81] did not issue
>>> MAIL/EXPN/VRFY/ETRN during connection to MTA
>>>
>>> I feel I should know how to configure my mail system to accept mail from
>>> this source, but I don't. Any help would be appreciated.
>>>
>>> Dimitri
>>>       
>> When Sendmail reports this in the logs, it means that the sending agent
>> disconnected prematurely without sending any (valid) response to the
>> greeting.
>>
>> You can replicate the error by telneting to port 25 on the sendmail
>> machine and then simply disconnecting before even beginning the smtp
>> communication.
>>
>> P.
>>
>>
>>     
>
> Thanks, Peter.  Curious that no matter which MUA I use, I get the same 
> response. Any idea how I would overcome the issue?
>
> Dimitri
>
>   
If you are using greetpause feature or have a reverse lookup for 
blacklists in your sendmail.mc it mail be causing a delay before your 
sendmail MTA issues its greeting, this delay may be too long for your 
MUA causing this to be logged as the MUA disconnects prior to the greeting.

P.


-- 
horizontal ruler

Peter Farrow
Inexcom Logo 	
Inexcom Ltd
Office: 	08450 949 747
Fax: 	01249 461 548
Mobile: 	07799605617
Skype: 	peter_farrow
Web: 	www.inexcom.co.uk <http://www.inexcom.co.uk>
Registered in England and Wales, number:05598456


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
Skipped content of type multipart/related
From ka at pacific.net  Thu Jul  3 15:50:21 2008
From: ka at pacific.net (Ken A)
Date: Thu Jul  3 15:50:28 2008
Subject: New feature -- antiword support
In-Reply-To: <486BB82A.30306@ecs.soton.ac.uk>
References: <486BB82A.30306@ecs.soton.ac.uk>
Message-ID: <486CE72D.3090803@pacific.net>

Julian Field wrote:
> Hi folks!
> 
> I felt a bit bored at home this afternoon, supposedly having a day off...
> 
> So I added support for the "antiword" program.
> Basically what MailScanner can now do is find *.doc files attached to 
> your email messages, convert them to plain text (with a bit of 
> *highlighting* like that) and add the text as new attachments to the 
> messages.
> This means that when someone mails you a simple Word doc, you don't have 
> to save the attachment, possibly switch OS and computer, and crank up 
> Word just to read a few lines of text.
> 
> The "ChangeLog" tells you how to use it. Basically install antiword from
> http://www.winfield.demon.nl/
> (or from RPM or SRPMS at http://www.volny.cz/zellerin/rpmmenu.html)
> then set "Add Text Of Doc = yes" to your MailScanner.conf (having run 
> upgrade_MailScanner_conf of course!).
> 
> And you're away.
> 
> Have fun,
> 
> Jules
> 

This is working here now too. Thanks... A nice feature!

It got me thinking.. (not always a good thing) When I saw this -
# This can also be the filename of a ruleset.
Antiword = /usr/bin/antiword -f

It would be nice to have a way to associate a file extension with a 
converter, so that one could say things like:
FileExt	.doc	%rules%/doc.conversion.rules

You could do things like convert all bitmaps to jpegs, convert pdfs to 
text or to images. unzip and attach separately all zipped files (might 
be a problem here).

A customer might like to convert all bitmaps that Aunt Mary sends to 
jpegs, and resize them to 640x480, and not keep the original bitmap 
attachments.. (thanks a lot Aunt Mary).

I'd like to convert all inline images in spam to 1x1 pixel gifs. :-)

Ken


-- 
Ken Anderson
Pacific.Net

From ssilva at sgvwater.com  Thu Jul  3 16:48:47 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jul  3 16:48:46 2008
Subject: Phishing Links
In-Reply-To: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
Message-ID: <g4isc7$iq6$2@ger.gmane.org>

on 7-3-2008 6:58 AM Pedro Bordin Hoffmann - [M]orpheus spake the following:
> When Mailscanner finds some phishing link, it puts a message that this 
> link may be some phishing, but it don't remove the link.
> 
> Is there a way to remove links that mailscanner thinks is phishing?
> 
> Thanks!
> 
But what if it is wrong?
Then you have removed links that might be legitimate.
Not all links that "look phishy" are phishing attempts.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080703/c28a9e4c/signature.bin
From alex at rtpty.com  Thu Jul  3 17:06:13 2008
From: alex at rtpty.com (Alex Neuman)
Date: Thu Jul  3 17:06:58 2008
Subject: Phishing Links
In-Reply-To: <g4isc7$iq6$2@ger.gmane.org>
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
	<g4isc7$iq6$2@ger.gmane.org>
Message-ID: <E085E10E-057A-471D-B010-D292A31F825D@rtpty.com>

And the corollary is... not all phishing attempts use links that "look  
phisy". B E  A  L E R T ! ! !  - The world needs more lerts.
On Jul 3, 2008, at 10:48 AM, Scott Silva wrote:

> Not all links that "look phishy" are phishing attempts.

From mark at msapiro.net  Thu Jul  3 17:10:47 2008
From: mark at msapiro.net (Mark Sapiro)
Date: Thu Jul  3 17:10:58 2008
Subject: Message body lost when zip file quarantined
Message-ID: <486CFA07.2070804@msapiro.net>

Let me try this again.

On June 30, Mark Sapiro wrote:

> MailScanner-4.70.7-1
> 
> I'm sorry if this is a well known issue or a FAQ. I tried googling the
> list archives and didn't see anything that seemed relevant.
> 
> The issue is this:
> 
> MailScanner is scanning a message with an attached .zip archive which
> contains a number of .bat and .bat.bak files, other files and even
> another zip archive which contains a single .bat file.
> 
> Mailscanner detects all the .bat and .bat.bak files in the zip files,
> sends a notice appropriately, and delivers the message with the
> attachment removed. All well and good. The problems are:
> 
> 1) not only the original .zip is quarantined, but so also are the
> individual .bat, .bat.bak and .zip files extracted from the original
> .zip (other files in the .zip with OK names are not). This is not a
> major issue, but makes looking in the quarantine difficult as one
> doesn't know what files were separately attached and what files were
> just in the .zip.
> 
> 2) The more serious issue is the original message body is also removed
> from the delivered message, and it is not stored anywhere.


So, is there some misconfiguration on my part that is causing the loss 
of the message body, or is this and the redundant files in quarantine 
the expected behavior?

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From MailScanner at ecs.soton.ac.uk  Thu Jul  3 17:34:18 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul  3 17:34:50 2008
Subject: Message body lost when zip file quarantined
In-Reply-To: <EMEW-k62HFd88ccc7fe71aa51f2534ea2305f970bca-486CFA07.2070804@msapiro.net>
References: <EMEW-k62HFd88ccc7fe71aa51f2534ea2305f970bca-486CFA07.2070804@msapiro.net>
Message-ID: <486CFF8A.1070409@ecs.soton.ac.uk>



Mark Sapiro wrote:
> Let me try this again.
>
> On June 30, Mark Sapiro wrote:
>
>> MailScanner-4.70.7-1
>>
>> I'm sorry if this is a well known issue or a FAQ. I tried googling the
>> list archives and didn't see anything that seemed relevant.
>>
>> The issue is this:
>>
>> MailScanner is scanning a message with an attached .zip archive which
>> contains a number of .bat and .bat.bak files, other files and even
>> another zip archive which contains a single .bat file.
>>
>> Mailscanner detects all the .bat and .bat.bak files in the zip files,
>> sends a notice appropriately, and delivers the message with the
>> attachment removed. All well and good. The problems are:
>>
>> 1) not only the original .zip is quarantined, but so also are the
>> individual .bat, .bat.bak and .zip files extracted from the original
>> .zip (other files in the .zip with OK names are not). This is not a
>> major issue, but makes looking in the quarantine difficult as one
>> doesn't know what files were separately attached and what files were
>> just in the .zip.
>>
>> 2) The more serious issue is the original message body is also removed
>> from the delivered message, and it is not stored anywhere.
>
>
> So, is there some misconfiguration on my part that is causing the loss 
> of the message body, or is this and the redundant files in quarantine 
> the expected behavior?
>
Number 2 is the one that interests me. Please can you send me a concrete 
example, preferably lifted straight out of a sendmail queue.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu Jul  3 21:23:11 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul  3 21:23:59 2008
Subject: Non-English testers?
Message-ID: <486D352F.1040002@ecs.soton.ac.uk>

Hi folks,

I wonder if a few non-English testers could try out 4.71.2 for me please?
I want to see what happens if you set "Add Text Of Doc = yes" and try 
throwing some Word documents at it that have international characters in 
the filename.

All comments gratefully received.
Particularly if you manage to break it, of course. :-)

Thanks!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From hvdkooij at vanderkooij.org  Thu Jul  3 21:31:25 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu Jul  3 21:31:34 2008
Subject: Non-English testers?
In-Reply-To: <486D352F.1040002@ecs.soton.ac.uk>
References: <486D352F.1040002@ecs.soton.ac.uk>
Message-ID: <486D371D.5040701@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote:

| All comments gratefully received.
| Particularly if you manage to break it, of course. :-)

Breaking it is never a problem. Breaking it in a way to prove you wrong
instead of showing my mistake is much harder.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIbTcbBvzDRVjxmYERAkxsAKCuZqw2TyoI+3dIkFfb66MgFfFD/gCeKu2e
I1YgO75F8Gp9xUPhEUj2qA0=
=JD41
-----END PGP SIGNATURE-----
From alex at rtpty.com  Thu Jul  3 21:38:24 2008
From: alex at rtpty.com (Alex Neuman)
Date: Thu Jul  3 21:39:13 2008
Subject: Non-English testers?
In-Reply-To: <486D352F.1040002@ecs.soton.ac.uk>
References: <486D352F.1040002@ecs.soton.ac.uk>
Message-ID: <0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com>

As always, Google is your friend... And so am I!

Don't have time to do a quick upgrade right now, so I can give you a  
tip instead. Search for filetype:doc in Google, and you get stuff like:

http://www.aedtss.com/Palomeque.doc
http://www.expoartigas.com/seguridad.doc
http://www.adolfotaylhardat.net/lasituacionexplosivadevenezuela.doc
(in Spanish)

You can always rename them so not only content but filenames have  
Int'l characters in them.

One other thing, if somebody here could be so kind to try out Office  
2007 documents and/or Word documents with pictures and stuff embedded  
within which *themselves* have international characters... Well, just  
to be on the exaggerated safe side, if you catch my drift.


On Jul 3, 2008, at 3:23 PM, Julian Field wrote:

> Hi folks,
>
> I wonder if a few non-English testers could try out 4.71.2 for me  
> please?
> I want to see what happens if you set "Add Text Of Doc = yes" and  
> try throwing some Word documents at it that have international  
> characters in the filename.
>
> All comments gratefully received.
> Particularly if you manage to break it, of course. :-)
>
> Thanks!
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules@Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Jul  3 21:52:43 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul  3 21:53:23 2008
Subject: Non-English testers?
In-Reply-To: <EMEW-k62Lij7a0222bd2aca6defd2f36c98aec5e4fe-0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com>
References: <486D352F.1040002@ecs.soton.ac.uk>
	<EMEW-k62Lij7a0222bd2aca6defd2f36c98aec5e4fe-0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com>
Message-ID: <486D3C1B.9090604@ecs.soton.ac.uk>



Alex Neuman wrote:
> As always, Google is your friend... And so am I!
>
> Don't have time to do a quick upgrade right now, so I can give you a 
> tip instead. Search for filetype:doc in Google, and you get stuff like:
>
> http://www.aedtss.com/Palomeque.doc
> http://www.expoartigas.com/seguridad.doc
> http://www.adolfotaylhardat.net/lasituacionexplosivadevenezuela.doc
> (in Spanish)
>
> You can always rename them so not only content but filenames have 
> Int'l characters in them.
>
> One other thing, if somebody here could be so kind to try out Office 
> 2007 documents and/or Word documents with pictures and stuff embedded 
> within which *themselves* have international characters... Well, just 
> to be on the exaggerated safe side, if you catch my drift.
The "Add Text Of Doc" won't work on .docx files, sorry. Antiword doesn't 
support them. If anyone has a way of managing to read them, I would be 
very interested to hear it. Or even just some helpful ideas.

>
>
> On Jul 3, 2008, at 3:23 PM, Julian Field wrote:
>
>> Hi folks,
>>
>> I wonder if a few non-English testers could try out 4.71.2 for me 
>> please?
>> I want to see what happens if you set "Add Text Of Doc = yes" and try 
>> throwing some Word documents at it that have international characters 
>> in the filename.
>>
>> All comments gratefully received.
>> Particularly if you manage to break it, of course. :-)
>>
>> Thanks!
>>
>> Jules
>>
>> -- 
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> MailScanner customisation, or any advanced system administration help?
>> Contact me at Jules@Jules.FM
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> PGP public key: http://www.jules.fm/julesfm.asc
>>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mark at msapiro.net  Thu Jul  3 22:03:06 2008
From: mark at msapiro.net (Mark Sapiro)
Date: Thu Jul  3 22:03:19 2008
Subject: Message body lost when zip file quarantined
In-Reply-To: <486CFF8A.1070409@ecs.soton.ac.uk>
Message-ID: <PC18702008070314030600150912edd5@msapiro>

Julian Field wrote:>
>
>Mark Sapiro wrote:
>>>
>>> MailScanner is scanning a message with an attached .zip archive which
>>> contains a number of .bat and .bat.bak files, other files and even
>>> another zip archive which contains a single .bat file.
>>>
>>> Mailscanner detects all the .bat and .bat.bak files in the zip files,
>>> sends a notice appropriately, and delivers the message with the
>>> attachment removed. All well and good. The problems are:
>>>
>>> 1) not only the original .zip is quarantined, but so also are the
>>> individual .bat, .bat.bak and .zip files extracted from the original
>>> .zip (other files in the .zip with OK names are not). This is not a
>>> major issue, but makes looking in the quarantine difficult as one
>>> doesn't know what files were separately attached and what files were
>>> just in the .zip.
>>>
>>> 2) The more serious issue is the original message body is also removed
>>> from the delivered message, and it is not stored anywhere.
>>
>>
>> So, is there some misconfiguration on my part that is causing the loss 
>> of the message body, or is this and the redundant files in quarantine 
>> the expected behavior?
>>
>Number 2 is the one that interests me. Please can you send me a concrete 
>example, preferably lifted straight out of a sendmail queue.


I use Postfix, not sendmail.

Here's what I have:

-The Postfix queue entry.
-The raw message received via bcc without passing through MailScanner
-The {Filename?} message delivered to the recipient after MailScanner
-The notice sent as a result of 'Send Notices = yes'

Which of these would you like (and may I send it/them off list)?

-- 
Mark Sapiro <mark@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From MailScanner at ecs.soton.ac.uk  Thu Jul  3 22:43:14 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jul  3 22:43:50 2008
Subject: Message body lost when zip file quarantined
In-Reply-To: <EMEW-k62M7R83824f738772de166a052e9e61740012-PC18702008070314030600150912edd5@msapiro>
References: <EMEW-k62M7R83824f738772de166a052e9e61740012-PC18702008070314030600150912edd5@msapiro>
Message-ID: <486D47F2.6050104@ecs.soton.ac.uk>



Mark Sapiro wrote:
> Julian Field wrote:>
>   
>> Mark Sapiro wrote:
>>     
>>>> MailScanner is scanning a message with an attached .zip archive which
>>>> contains a number of .bat and .bat.bak files, other files and even
>>>> another zip archive which contains a single .bat file.
>>>>
>>>> Mailscanner detects all the .bat and .bat.bak files in the zip files,
>>>> sends a notice appropriately, and delivers the message with the
>>>> attachment removed. All well and good. The problems are:
>>>>
>>>> 1) not only the original .zip is quarantined, but so also are the
>>>> individual .bat, .bat.bak and .zip files extracted from the original
>>>> .zip (other files in the .zip with OK names are not). This is not a
>>>> major issue, but makes looking in the quarantine difficult as one
>>>> doesn't know what files were separately attached and what files were
>>>> just in the .zip.
>>>>
>>>> 2) The more serious issue is the original message body is also removed
>>>> from the delivered message, and it is not stored anywhere.
>>>>         
>>> So, is there some misconfiguration on my part that is causing the loss 
>>> of the message body, or is this and the redundant files in quarantine 
>>> the expected behavior?
>>>
>>>       
>> Number 2 is the one that interests me. Please can you send me a concrete 
>> example, preferably lifted straight out of a sendmail queue.
>>     
>
>
> I use Postfix, not sendmail.
>
> Here's what I have:
>
> -The Postfix queue entry.
> -The raw message received via bcc without passing through MailScanner
> -The {Filename?} message delivered to the recipient after MailScanner
> -The notice sent as a result of 'Send Notices = yes'
>
> Which of these would you like (and may I send it/them off list)?
>   
All of the above please. Send them zipped up to mailscanner@ecs.soton.ac.uk.

Thanks!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From lists at openenterprise.ca  Fri Jul  4 01:00:28 2008
From: lists at openenterprise.ca (Johnny Stork)
Date: Fri Jul  4 01:00:45 2008
Subject: Whitelists Still Not Working?
Message-ID: <486D681C.4080104@openenterprise.ca>

I sure hope someone can help with this. I have tried this list as well 
as the mailwatch list but have not had anyone respond with any helpful 
info. I am sure this must be pretty simple for those that know what they 
are doing. Here are the details.

Most recent version of MS and MW running on CentOS 5x

Mailscanner.conf setting = Is Definitely Not Spam = &SQLWhitelist

And in the "Lists" section of MW, I have many domains listed as 
domain.com (without the @ or a specific adddress). Below is an example 
of whats listed in the "Lists" page of MW and it shows clearly that 
"futureshop.com" is listed.

futureshop.com 	default 	Delete 
<http://192.168.10.2/Content/Secure/Mailwatch/lists.php?submit=Delete&id=156&list=w> 



And here are the headers for a message that just came in and was tagged 
as SPAM.  You can see that the from field is " From: Future Shop 
Newsletter <newsletter@futureshop.com>" so why would this not be 
whitelisted?

Can someone please suggest anything that might help?




Received: from serendipity.mountainhosting.ca 
(serendipity.mountainhosting.ca [66.249.13.171])
     by gateway.johnnystork.ca (8.13.8/8.13.8) with ESMTP id m63MMfgf003080
     for <stork@johnnystork.ca>; Thu, 3 Jul 2008 15:22:42 -0700
Received: from [127.0.0.1] (helo=mail1536.mkt1336.com)
     by serendipity.mountainhosting.ca with esmtp (Exim 4.69)
     (envelope-from <v-cbilj_bgckiebc_fekkao_fekkao_a@bounce.mkt1336.com>)
     id 1KEXCK-0007kj-QO
     for stork@openenterprise.ca; Thu, 03 Jul 2008 15:22:41 -0700
Received: from mail1536.mkt1336.com ([208.85.55.19] 
helo=mail1536.mkt1336.com)
     by ASSP.nospam; 3 Jul 2008 15:22:40 -0700
Received: by mail1536.mkt1336.com (PowerMTA(TM) v3.2r17) id hdl8j00f65ge 
for <stork@openenterprise.ca>; Thu, 3 Jul 2008 18:22:33 -0400 
(envelope-from <v-cbilj_bgckiebc_fekkao_fekkao_a@bounce.mkt1336.com>)
Message-ID: <32554889.30563671215123753029.JavaMail.?@mx01.pdkp2>
Date: Thu, 3 Jul 2008 18:22:33 -0400 (EDT)
From: Future Shop Newsletter <newsletter@futureshop.com>
Reply-To: newsletter@futureshop.com
To: stork@openenterprise.ca
Subject: 7 Days of Deals are back!
MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary="----=_Part_7063_5398324.1215123742149"
x-mid: 137401
List-Unsubscribe: 
<mailto:v-cbilj_bgckiebc_fekkao_fekkao_a@bounce.mkt1336.com?subject=Unsubscribe>
X-Assp-Delay: not delayed (auto accepted); 3 Jul 2008 15:22:40 -0700
X-Assp-Re-Red: bounce
X-Assp-Message-Score: -10 (Home Country Bonus US - SILVERPOP SYSTEMS)
X-Assp-Received-SPF: pass - Please see 
http://www.openspf.org/why.html?sender=v-cbilj_bgckiebc_fekkao_fekkao_a%40bounce.mkt1336.com&ip=208.85.55.19&receiver=ASSP.nospam:
     208.85.55.19 contains 208.85.55.19 - client-ip=208.85.55.19;
     envelope-from=v-cbilj_bgckiebc_fekkao_fekkao_a@bounce.mkt1336.com;
     helo=mail1536.mkt1336.com;
X-Assp-Message/IP-Score: 5 (DNSBLneutral blackholes.five-ten-sg.com)
X-Assp-Received-DNSBL: neutral (blackholes.five-ten-sg.com-> rm02
     net bulk ; )
X-Assp-Message/IP-Score: 29 (Bayesian Probability: 1.0000)
X-Assp-Spam-Level: ****
X-AntiAbuse: This header was added to track abuse, please include it 
with any abuse report
X-AntiAbuse: Primary Hostname - serendipity.mountainhosting.ca
X-AntiAbuse: Original Domain - openenterprise.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bounce.mkt1336.com
X-Source:
X-Source-Args:
X-Source-Dir:

From Kevin_Miller at ci.juneau.ak.us  Fri Jul  4 01:22:02 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Fri Jul  4 01:22:19 2008
Subject: Whitelists Still Not Working?
In-Reply-To: <486D681C.4080104@openenterprise.ca>
References: <486D681C.4080104@openenterprise.ca>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D566@city-exch-w3e.cbj.local>

Johnny Stork wrote:
> X-Assp-Received-SPF: pass - Please see
>
http://www.openspf.org/why.html?sender=v-cbilj_bgckiebc_fekkao_fekkao_a%
40bounce.mkt1336.com&ip=208.85.55.19&receiver=ASSP.nospam:
>      208.85.55.19 contains 208.85.55.19 - client-ip=208.85.55.19;

I'm not sure that it's MailScanner/Spamassassin/MailWatch that's doing
the neferious deed Johnny.  Following the link in the headers it looks
like SPF is scrunching the message, but can't explain why.  It knows it
shouldn't.

Do you have the luxury of running SPF on your MTA and turning it off in
mailscanner/spamassassin and seeing how that goes?

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From Jeff.Mills at versacold.com.au  Fri Jul  4 02:22:45 2008
From: Jeff.Mills at versacold.com.au (Jeff Mills)
Date: Fri Jul  4 02:22:58 2008
Subject: Bayes Expiry - spam gets through
Message-ID: <A80817E3C206A84788EBD17BB171F0F90207A7AE@EXCHANGE.AU.POCOLD.POCL>


I have an issue with the expiry of the Bayes databases on my servers.
Every time an expiry is done, quite a bit of spam is let through.
Obviously its removing tokens that are not very old.
I have set bayes_expiry_max_db_size to quite a high size to try and help
this, but still when it expires, spam gets through.

bayes_expiry_max_db_size 4000000

The example spam I have been sent both came through server 2, but this
could just be coincidence.
Server 1 usually gets more mail because it's the first in DNS.

Server 1
Bayes Database Information Number of Spam Messages:	843,399
Number of Ham Messages:	175,621
Number of Tokens:	4,216,073
Oldest Token:	Sat, 10 May 2008 07:58:32 +1000
Newest Token:	Fri, 04 Jul 2008 11:14:26 +1000
Last Journal Sync:	Fri, 04 Jul 2008 11:05:51 +1000
Last Expiry:	Fri, 04 Jul 2008 10:58:27 +1000
Last Expiry Reduction Count:	49,773 tokens

Server 2
Bayes Database Information Number of Spam Messages:	423,059
Number of Ham Messages:	170,864
Number of Tokens:	2,100,113
Oldest Token:	Tue, 06 May 2008 05:34:49 +1000
Newest Token:	Fri, 04 Jul 2008 11:17:36 +1000
Last Journal Sync:	Fri, 04 Jul 2008 11:05:37 +1000
Last Expiry:	Tue, 01 Jul 2008 22:26:32 +1000
Last Expiry Reduction Count:	30,177 token

I would have thought that keeping tokens a month old should be enough to
catch recent spam due to spammers changing tactics so often.

Do others have the same issue when expiring bayes?
Is there a known best setup with regards to bayes setup and expiry?
From telecaadmin at gmail.com  Fri Jul  4 08:52:33 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Fri Jul  4 08:55:12 2008
Subject: Bayes Expiry - spam gets through
In-Reply-To: <A80817E3C206A84788EBD17BB171F0F90207A7AE@EXCHANGE.AU.POCOLD.POCL>
References: <A80817E3C206A84788EBD17BB171F0F90207A7AE@EXCHANGE.AU.POCOLD.POCL>
Message-ID: <486DD6C1.2090000@gmail.com>

Hi,

> I have an issue with the expiry of the Bayes databases on my servers.
> Every time an expiry is done, quite a bit of spam is let through.

This looks like a thread called "Somtimes Spam-Mail are not recognized", 
just days ago (please read for thourough discussion there).

Solution is to set the

Wait During Bayes Rebuild = yes

in MailScanner.cf

Cheers,
Ronny
From a.peacock at chime.ucl.ac.uk  Fri Jul  4 08:55:47 2008
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Fri Jul  4 08:55:58 2008
Subject: Bayes Expiry - spam gets through
In-Reply-To: <A80817E3C206A84788EBD17BB171F0F90207A7AE@EXCHANGE.AU.POCOLD.POCL>
References: <A80817E3C206A84788EBD17BB171F0F90207A7AE@EXCHANGE.AU.POCOLD.POCL>
Message-ID: <486DD783.6080702@chime.ucl.ac.uk>

Hi,


Jeff Mills wrote:
> I have an issue with the expiry of the Bayes databases on my servers.
> Every time an expiry is done, quite a bit of spam is let through.
> Obviously its removing tokens that are not very old.
> I have set bayes_expiry_max_db_size to quite a high size to try and help
> this, but still when it expires, spam gets through.
> 
> bayes_expiry_max_db_size 4000000

I had a similar issue recently and bumped up by max_db_size to

bayes_expiry_max_db_size   5000000

Which has made things a bit better, I also manually train the database a 
bit more thoroughly now.

-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
From Jeff.Mills at versacold.com.au  Fri Jul  4 09:33:02 2008
From: Jeff.Mills at versacold.com.au (Jeff Mills)
Date: Fri Jul  4 09:33:17 2008
Subject: Bayes Expiry - spam gets through
In-Reply-To: <486DD6C1.2090000@gmail.com>
Message-ID: <A80817E3C206A84788EBD17BB171F0F90207A7B5@EXCHANGE.AU.POCOLD.POCL>

 

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Ronny T. Lampert
> Sent: Friday, 4 July 2008 5:53 PM
> To: MailScanner discussion
> Subject: Re: Bayes Expiry - spam gets through
> 
> Hi,
> 
> > I have an issue with the expiry of the Bayes databases on 
> my servers.
> > Every time an expiry is done, quite a bit of spam is let through.
> 
> This looks like a thread called "Somtimes Spam-Mail are not 
> recognized", just days ago (please read for thourough 
> discussion there).
> 
> Solution is to set the
> 
> Wait During Bayes Rebuild = yes
> 
> in MailScanner.cf
> 
> Cheers,
> Ronny

Thanks Ronny,
I have that set in MailScanner.conf.
Is that not where it should be?

Also, if I am using bayes_auto_expire, does MailScanner still wait, or
does Wait During Bayes Rebuild = yes only take affect when MailScanner
does the expire via Rebuild Bayes Every = xxx?
From telecaadmin at gmail.com  Fri Jul  4 10:05:30 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Fri Jul  4 10:08:13 2008
Subject: Bayes Expiry - spam gets through
In-Reply-To: <A80817E3C206A84788EBD17BB171F0F90207A7B5@EXCHANGE.AU.POCOLD.POCL>
References: <A80817E3C206A84788EBD17BB171F0F90207A7B5@EXCHANGE.AU.POCOLD.POCL>
Message-ID: <486DE7DA.3020709@gmail.com>

> Also, if I am using bayes_auto_expire, does MailScanner still wait, or
> does Wait During Bayes Rebuild = yes only take affect when MailScanner
> does the expire via Rebuild Bayes Every = xxx?

The "Wait During Bayes Rebuild = yes" in MailScanner.cf is where it belongs.
You have to disable bayes_auto_expire for spamassassin.

Please read the thread here:

http://lists.mailscanner.info/pipermail/mailscanner/2008-July/085777.html
From MailScanner at ecs.soton.ac.uk  Fri Jul  4 10:10:53 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri Jul  4 10:11:36 2008
Subject: Bayes Expiry - spam gets through
In-Reply-To: <EMEW-k639bj20b4e597a8e431fc4b60cf4d464a9d58-A80817E3C206A84788EBD17BB171F0F90207A7B5@EXCHANGE.AU.POCOLD.POCL>
References: <EMEW-k639bj20b4e597a8e431fc4b60cf4d464a9d58-A80817E3C206A84788EBD17BB171F0F90207A7B5@EXCHANGE.AU.POCOLD.POCL>
Message-ID: <486DE91D.1090801@ecs.soton.ac.uk>



Jeff Mills wrote:
>
> Also, if I am using bayes_auto_expire, does MailScanner still wait, or
> does Wait During Bayes Rebuild = yes only take affect when MailScanner
> does the expire via Rebuild Bayes Every = xxx?
>   
It should only take effect when MailScanner is doing the rebuild.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From wick at bobwickline.com  Fri Jul  4 14:53:03 2008
From: wick at bobwickline.com (Bob Wickline)
Date: Fri Jul  4 14:53:27 2008
Subject: OT: Run MScanner in a virtualized environment.
In-Reply-To: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>
References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>
Message-ID: <486E2B3F.8070407@bobwickline.com>

I have a dozen Solaris zones running MailScanner on a single server and 
it seems to be doing fine.  Key is to have LOTS of memory.  The memory 
signature of MailScanner is fairly large (50MB).  Because of that I have 
cut the max children down to 2 on all of my zones but they are pretty 
light mail traffic.  I haven?t done the rapid-deployment thing since my 
environment is very static.  There?s plenty of documentation on how to 
deploy zones out there.

Eduardo Casarero wrote:
> Hi guys, i know that it's not recomendable to run MS on virtualized HW
> because of it's high cpu/io load. However, i'm doing some research
> because my boss required it.
>
> What products do you think that will work best? VMware? Xen? The
> objective is that it has to be simple and quick to deploy. Also will
> be useful in case the HW dies, so you quickly can have the emails
> flowing (may be with delay, but working), until HW gets repaired.
>
> We all know that installing MS servers takes a while, so having a
> pre-installed image will reduce times.
>
> Any thoughts?
>
> Everything will be appreciated.
>
> Eduardo.
>   

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From shuttlebox at gmail.com  Fri Jul  4 15:25:36 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri Jul  4 15:25:46 2008
Subject: OT: Run MScanner in a virtualized environment.
In-Reply-To: <486E2B3F.8070407@bobwickline.com>
References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>
	<486E2B3F.8070407@bobwickline.com>
Message-ID: <625385e30807040725t6557eaf7rdb337b843c1b4843@mail.gmail.com>

On Fri, Jul 4, 2008 at 3:53 PM, Bob Wickline <wick@bobwickline.com> wrote:
> I have a dozen Solaris zones running MailScanner on a single server and it
> seems to be doing fine.  Key is to have LOTS of memory.  The memory
> signature of MailScanner is fairly large (50MB).  Because of that I have cut
> the max children down to 2 on all of my zones but they are pretty light mail
> traffic.  I haven?t done the rapid-deployment thing since my environment is
> very static.  There?s plenty of documentation on how to deploy zones out
> there.

Interesting. I'm just curious to know if you use the tar based
MailScanner or the Blastwave package or something else?

I package MailScanner for the Blastwave project and I'm always
interested in feedback about it.

http://www.blastwave.org/packages.php/mailscanner

-- 
Simone de Beauvoir  - "To catch a husband is an art; to hold him is a job."
From wick at bobwickline.com  Fri Jul  4 15:31:29 2008
From: wick at bobwickline.com (Bob Wickline)
Date: Fri Jul  4 15:31:57 2008
Subject: OT: Run MScanner in a virtualized environment.
In-Reply-To: <625385e30807040725t6557eaf7rdb337b843c1b4843@mail.gmail.com>
References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>	<486E2B3F.8070407@bobwickline.com>
	<625385e30807040725t6557eaf7rdb337b843c1b4843@mail.gmail.com>
Message-ID: <486E3441.303@bobwickline.com>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080704/abb9f546/attachment.html
From spamlists at coders.co.uk  Fri Jul  4 15:32:20 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Fri Jul  4 15:33:42 2008
Subject: OT: Run MScanner in a virtualized environment.
In-Reply-To: <486E2B3F.8070407@bobwickline.com>
References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>
	<486E2B3F.8070407@bobwickline.com>
Message-ID: <486E3474.1020804@coders.co.uk>

Bob Wickline wrote:
> I have a dozen Solaris zones running MailScanner on a single server 
> and it seems to be doing fine.  Key is to have LOTS of memory.  The 
> memory signature of MailScanner is fairly large (50MB).  Because of 
> that I have cut the max children down to 2 on all of my zones but they 
> are pretty light mail traffic.  I haven?t done the rapid-deployment 
> thing since my environment is very static.  There?s plenty of 
> documentation on how to deploy zones out there.
The memory is more from the number of Spamassassin rules that you have - 
and also if you use ClamAVModule you have those signatures in memory 
too.  This can be reduced by using Clamd as then you only have one set 
of the Clamd signatures in memory.

matt
From root at doctor.nl2k.ab.ca  Fri Jul  4 22:59:37 2008
From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
	Problem)
Date: Fri Jul  4 23:45:48 2008
Subject: Slight inconsistency
Message-ID: <20080704215937.GA821@doctor.nl2k.ab.ca>

Right just implented the latest beta on both machines using antiword
support.

I have to flush the queue using sendmail and not the headers on one
machine is not attaching.

What do I need to look for?



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From root at doctor.nl2k.ab.ca  Fri Jul  4 23:42:09 2008
From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
	Problem)
Date: Sat Jul  5 00:04:44 2008
Subject: Some problems thanks to Clamav 0.93.1
Message-ID: <20080704224209.GA3048@doctor.nl2k.ab.ca>

I understand Clamav 0.93.2 could be coming.

Interesting:  I got

MailScanner.conf says "Virus Scanners = clamav clamavmodule  clamd"
Found these virus scanners installed: clamavmodule
===========================================================================
Virus and Content Scanning: Starting
trap: Illegal number: EXIT
/var/spool/MailScanner/incoming/2724/./1/eicar.com: Eicar-Test-Signature FOUND

trap: Illegal number: EXIT
Virus Scanning: ClamAV found 1 infections
ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com
Virus Scanning: ClamAVModule found 1 infections
Cannot find Socket (/tmp/clamd) Exiting! at /opt/MailScanner/lib/MailScanner/SweepViruses.pm line 3461
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
Filename Checks:  (1 eicar.com)
Other Checks: Found 1 problems
===========================================================================
Virus Scanner test reports:
ClamAV said "eicar.com contains Eicar-Test-Signature"
ClamAVModule said "eicar.com was infected: Eicar-Test-Signature"

If any of your virus scanners (clamavmodule)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf. 


Also in MailScanner.conf for clamav users thanks to Clamav 0.93.2 you need:

Monitors for ClamAV Updates = /usr/contrib/share/clamav/*.inc/* /usr/contrib/share/clamav/*.cvd /usr/contrib/share/clamav/*.cld   

Of course replace contrib with local but .cld is the new extenstion.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ugob at lubik.ca  Sat Jul  5 02:55:55 2008
From: ugob at lubik.ca (Ugo Bellavance)
Date: Sat Jul  5 02:58:00 2008
Subject: OT: Run MScanner in a virtualized environment.
In-Reply-To: <486B2EEB.8020502@anymore.nl>
References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>	<op.udmsf9df53oa6f@ajc5.lan>
	<486B2EEB.8020502@anymore.nl>
Message-ID: <g4mkef$snr$1@ger.gmane.org>

Arjan Schrijver wrote:
> Anthony Cartmell wrote:
>>> Hi guys, i know that it's not recomendable to run MS on virtualized HW
>>> because of it's high cpu/io load. However, i'm doing some research
>>> because my boss required it.
>>
>> I have it running on a high-powered Xen VPS (with 2G RAM available and 
>> eight processor cores shared between the VPS instances) and it works 
>> fine. Only processing ~800 messages per day so probably not a very 
>> useful test though. I'll be moving more mail through it soon, so might 
>> get to see how well it works then. My other server, non VPS but with 
>> the same memory but only twin processors, manages 10,000 messages per 
>> day without much problem.
>>
> Running OpenVZ here (no performance impact), on 4 virtual MailScanner 
> servers. They each process about 40.000 messages a day, through both 
> SpamAssassin and ClamAV. The hardware consists of four servers with 
> 4x2GHz cores and 2GB RAM. Each server runs one container. The 
> performance is exactly the same as when the same servers were running 
> MailScanner natively (not virtualized).
> But this is of course only possible with OpenVZ or Virtuozzo, because it 
> doesn't virtualize the complete hardware but only the kernel.

I also use OpenVZ, about 40 000 emails/day on that gateway, about 800 
000 smtp connects/day (using BarricadeMX).

The server is a quad core xeon, and runs this MailScanner system and an 
asterisk PBX.

Ugo

From lists at openenterprise.ca  Sat Jul  5 03:29:51 2008
From: lists at openenterprise.ca (Johnny Stork)
Date: Sat Jul  5 03:30:07 2008
Subject: Whitelists Still Not Working?
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC8C7D566@city-exch-w3e.cbj.local>
References: <486D681C.4080104@openenterprise.ca>
	<D1587DCF6294524BAFA2C9944312FCC8C7D566@city-exch-w3e.cbj.local>
Message-ID: <486EDC9F.3040504@openenterprise.ca>

I dont think I have SPF running and had been planning to look into it at 
some time in the future. Where should/could I check to be sure?

Kevin Miller wrote:
> Johnny Stork wrote:
>   
>> X-Assp-Received-SPF: pass - Please see
>>
>>     
> http://www.openspf.org/why.html?sender=v-cbilj_bgckiebc_fekkao_fekkao_a%
> 40bounce.mkt1336.com&ip=208.85.55.19&receiver=ASSP.nospam:
>   
>>      208.85.55.19 contains 208.85.55.19 - client-ip=208.85.55.19;
>>     
>
> I'm not sure that it's MailScanner/Spamassassin/MailWatch that's doing
> the neferious deed Johnny.  Following the link in the headers it looks
> like SPF is scrunching the message, but can't explain why.  It knows it
> shouldn't.
>
> Do you have the luxury of running SPF on your MTA and turning it off in
> mailscanner/spamassassin and seeing how that goes?
>
> ...Kevin
>   
From lszabo at ntlworld.com  Sat Jul  5 18:25:30 2008
From: lszabo at ntlworld.com (Laszlo Szabo)
Date: Sat Jul  5 18:25:47 2008
Subject: perl install error mailscanner can't start
Message-ID: <486FAE8A.5020007@ntlworld.com>


*Hi folks!

I'm trying to install to a friend of mine the mailscanner on fedora 9 
but I can't.

It is a new install. I upgraded the whole system before I installed the 
mailscanner.
I tried to upgrade the **perl-Filesys-Df package** from rpmfind to a 
higher package but still does not work.

The mailscanner says when I'm trying to start it:*

         MailScanner:       Can't locate Filesys/Df.pm in @INC (@INC 
contains: /usr/lib/MailScanner 
/usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 
/usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi 
/usr/local/lib/perl5/site_perl/5.10.0 
/usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi 
/usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl . 
/usr/lib/MailScanner) at /usr/sbin/MailScanner line 66.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66.

*I had a look the whole install and I saw few compiling errors like this:*

 # Looks like your test died before it could output anything.
Can't locate IO/Lines.pm in @INC (@INC contains: 
/usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib 
/usr/src/redhat/BUILD/MIME-tools-5.425/blib/arch 
/usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 
/usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi 
/usr/local/lib/perl5/site_perl/5.10.0 
/usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi 
/usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0 
/usr/lib/perl5/vendor_perl . 
/usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 
/usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi 
/usr/local/lib/perl5/site_perl/5.10.0 
/usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi 
/usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at 
/usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Entity.pm line 237.
BEGIN failed--compilation aborted at 
/usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Entity.pm line 237.
Compilation failed in require at t/Smtpsend.t line 7.
BEGIN failed--compilation aborted at t/Smtpsend.t line 7.
# Looks like your test died before it could output anything.
Failed 8/17 test programs. 154/249 subtests failed.
make: *** [test_dynamic] Error 255
error: Bad exit status from /var/tmp/rpm-tmp.75716 (%build)
    Bad exit status from /var/tmp/rpm-tmp.75716 (%build)

*I tried to pipe the install.sh script into a file to take a look later 
what went wrong but it can't be piped cos the external compiler I think.
I tried to install it with nodeps switch no fortune.
So any idea guys?

Julian what do you think what is wrong?

Thanks

Laszlo
*

From hvdkooij at vanderkooij.org  Sat Jul  5 23:45:08 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sat Jul  5 23:45:19 2008
Subject: perl install error mailscanner can't start
In-Reply-To: <486FAE8A.5020007@ntlworld.com>
References: <486FAE8A.5020007@ntlworld.com>
Message-ID: <486FF974.1060408@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laszlo Szabo wrote:
|
| *Hi folks!
|
| I'm trying to install to a friend of mine the mailscanner on fedora 9
| but I can't.

Any good reason to pick a distro that will be obsolete and out of
updates in a year? (Not minding the experimental nature of Fedora.)

| It is a new install. I upgraded the whole system before I installed the
| mailscanner.
| I tried to upgrade the **perl-Filesys-Df package** from rpmfind to a
| higher package but still does not work.
|
| The mailscanner says when I'm trying to start it:*
|
|         MailScanner:       Can't locate Filesys/Df.pm in @INC (@INC
| contains: /usr/lib/MailScanner
| /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0
| /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi
| /usr/local/lib/perl5/site_perl/5.10.0
| /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi
| /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .
| /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66.
| BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66.

Could you try to install: perl-Filesys-DiskFree

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIb/lyBvzDRVjxmYERAus9AJ9GfZ3RjF4xcEQkfbiCJECenprkuQCgslHq
cnSlLgZQ38yT2S3+bPjxlPU=
=MmS3
-----END PGP SIGNATURE-----
From lszabo at ntlworld.com  Sun Jul  6 06:06:30 2008
From: lszabo at ntlworld.com (Laszlo Szabo)
Date: Sun Jul  6 06:06:41 2008
Subject: perl install error mailscanner can't start
References: <486FAE8A.5020007@ntlworld.com> <486FF974.1060408@vanderkooij.org>
Message-ID: <000801c8df26$0ebcbaa0$c800a8c0@l54421a2ab1cd4>

I told him that but no ears at all.
I use myself CentOS and no problem at all.

I know what you mean the "experimental" fedora thingy.
Sometimes I feel some Fedora programmer from M$. :))

I use fedora since born. Actually I started with RedHat 7.0 I have no idea 
why needs to be put
every bloody package from anywhere what they find on the internet.

Obvious I can't decide what he use.
I need to solve this somehow. Maybe I'll use the spamass-milter but I rather 
use MailScenner.

Laszlo


----- Original Message ----- 
From: "Hugo van der Kooij" <hvdkooij@vanderkooij.org>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Saturday, July 05, 2008 11:45 PM
Subject: Re: perl install error mailscanner can't start


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Laszlo Szabo wrote:
> |
> | *Hi folks!
> |
> | I'm trying to install to a friend of mine the mailscanner on fedora 9
> | but I can't.
>
> Any good reason to pick a distro that will be obsolete and out of
> updates in a year? (Not minding the experimental nature of Fedora.)
>
> | It is a new install. I upgraded the whole system before I installed the
> | mailscanner.
> | I tried to upgrade the **perl-Filesys-Df package** from rpmfind to a
> | higher package but still does not work.
> |
> | The mailscanner says when I'm trying to start it:*
> |
> |         MailScanner:       Can't locate Filesys/Df.pm in @INC (@INC
> | contains: /usr/lib/MailScanner
> | /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0
> | /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi
> | /usr/local/lib/perl5/site_perl/5.10.0
> | /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi
> | /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .
> | /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66.
> | BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66.
>
> Could you try to install: perl-Filesys-DiskFree
>
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of conversation.
> >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIb/lyBvzDRVjxmYERAus9AJ9GfZ3RjF4xcEQkfbiCJECenprkuQCgslHq
> cnSlLgZQ38yT2S3+bPjxlPU=
> =MmS3
> -----END PGP SIGNATURE-----
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website! 

From MailScanner at ecs.soton.ac.uk  Sun Jul  6 10:53:13 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sun Jul  6 10:53:54 2008
Subject: perl install error mailscanner can't start
In-Reply-To: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>
Message-ID: <48709609.9050202@ecs.soton.ac.uk>

Make sure that IO-stringy installed properly. This needs to be installed 
before Filesys-Df, and will provide the IO/Lines.pm file which your 
output says it needs.

Laszlo Szabo wrote:
>
> *Hi folks!
>
> I'm trying to install to a friend of mine the mailscanner on fedora 9 
> but I can't.
>
> It is a new install. I upgraded the whole system before I installed 
> the mailscanner.
> I tried to upgrade the **perl-Filesys-Df package** from rpmfind to a 
> higher package but still does not work.
>
> The mailscanner says when I'm trying to start it:*
>
>         MailScanner:       Can't locate Filesys/Df.pm in @INC (@INC 
> contains: /usr/lib/MailScanner 
> /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi 
> /usr/lib/perl5/5.10.0 
> /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi 
> /usr/local/lib/perl5/site_perl/5.10.0 
> /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi 
> /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl . 
> /usr/lib/MailScanner) at /usr/sbin/MailScanner line 66.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 66.
>
> *I had a look the whole install and I saw few compiling errors like 
> this:*
>
> # Looks like your test died before it could output anything.
> Can't locate IO/Lines.pm in @INC (@INC contains: 
> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib 
> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/arch 
> /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi 
> /usr/lib/perl5/5.10.0 
> /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi 
> /usr/local/lib/perl5/site_perl/5.10.0 
> /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi 
> /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0 
> /usr/lib/perl5/vendor_perl . 
> /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi 
> /usr/lib/perl5/5.10.0 
> /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi 
> /usr/local/lib/perl5/site_perl/5.10.0 
> /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi 
> /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at 
> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Entity.pm line 237.
> BEGIN failed--compilation aborted at 
> /usr/src/redhat/BUILD/MIME-tools-5.425/blib/lib/MIME/Entity.pm line 237.
> Compilation failed in require at t/Smtpsend.t line 7.
> BEGIN failed--compilation aborted at t/Smtpsend.t line 7.
> # Looks like your test died before it could output anything.
> Failed 8/17 test programs. 154/249 subtests failed.
> make: *** [test_dynamic] Error 255
> error: Bad exit status from /var/tmp/rpm-tmp.75716 (%build)
>    Bad exit status from /var/tmp/rpm-tmp.75716 (%build)
>
> *I tried to pipe the install.sh script into a file to take a look 
> later what went wrong but it can't be piped cos the external compiler 
> I think.
> I tried to install it with nodeps switch no fortune.
> So any idea guys?
>
> Julian what do you think what is wrong?
>
> Thanks
>
> Laszlo
> *
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Sun Jul  6 22:18:18 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Sun Jul  6 22:18:30 2008
Subject: Whitelists Still Not Working?
In-Reply-To: <486D681C.4080104@openenterprise.ca>
References: <486D681C.4080104@openenterprise.ca>
Message-ID: <g4rcql$p3e$1@ger.gmane.org>

on 7-3-2008 5:00 PM Johnny Stork spake the following:
> I sure hope someone can help with this. I have tried this list as well 
> as the mailwatch list but have not had anyone respond with any helpful 
> info. I am sure this must be pretty simple for those that know what they 
> are doing. Here are the details.
> 
> Most recent version of MS and MW running on CentOS 5x
> 
> Mailscanner.conf setting = Is Definitely Not Spam = &SQLWhitelist
> 
> And in the "Lists" section of MW, I have many domains listed as 
> domain.com (without the @ or a specific adddress). Below is an example 
> of whats listed in the "Lists" page of MW and it shows clearly that 
> "futureshop.com" is listed.
> 
> futureshop.com     default     Delete 
> <http://192.168.10.2/Content/Secure/Mailwatch/lists.php?submit=Delete&id=156&list=w> 
> 
> 
> 
> And here are the headers for a message that just came in and was tagged 
> as SPAM.  You can see that the from field is " From: Future Shop 
> Newsletter <newsletter@futureshop.com>" so why would this not be 
> whitelisted?
> 
> Can someone please suggest anything that might help?
> 
Are you sure that your sql connection settings are correct in the 
SQLBlackWhiteList.pm file?


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080706/7e46914b/signature.bin
From peter at farrows.org  Sun Jul  6 22:36:59 2008
From: peter at farrows.org (Peter Farrow)
Date: Sun Jul  6 22:37:24 2008
Subject: Whitelists Still Not Working?
In-Reply-To: <g4rcql$p3e$1@ger.gmane.org>
References: <486D681C.4080104@openenterprise.ca> <g4rcql$p3e$1@ger.gmane.org>
Message-ID: <48713AFB.5020100@farrows.org>

Scott Silva wrote:
> on 7-3-2008 5:00 PM Johnny Stork spake the following:
>> I sure hope someone can help with this. I have tried this list as 
>> well as the mailwatch list but have not had anyone respond with any 
>> helpful info. I am sure this must be pretty simple for those that 
>> know what they are doing. Here are the details.
>>
>> Most recent version of MS and MW running on CentOS 5x
>>
>> Mailscanner.conf setting = Is Definitely Not Spam = &SQLWhitelist
>>
>> And in the "Lists" section of MW, I have many domains listed as 
>> domain.com (without the @ or a specific adddress). Below is an 
>> example of whats listed in the "Lists" page of MW and it shows 
>> clearly that "futureshop.com" is listed.
>>
>> futureshop.com     default     Delete 
>> <http://192.168.10.2/Content/Secure/Mailwatch/lists.php?submit=Delete&id=156&list=w> 
>>
>>
>>
>> And here are the headers for a message that just came in and was 
>> tagged as SPAM.  You can see that the from field is " From: Future 
>> Shop Newsletter <newsletter@futureshop.com>" so why would this not be 
>> whitelisted?
>>
>> Can someone please suggest anything that might help?
>>
> Are you sure that your sql connection settings are correct in the 
> SQLBlackWhiteList.pm file?
>
>
Also, you have to create a user called "admin" in mailwatch and set 
whitelists globally there, once you have created the user "admin" you 
can then create other domain and email specific users within the 
mailwatch front end and create whitelists for particular domains and 
even particular email addresses.

Using the supplied user "mailwatch" this never worked for me until I 
created the "admin" user.

Pete




-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From indunil75 at gmail.com  Mon Jul  7 05:05:24 2008
From: indunil75 at gmail.com (Indunil Jayasooriya)
Date: Mon Jul  7 05:05:33 2008
Subject: Maximum Attachment Size
Message-ID: <7ed6b0aa0807062105j14e55009x872aeb9680db12d@mail.gmail.com>

Hi,

I want to setup Maximum Attachment Size.  I want to add size limits to
attachments. I have gone through below steps.

# The maximum size, in bytes, of any attachment in a message.
# If this is set to zero, effectively no attachments are allowed.
# If this is set less than zero, then no size checking is done.
# This can also be the filename of a ruleset, so you can have different
# settings for different users. You might want to set this quite small for
# large mailing lists so they don't get deluged by large attachments.
#Maximum Attachment Size = -1
Maximum Attachment Size = %rules-dir%/max.attachment.size.rules

my max.attachment.size.rules is like this.

[root@osthub MailScanner]# cat rules/max.attachment.size.rules

To:       *@domain1.com     10M
To:       *@domain2.com     20M
From:     user@domain3.com   5M
From:     *@domain3.com     500K
FromOrTo: default           0


Could you Pls let me kmow am I right is setting it up ?



-- 
Thank you
Indunil Jayasooriya
From lucianog at metline.it  Mon Jul  7 09:53:42 2008
From: lucianog at metline.it (Luciano Grego)
Date: Mon Jul  7 09:54:10 2008
Subject: MailScanner on FC8 don't pickup emails
Message-ID: <2431CD8FBF1244489D1E82BB9F65A969@LUCIANO>

Hi,
I' ve installed Fedora Core 8 and updated at latest fix,
then i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and 4.71.2-2).
Sendmail accepts e-mails, but are not produced by Mailscanner.
My MTA is Sendmail 8.14 ( Fedora Core 8 ).
It' s a locking problem?
Must reinstall with --nodeps?

Here 'MailScanner --lint':

Trying to setlogsock(unix)
Read 824 hostnames from the phishing whitelist
Read 3052 hostnames from the phishing blacklist
Checking version numbers...
Version number in MailScanner.conf (4.71.2) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.

Checking for SpamAssassin errors (if you use it)...
SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
ClamAV scanner using unrar command /usr/bin/unrar
Using locktype = flock
MailScanner.conf says "Virus Scanners = clamav"
Found these virus scanners installed: clamavmodule
===========================================================================
Virus and Content Scanning: Starting
/var/spool/MailScanner/incoming/9520/./1/eicar.com: Eicar-Test-Signature FOUND

/var/spool/MailScanner/incoming/9520/./1.message: Eicar-Test-Signature FOUND

Virus Scanning: ClamAV found 2 infections
Infected message 1.message came from
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
Filename Checks:  (1 eicar.com)
Filetype Checks: Allowing 1 eicar.com
Other Checks: Found 1 problems
===========================================================================
Virus Scanner test reports:
ClamAV said "eicar.com contains Eicar-Test-Signature"

If any of your virus scanners (clamavmodule)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.


--

Here 'MailScanner -v':
Running on
Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT 2008 i686 i686 i386 GNU/Linux
This is Fedora release 8 (Werewolf)
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.71.2
Module versions are:
1.00    AnyDBM_File
1.20    Archive::Zip
0.21    bignum
1.04    Carp
2.005   Compress::Zlib
1.119   Convert::BinHex
0.17    Convert::TNEF
2.121_08        Data::Dumper
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
1.08    File::Path
0.20    File::Temp
0.90    Filesys::Df
1.35    HTML::Entities
3.56    HTML::Parser
2.37    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.02    Mail::Header
1.86    Math::BigInt
0.19    Math::BigRat
3.07    MIME::Base64
5.425   MIME::Decoder
5.425   MIME::Decoder::UU
5.425   MIME::Head
5.425   MIME::Parser
3.07    MIME::QuotedPrint
5.425   MIME::Tools
0.11    Net::CIDR
1.25    Net::IP
0.16    OLE::Storage_Lite
1.04    Pod::Escapes
3.05    Pod::Simple
1.09    POSIX
1.19    Scalar::Util
1.78    Socket
2.15    Storable
1.4     Sys::Hostname::Long
0.18    Sys::Syslog
1.26    Test::Pod
0.78    Test::Simple
1.86    Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.34    Archive::Tar
0.21    bignum
1.82    Business::ISBN
1.10    Business::ISBN::Data
1.08    Data::Dump
1.815   DB_File
1.14    DBD::SQLite
1.58    DBI
1.15    Digest
1.01    Digest::HMAC
2.36    Digest::MD5
2.11    Digest::SHA1
1.00    Encode::Detect
0.17010 Error
0.18    ExtUtils::CBuilder
2.18    ExtUtils::ParseXS
2.36    Getopt::Long
0.44    Inline
1.08    IO::String
1.07    IO::Zlib
2.21    IP::Country
0.22    Mail::ClamAV
3.002005        Mail::SpamAssassin
v2.005  Mail::SPF
1.999001        Mail::SPF::Query
0.2808  Module::Build
0.20    Net::CIDR::Lite
0.63    Net::DNS
0.002.2 Net::DNS::Resolver::Programmable
missing Net::LDAP
 4.004  NetAddr::IP
1.94    Parse::RecDescent
missing SAVI
2.64    Test::Harness
0.95    Test::Manifest
1.98    Text::Balanced
1.35    URI
0.7203  version
0.62    YAML

Thanks
 Luciano.



-- 
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/9210520c/attachment.html
From P.G.M.Peters at utwente.nl  Mon Jul  7 09:56:38 2008
From: P.G.M.Peters at utwente.nl (Peter Peters)
Date: Mon Jul  7 09:57:01 2008
Subject: Non-English testers?
In-Reply-To: <486D3C1B.9090604@ecs.soton.ac.uk>
References: <486D352F.1040002@ecs.soton.ac.uk>	<EMEW-k62Lij7a0222bd2aca6defd2f36c98aec5e4fe-0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com>
	<486D3C1B.9090604@ecs.soton.ac.uk>
Message-ID: <4871DA46.8050906@utwente.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote on 3-7-2008 22:52:

>> One other thing, if somebody here could be so kind to try out Office
>> 2007 documents and/or Word documents with pictures and stuff embedded
>> within which *themselves* have international characters... Well, just
>> to be on the exaggerated safe side, if you catch my drift.
> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword doesn't
> support them. If anyone has a way of managing to read them, I would be
> very interested to hear it. Or even just some helpful ideas.

According to
http://www.oooninja.com/2008/01/convert-openxml-docx-etc-in-linux-using.html
odfconverter also supports docx. I haven't been able to test it because
I don't have access to a docx file.

- --
Peter Peters, Teamleider Unix/Linux-Beheer
ICT-Servicecentrum
Universiteit Twente, Postbus 217, 7500 AE Enschede
Telefoon 053 489 2301, Fax 053 489 2383,
P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIcdpFelLo80lrIdIRAvglAKCYBJ0XPQ1+21G8aWNp3Ufma5XeVwCaAlGh
ZKs/loX0ox0QnWvoMP+cbRc=
=45rn
-----END PGP SIGNATURE-----
From martinh at solidstatelogic.com  Mon Jul  7 10:06:45 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jul  7 10:06:57 2008
Subject: MailScanner on FC8 don't pickup emails
In-Reply-To: <2431CD8FBF1244489D1E82BB9F65A969@LUCIANO>
Message-ID: <185efaccb55a9649993b016868eb0918@solidstatelogic.com>

I would have thought you'd need to change the Lock Type to the default (blank) as sendmail 8.14 usually uses posix (unless fedora change this)

Also a "MailScanner --debug --debug-sa" output to a pastebin or web page (as they can be large) would be interesting to see?

What install instructions have you followed?

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Luciano Grego
> Sent: 07 July 2008 09:54
> To: mailscanner@lists.mailscanner.info
> Subject: MailScanner on FC8 don't pickup emails
>
> Hi,
> I' ve installed Fedora Core 8 and updated at latest fix, then
> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and 4.71.2-2).
> Sendmail accepts e-mails, but are not produced by Mailscanner.
> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
> It' s a locking problem?
> Must reinstall with --nodeps?
>
> Here 'MailScanner --lint':
>
> Trying to setlogsock(unix)
> Read 824 hostnames from the phishing whitelist Read 3052
> hostnames from the phishing blacklist Checking version numbers...
> Version number in MailScanner.conf (4.71.2) is correct.
>
> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>
> Checking for SpamAssassin errors (if you use it)...
> SpamAssassin temporary working directory is
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> SpamAssassin temp dir =
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Using SpamAssassin results cache
> Connected to SpamAssassin cache database SpamAssassin
> reported no errors.
> ClamAV scanner using unrar command /usr/bin/unrar Using
> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
> Found these virus scanners installed: clamavmodule
> ==============================================================
> =============
> Virus and Content Scanning: Starting
> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
> Eicar-Test-Signature FOUND
>
> /var/spool/MailScanner/incoming/9520/./1.message:
> Eicar-Test-Signature FOUND
>
> Virus Scanning: ClamAV found 2 infections Infected message
> 1.message came from Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses Filename Checks:  (1
> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
> Checks: Found 1 problems
> ==============================================================
> =============
> Virus Scanner test reports:
> ClamAV said "eicar.com contains Eicar-Test-Signature"
>
> If any of your virus scanners (clamavmodule) are not listed
> there, you should check that they are installed correctly and
> that MailScanner is finding them correctly via its
> virus.scanners.conf.
>
>
> --
>
> Here 'MailScanner -v':
> Running on
> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
> (Werewolf) This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.71.2
> Module versions are:
> 1.00    AnyDBM_File
> 1.20    Archive::Zip
> 0.21    bignum
> 1.04    Carp
> 2.005   Compress::Zlib
> 1.119   Convert::BinHex
> 0.17    Convert::TNEF
> 2.121_08        Data::Dumper
> 2.27    Date::Parse
> 1.00    DirHandle
> 1.05    Fcntl
> 2.74    File::Basename
> 2.09    File::Copy
> 2.01    FileHandle
> 1.08    File::Path
> 0.20    File::Temp
> 0.90    Filesys::Df
> 1.35    HTML::Entities
> 3.56    HTML::Parser
> 2.37    HTML::TokeParser
> 1.23    IO
> 1.14    IO::File
> 1.13    IO::Pipe
> 2.02    Mail::Header
> 1.86    Math::BigInt
> 0.19    Math::BigRat
> 3.07    MIME::Base64
> 5.425   MIME::Decoder
> 5.425   MIME::Decoder::UU
> 5.425   MIME::Head
> 5.425   MIME::Parser
> 3.07    MIME::QuotedPrint
> 5.425   MIME::Tools
> 0.11    Net::CIDR
> 1.25    Net::IP
> 0.16    OLE::Storage_Lite
> 1.04    Pod::Escapes
> 3.05    Pod::Simple
> 1.09    POSIX
> 1.19    Scalar::Util
> 1.78    Socket
> 2.15    Storable
> 1.4     Sys::Hostname::Long
> 0.18    Sys::Syslog
> 1.26    Test::Pod
> 0.78    Test::Simple
> 1.86    Time::HiRes
> 1.02    Time::localtime
>
> Optional module versions are:
> 1.34    Archive::Tar
> 0.21    bignum
> 1.82    Business::ISBN
> 1.10    Business::ISBN::Data
> 1.08    Data::Dump
> 1.815   DB_File
> 1.14    DBD::SQLite
> 1.58    DBI
> 1.15    Digest
> 1.01    Digest::HMAC
> 2.36    Digest::MD5
> 2.11    Digest::SHA1
> 1.00    Encode::Detect
> 0.17010 Error
> 0.18    ExtUtils::CBuilder
> 2.18    ExtUtils::ParseXS
> 2.36    Getopt::Long
> 0.44    Inline
> 1.08    IO::String
> 1.07    IO::Zlib
> 2.21    IP::Country
> 0.22    Mail::ClamAV
> 3.002005        Mail::SpamAssassin
> v2.005  Mail::SPF
> 1.999001        Mail::SPF::Query
> 0.2808  Module::Build
> 0.20    Net::CIDR::Lite
> 0.63    Net::DNS
> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>  4.004  NetAddr::IP
> 1.94    Parse::RecDescent
> missing SAVI
> 2.64    Test::Harness
> 0.95    Test::Manifest
> 1.98    Text::Balanced
> 1.35    URI
> 0.7203  version
> 0.62    YAML
>
> Thanks
>  Luciano.
>
>
>
>
> --
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner
> <http://www.mailscanner.info/> , ed e'
> risultato non infetto.
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From lucianog at metline.it  Mon Jul  7 10:59:46 2008
From: lucianog at metline.it (Luciano Grego)
Date: Mon Jul  7 11:00:05 2008
Subject: MailScanner on FC8 don't pickup emails
References: <185efaccb55a9649993b016868eb0918@solidstatelogic.com>
Message-ID: <3E67C826329F45E491433A4A01DCFAD6@LUCIANO>


----- Original Message ----- 
From: "Martin.Hepworth" <martinh@solidstatelogic.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Monday, July 07, 2008 11:06 AM
Subject: RE: MailScanner on FC8 don't pickup emails


>I would have thought you'd need to change the Lock Type to the default 
>(blank) as sendmail 8.14 usually uses posix (unless fedora change this)
>
> Also a "MailScanner --debug --debug-sa" output to a pastebin or web page 
> (as they can be large) would be interesting to see?
>
> What install instructions have you followed?
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Luciano Grego
>> Sent: 07 July 2008 09:54
>> To: mailscanner@lists.mailscanner.info
>> Subject: MailScanner on FC8 don't pickup emails
>>
>> Hi,
>> I' ve installed Fedora Core 8 and updated at latest fix, then
>> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and 4.71.2-2).
>> Sendmail accepts e-mails, but are not produced by Mailscanner.
>> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
>> It' s a locking problem?
>> Must reinstall with --nodeps?
>>
>> Here 'MailScanner --lint':
>>
>> Trying to setlogsock(unix)
>> Read 824 hostnames from the phishing whitelist Read 3052
>> hostnames from the phishing blacklist Checking version numbers...
>> Version number in MailScanner.conf (4.71.2) is correct.
>>
>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>
>> Checking for SpamAssassin errors (if you use it)...
>> SpamAssassin temporary working directory is
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> SpamAssassin temp dir =
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> Using SpamAssassin results cache
>> Connected to SpamAssassin cache database SpamAssassin
>> reported no errors.
>> ClamAV scanner using unrar command /usr/bin/unrar Using
>> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
>> Found these virus scanners installed: clamavmodule
>> ==============================================================
>> =============
>> Virus and Content Scanning: Starting
>> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
>> Eicar-Test-Signature FOUND
>>
>> /var/spool/MailScanner/incoming/9520/./1.message:
>> Eicar-Test-Signature FOUND
>>
>> Virus Scanning: ClamAV found 2 infections Infected message
>> 1.message came from Infected message 1 came from 10.1.1.1
>> Virus Scanning: Found 2 viruses Filename Checks:  (1
>> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
>> Checks: Found 1 problems
>> ==============================================================
>> =============
>> Virus Scanner test reports:
>> ClamAV said "eicar.com contains Eicar-Test-Signature"
>>
>> If any of your virus scanners (clamavmodule) are not listed
>> there, you should check that they are installed correctly and
>> that MailScanner is finding them correctly via its
>> virus.scanners.conf.
>>
>>
>> --
>>
>> Here 'MailScanner -v':
>> Running on
>> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
>> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
>> (Werewolf) This is Perl version 5.008008 (5.8.8)
>>
>> This is MailScanner version 4.71.2
>> Module versions are:
>> 1.00    AnyDBM_File
>> 1.20    Archive::Zip
>> 0.21    bignum
>> 1.04    Carp
>> 2.005   Compress::Zlib
>> 1.119   Convert::BinHex
>> 0.17    Convert::TNEF
>> 2.121_08        Data::Dumper
>> 2.27    Date::Parse
>> 1.00    DirHandle
>> 1.05    Fcntl
>> 2.74    File::Basename
>> 2.09    File::Copy
>> 2.01    FileHandle
>> 1.08    File::Path
>> 0.20    File::Temp
>> 0.90    Filesys::Df
>> 1.35    HTML::Entities
>> 3.56    HTML::Parser
>> 2.37    HTML::TokeParser
>> 1.23    IO
>> 1.14    IO::File
>> 1.13    IO::Pipe
>> 2.02    Mail::Header
>> 1.86    Math::BigInt
>> 0.19    Math::BigRat
>> 3.07    MIME::Base64
>> 5.425   MIME::Decoder
>> 5.425   MIME::Decoder::UU
>> 5.425   MIME::Head
>> 5.425   MIME::Parser
>> 3.07    MIME::QuotedPrint
>> 5.425   MIME::Tools
>> 0.11    Net::CIDR
>> 1.25    Net::IP
>> 0.16    OLE::Storage_Lite
>> 1.04    Pod::Escapes
>> 3.05    Pod::Simple
>> 1.09    POSIX
>> 1.19    Scalar::Util
>> 1.78    Socket
>> 2.15    Storable
>> 1.4     Sys::Hostname::Long
>> 0.18    Sys::Syslog
>> 1.26    Test::Pod
>> 0.78    Test::Simple
>> 1.86    Time::HiRes
>> 1.02    Time::localtime
>>
>> Optional module versions are:
>> 1.34    Archive::Tar
>> 0.21    bignum
>> 1.82    Business::ISBN
>> 1.10    Business::ISBN::Data
>> 1.08    Data::Dump
>> 1.815   DB_File
>> 1.14    DBD::SQLite
>> 1.58    DBI
>> 1.15    Digest
>> 1.01    Digest::HMAC
>> 2.36    Digest::MD5
>> 2.11    Digest::SHA1
>> 1.00    Encode::Detect
>> 0.17010 Error
>> 0.18    ExtUtils::CBuilder
>> 2.18    ExtUtils::ParseXS
>> 2.36    Getopt::Long
>> 0.44    Inline
>> 1.08    IO::String
>> 1.07    IO::Zlib
>> 2.21    IP::Country
>> 0.22    Mail::ClamAV
>> 3.002005        Mail::SpamAssassin
>> v2.005  Mail::SPF
>> 1.999001        Mail::SPF::Query
>> 0.2808  Module::Build
>> 0.20    Net::CIDR::Lite
>> 0.63    Net::DNS
>> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>>  4.004  NetAddr::IP
>> 1.94    Parse::RecDescent
>> missing SAVI
>> 2.64    Test::Harness
>> 0.95    Test::Manifest
>> 1.98    Text::Balanced
>> 1.35    URI
>> 0.7203  version
>> 0.62    YAML
>>
>> Thanks
>>  Luciano.
>>
>>
>>
>>
>> --
>> Il messaggio e' stato analizzato alla ricerca di virus o
>> contenuti pericolosi da MailScanner
>> <http://www.mailscanner.info/> , ed e'
>> risultato non infetto.
>>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> -- 
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.
>
>

HI Martin,
Lock Type = flock
 ... for test my ideas ...

I've setup this Mailscanner box for my client and
i' ve reboot the machine friday at 18:45 with new params.
Now i'm checking logs and i see Mailscanner pickup messages from Sunday at 
15:00. None first!
MailScanner needs more time for starting up?

I' ve put
Lock Type =
now and
'service MailScanner restart'.
Thank you.
L.





-- 
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.

From martinh at solidstatelogic.com  Mon Jul  7 11:08:19 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jul  7 11:08:32 2008
Subject: MailScanner on FC8 don't pickup emails
In-Reply-To: <3E67C826329F45E491433A4A01DCFAD6@LUCIANO>
Message-ID: <22c28cd18b8a8445861e6ca828c11786@solidstatelogic.com>




> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Luciano Grego
> Sent: 07 July 2008 11:00
> To: MailScanner discussion
> Subject: Re: MailScanner on FC8 don't pickup emails
>
>
> ----- Original Message -----
> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Monday, July 07, 2008 11:06 AM
> Subject: RE: MailScanner on FC8 don't pickup emails
>
>
> >I would have thought you'd need to change the Lock Type to
> the default
> >(blank) as sendmail 8.14 usually uses posix (unless fedora
> change this)
> >
> > Also a "MailScanner --debug --debug-sa" output to a
> pastebin or web page
> > (as they can be large) would be interesting to see?
> >
> > What install instructions have you followed?
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> >> Of Luciano Grego
> >> Sent: 07 July 2008 09:54
> >> To: mailscanner@lists.mailscanner.info
> >> Subject: MailScanner on FC8 don't pickup emails
> >>
> >> Hi,
> >> I' ve installed Fedora Core 8 and updated at latest fix, then
> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
> 4.71.2-2).
> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
> >> It' s a locking problem?
> >> Must reinstall with --nodeps?
> >>
> >> Here 'MailScanner --lint':
> >>
> >> Trying to setlogsock(unix)
> >> Read 824 hostnames from the phishing whitelist Read 3052
> >> hostnames from the phishing blacklist Checking version numbers...
> >> Version number in MailScanner.conf (4.71.2) is correct.
> >>
> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
> >>
> >> Checking for SpamAssassin errors (if you use it)...
> >> SpamAssassin temporary working directory is
> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> >> SpamAssassin temp dir =
> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> >> Using SpamAssassin results cache
> >> Connected to SpamAssassin cache database SpamAssassin
> >> reported no errors.
> >> ClamAV scanner using unrar command /usr/bin/unrar Using
> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
> >> Found these virus scanners installed: clamavmodule
> >> ==============================================================
> >> =============
> >> Virus and Content Scanning: Starting
> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
> >> Eicar-Test-Signature FOUND
> >>
> >> /var/spool/MailScanner/incoming/9520/./1.message:
> >> Eicar-Test-Signature FOUND
> >>
> >> Virus Scanning: ClamAV found 2 infections Infected message
> >> 1.message came from Infected message 1 came from 10.1.1.1
> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
> >> Checks: Found 1 problems
> >> ==============================================================
> >> =============
> >> Virus Scanner test reports:
> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
> >>
> >> If any of your virus scanners (clamavmodule) are not listed
> >> there, you should check that they are installed correctly and
> >> that MailScanner is finding them correctly via its
> >> virus.scanners.conf.
> >>
> >>
> >> --
> >>
> >> Here 'MailScanner -v':
> >> Running on
> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
> >>
> >> This is MailScanner version 4.71.2
> >> Module versions are:
> >> 1.00    AnyDBM_File
> >> 1.20    Archive::Zip
> >> 0.21    bignum
> >> 1.04    Carp
> >> 2.005   Compress::Zlib
> >> 1.119   Convert::BinHex
> >> 0.17    Convert::TNEF
> >> 2.121_08        Data::Dumper
> >> 2.27    Date::Parse
> >> 1.00    DirHandle
> >> 1.05    Fcntl
> >> 2.74    File::Basename
> >> 2.09    File::Copy
> >> 2.01    FileHandle
> >> 1.08    File::Path
> >> 0.20    File::Temp
> >> 0.90    Filesys::Df
> >> 1.35    HTML::Entities
> >> 3.56    HTML::Parser
> >> 2.37    HTML::TokeParser
> >> 1.23    IO
> >> 1.14    IO::File
> >> 1.13    IO::Pipe
> >> 2.02    Mail::Header
> >> 1.86    Math::BigInt
> >> 0.19    Math::BigRat
> >> 3.07    MIME::Base64
> >> 5.425   MIME::Decoder
> >> 5.425   MIME::Decoder::UU
> >> 5.425   MIME::Head
> >> 5.425   MIME::Parser
> >> 3.07    MIME::QuotedPrint
> >> 5.425   MIME::Tools
> >> 0.11    Net::CIDR
> >> 1.25    Net::IP
> >> 0.16    OLE::Storage_Lite
> >> 1.04    Pod::Escapes
> >> 3.05    Pod::Simple
> >> 1.09    POSIX
> >> 1.19    Scalar::Util
> >> 1.78    Socket
> >> 2.15    Storable
> >> 1.4     Sys::Hostname::Long
> >> 0.18    Sys::Syslog
> >> 1.26    Test::Pod
> >> 0.78    Test::Simple
> >> 1.86    Time::HiRes
> >> 1.02    Time::localtime
> >>
> >> Optional module versions are:
> >> 1.34    Archive::Tar
> >> 0.21    bignum
> >> 1.82    Business::ISBN
> >> 1.10    Business::ISBN::Data
> >> 1.08    Data::Dump
> >> 1.815   DB_File
> >> 1.14    DBD::SQLite
> >> 1.58    DBI
> >> 1.15    Digest
> >> 1.01    Digest::HMAC
> >> 2.36    Digest::MD5
> >> 2.11    Digest::SHA1
> >> 1.00    Encode::Detect
> >> 0.17010 Error
> >> 0.18    ExtUtils::CBuilder
> >> 2.18    ExtUtils::ParseXS
> >> 2.36    Getopt::Long
> >> 0.44    Inline
> >> 1.08    IO::String
> >> 1.07    IO::Zlib
> >> 2.21    IP::Country
> >> 0.22    Mail::ClamAV
> >> 3.002005        Mail::SpamAssassin
> >> v2.005  Mail::SPF
> >> 1.999001        Mail::SPF::Query
> >> 0.2808  Module::Build
> >> 0.20    Net::CIDR::Lite
> >> 0.63    Net::DNS
> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
> >>  4.004  NetAddr::IP
> >> 1.94    Parse::RecDescent
> >> missing SAVI
> >> 2.64    Test::Harness
> >> 0.95    Test::Manifest
> >> 1.98    Text::Balanced
> >> 1.35    URI
> >> 0.7203  version
> >> 0.62    YAML
> >>
> >> Thanks
> >>  Luciano.
> >>

> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> > --
> > Il messaggio e' stato analizzato alla ricerca di virus o
> > contenuti pericolosi da MailScanner, ed e'
> > risultato non infetto.
> >
> >
>
> HI Martin,
> Lock Type = flock
>  ... for test my ideas ...
>
> I've setup this Mailscanner box for my client and
> i' ve reboot the machine friday at 18:45 with new params.
> Now i'm checking logs and i see Mailscanner pickup messages
> from Sunday at
> 15:00. None first!
> MailScanner needs more time for starting up?
>
> I' ve put
> Lock Type =
> now and
> 'service MailScanner restart'.
> Thank you.
> L.
>
>

Hi

Anything in the maillog reguarding mailScanner???

Should only take a few seconds to get going.

I'd drop to debug and see if you can spot anything.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300





**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From lucianog at metline.it  Mon Jul  7 11:33:43 2008
From: lucianog at metline.it (Luciano Grego)
Date: Mon Jul  7 11:34:29 2008
Subject: MailScanner on FC8 don't pickup emails
References: <22c28cd18b8a8445861e6ca828c11786@solidstatelogic.com>
Message-ID: <461154D3BC314695B971D5B750769C3D@LUCIANO>

Hi,
Excuse me for long list ...
But ... in debug mode i should see the email passing through MailScanner?

I have not answered your question first:  What install instructions have you 
followed?
I' ve follow the INSTALL file guide. Untar src file and ./install.sh.

--

mail  root  [ /var/log ] MailScanner --debug --debug-sa
In Debugging mode, not forking...
Trying to setlogsock(unix)
12:23:04 SpamAssassin temp dir = 
/var/spool/MailScanner/incoming/SpamAssassin-Temp
12:23:04 [10417] dbg: logger: adding facilities: all
12:23:04 [10417] dbg: logger: logging level is DBG
12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5
12:23:04 [10417] dbg: config: score set 0 chosen.
12:23:04 [10417] dbg: util: running in taint mode? no
12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes
12:23:04 [10417] dbg: dns: Net::DNS version: 0.63
12:23:04 [10417] dbg: ignore: test message to precompile patterns and load 
modules
12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site rules 
pre files
12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/init.pre
12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v310.pre
12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v312.pre
12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v320.pre
12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for sys 
rules pre files
12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for 
default rules dir
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site rules 
dir
12:23:04 [10417] dbg: config: read file 
/etc/mail/spamassassin/mailscanner.cf
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from 
@INC
12:23:04 [10417] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::RelayCountry from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 
from @INC
12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from 
@INC
12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor
12:23:04 [10417] dbg: plugin: did not register 
Mail::SpamAssassin::Plugin::Razor2, already registered
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop 
from @INC
12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from 
@INC
12:23:04 [10417] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
12:23:04 [10417] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader 
from @INC
12:23:04 [10417] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::ReplaceTags from @INC
12:23:04 [10417] dbg: plugin: did not register 
Mail::SpamAssassin::Plugin::RelayCountry, already registered
12:23:04 [10417] dbg: plugin: did not register 
Mail::SpamAssassin::Plugin::SPF, already registered
12:23:04 [10417] dbg: plugin: did not register 
Mail::SpamAssassin::Plugin::URIDNSBL, already registered
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from 
@INC
12:23:04 [10417] dbg: plugin: loading 
Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from 
@INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce 
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo 
from @INC
12:23:04 [10417] dbg: plugin: did not register 
Mail::SpamAssassin::Plugin::RelayCountry, already registered
12:23:04 [10417] dbg: plugin: did not register 
Mail::SpamAssassin::Plugin::SPF, already registered
12:23:04 [10417] dbg: plugin: did not register 
Mail::SpamAssassin::Plugin::URIDNSBL, already registered
12:23:04 [10417] dbg: plugin: did not register 
Mail::SpamAssassin::Plugin::Razor2, already registered
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for 
included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
12:23:04 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
12:23:04 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf" 
for included file
12:23:04 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
12:23:05 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
12:23:05 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf" 
for included file
12:23:05 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
12:23:05 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
12:23:05 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" for 
included file
12:23:05 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
12:23:05 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
12:23:05 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" for 
included file
12:23:05 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
12:23:05 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
12:23:05 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" for 
included file
12:23:05 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
12:23:05 [10417] dbg: config: fixed relative path: 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
12:23:05 [10417] dbg: config: using 
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf" 
for included file
12:23:05 [10417] dbg: config: read file 
/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA
12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E
12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E 
__MO_OL_F3B05
12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates: 
__RATWARE_0_TZ_DATE
12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 
__XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF 
__XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01
12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA
12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: 
HS_SUBJ_NEW_SOFTWARE
12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: 
__HAS_MSMAIL_PRI
12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A
12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C 
__XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 
__XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8
12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 
__MO_OL_CF0C0
12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 
KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6
12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 
__MO_OL_ADFF7
12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6
12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB 
__MO_OL_7533E
12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40
12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: 
__HAS_ANY_URI
12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B
12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: 
BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF 
DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 
HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE 
URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS 
URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED 
XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING
12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E
12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8
12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01
12:23:05 [10417] dbg: conf: finish parsing
12:23:05 [10417] dbg: plugin: 
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) implements 
'finish_parsing_end', priority 0
12:23:05 [10417] dbg: replacetags: replacing tags
12:23:05 [10417] dbg: replacetags: done replacing tags
12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O 
/etc/MailScanner/bayes/bayes__toks
12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O 
/etc/MailScanner/bayes/bayes__seen
12:23:05 [10417] dbg: bayes: found bayes db version 3
12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in 
bayes DB < 200
12:23:05 [10417] dbg: bayes: untie-ing
12:23:05 [10417] dbg: config: score set 1 chosen.
12:23:05 [10417] dbg: message: main message type: text/plain
12:23:05 [10417] dbg: message: ---- MIME PARSER START ----
12:23:05 [10417] dbg: message: parsing normal part
12:23:05 [10417] dbg: message: ---- MIME PARSER END ----
12:23:05 [10417] dbg: plugin: 
Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) implements 
'check_start', priority 0
12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O 
/etc/MailScanner/bayes/bayes__toks
12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O 
/etc/MailScanner/bayes/bayes__seen
12:23:05 [10417] dbg: bayes: found bayes db version 3
12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in 
bayes DB < 200
12:23:05 [10417] dbg: bayes: untie-ing
12:23:05 [10417] dbg: plugin: 
Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements 'check_main', 
priority 0
12:23:05 [10417] dbg: conf: trusted_networks are not configured; it is 
recommended that you configure trusted_networks manually
12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted:
12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted:
12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal:
12:23:05 [10417] dbg: metadata: X-Spam-Relays-External:
12:23:05 [10417] dbg: plugin: 
Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements 
'extract_metadata', priority 0
12:23:05 [10417] dbg: metadata: X-Relay-Countries:
12:23:05 [10417] dbg: message: no encoding detected
12:23:05 [10417] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) implements 
'parsed_metadata', priority 0
12:23:05 [10417] dbg: plugin: 
Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements 
'parsed_metadata', priority 0
12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes
12:23:05 [10417] dbg: dns: Net::DNS version: 0.63
12:23:05 [10417] dbg: dns: name server: 85.42.104.18, LocalAddr: 0.0.0.0
12:23:05 [10417] dbg: dns: resolver socket rx buffer size is 110592 bytes
12:23:05 [10417] dbg: dns: dns_available set to yes in config file, skipping 
test
12:23:05 [10417] dbg: uridnsbl: domains to query:
12:23:05 [10417] dbg: dns: checking RBL sa-other.bondedsender.org., set 
bsp-untrusted
12:23:05 [10417] dbg: dns: checking RBL plus.bondedsender.org., set 
ssc-firsttrusted
12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl
12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop
12:23:05 [10417] dbg: dns: checking RBL dob.sibl.support-intelligence.net., 
set dob
12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set 
zen-lastexternal
12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set 
sorbs-lastexternal
12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set 
zen-lastexternal
12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set 
dnswl-firsttrusted
12:23:05 [10417] dbg: dns: checking RBL sa-accredit.habeas.com., set 
habeas-firsttrusted
12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set 
dsbl-lastexternal
12:23:05 [10417] dbg: dns: checking RBL sa-trusted.bondedsender.org., set 
bsp-firsttrusted
12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen
12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set 
iadb-firsttrusted
12:23:05 [10417] dbg: check: running tests for priority: -1000
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: eval: all '*From' addrs: 
ignore@compiling.spamassassin.taint.org
12:23:05 [10417] dbg: eval: all '*To' addrs:
12:23:05 [10417] dbg: rules: running body tests; score so far=0
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: running uri tests; score so far=0
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: running full tests; score so far=0
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: rules: running meta tests; score so far=0
12:23:05 [10417] dbg: rules: compiled meta tests
12:23:05 [10417] dbg: check: running tests for priority: -950
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: rules: running body tests; score so far=0
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: running uri tests; score so far=0
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: running full tests; score so far=0
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: rules: running meta tests; score so far=0
12:23:05 [10417] dbg: rules: compiled meta tests
12:23:05 [10417] dbg: check: running tests for priority: -900
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: rules: running body tests; score so far=0
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: running uri tests; score so far=0
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: running full tests; score so far=0
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: rules: running meta tests; score so far=0
12:23:05 [10417] dbg: rules: compiled meta tests
12:23:05 [10417] dbg: check: running tests for priority: -400
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: rules: running body tests; score so far=0
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: running uri tests; score so far=0
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: running full tests; score so far=0
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: rules: running meta tests; score so far=0
12:23:05 [10417] dbg: rules: compiled meta tests
12:23:05 [10417] dbg: check: running tests for priority: 0
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF ======> got hit: 
"UNSET"
12:23:05 [10417] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> 
got hit: "
12:23:05 [10417] dbg: rules: Message-Id: "
12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE ======> got hit: 
"UNSET"
12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST ======> got 
hit: "@spamassassin_spamd_init>"
12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got 
hit: "1215426184"
12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID ======> got hit: 
"<"
12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID ======> got hit: 
"<1215426184.34281@spamassassin_spamd_init>
12:23:05 [10417] dbg: rules: "
12:23:05 [10417] dbg: spf: checking to see if the message has a Received-SPF 
header that we can use
12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks
12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping 
SPF-helo check
12:23:05 [10417] dbg: spf: already checked for Received-SPF headers, 
proceeding with DNS based checks
12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping SPF 
check
12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1)
12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already checked spf and 
didn't get pass, skipping whitelist check
12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit 
(1)
12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit 
(1)
12:23:05 [10417] dbg: spf: whitelist_from_spf: already checked spf and 
didn't get pass, skipping whitelist check
12:23:05 [10417] dbg: rules: running body tests; score so far=1.581
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: 
"I"
12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: eval: stock info total: 0
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: 
"need"
12:23:05 [10417] dbg: rules: running full tests; score so far=1.581
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: info: entering helper-app run mode
12:23:06 [10417] dbg: info: leaving helper-app run mode
12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0
12:23:06 [10417] dbg: razor2: results: spam? 0
12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0
12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0
12:23:06 [10417] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin
12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor executable 
found
12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor
12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled meta tests
12:23:06 [10417] dbg: check: running tests for priority: 500
12:23:06 [10417] dbg: dns: harvest_dnsbl_queries
12:23:06 [10417] dbg: rules: running head tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled head tests
12:23:06 [10417] dbg: rules: running body tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled body tests
12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled uri tests
12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled rawbody tests
12:23:06 [10417] dbg: rules: running full tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled full tests
12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has undefined 
dependency 'DCC_CHECK'
12:23:06 [10417] dbg: rules: compiled meta tests
12:23:06 [10417] dbg: check: running tests for priority: 1000
12:23:06 [10417] dbg: rules: running head tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled head tests
12:23:06 [10417] dbg: locker: safe_lock: created 
/root/.spamassassin/auto-whitelist.mutex
12:23:06 [10417] dbg: locker: safe_lock: trying to get lock on 
/root/.spamassassin/auto-whitelist with 30 timeout
12:23:06 [10417] dbg: locker: safe_lock: link to 
/root/.spamassassin/auto-whitelist.mutex: link ok
12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W 
in /root/.spamassassin/auto-whitelist
12:23:06 [10417] dbg: auto-whitelist: db-based 
ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: 2.865, 
autolearn score: 2.865, mean: undef, IP: undef
12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
12:23:06 [10417] dbg: auto-whitelist: DB addr list: file locked, breaking 
lock
12:23:06 [10417] dbg: locker: safe_unlock: unlocked 
/root/.spamassassin/auto-whitelist.mutex
12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865
12:23:06 [10417] dbg: rules: running body tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled body tests
12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled uri tests
12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled rawbody tests
12:23:06 [10417] dbg: rules: running full tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled full tests
12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled meta tests
12:23:06 [10417] dbg: check: is spam? score=2.865 required=5
12:23:06 [10417] dbg: check: 
tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS
12:23:06 [10417] dbg: check: 
subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID
12:23:06 Building a message batch to scan...



----- Original Message ----- 
From: "Martin.Hepworth" <martinh@solidstatelogic.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Monday, July 07, 2008 12:08 PM
Subject: RE: MailScanner on FC8 don't pickup emails


>
>
>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Luciano Grego
>> Sent: 07 July 2008 11:00
>> To: MailScanner discussion
>> Subject: Re: MailScanner on FC8 don't pickup emails
>>
>>
>> ----- Original Message -----
>> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> Sent: Monday, July 07, 2008 11:06 AM
>> Subject: RE: MailScanner on FC8 don't pickup emails
>>
>>
>> >I would have thought you'd need to change the Lock Type to
>> the default
>> >(blank) as sendmail 8.14 usually uses posix (unless fedora
>> change this)
>> >
>> > Also a "MailScanner --debug --debug-sa" output to a
>> pastebin or web page
>> > (as they can be large) would be interesting to see?
>> >
>> > What install instructions have you followed?
>> >
>> > --
>> > Martin Hepworth
>> > Snr Systems Administrator
>> > Solid State Logic
>> > Tel: +44 (0)1865 842300
>> >
>> >> -----Original Message-----
>> >> From: mailscanner-bounces@lists.mailscanner.info
>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> >> Of Luciano Grego
>> >> Sent: 07 July 2008 09:54
>> >> To: mailscanner@lists.mailscanner.info
>> >> Subject: MailScanner on FC8 don't pickup emails
>> >>
>> >> Hi,
>> >> I' ve installed Fedora Core 8 and updated at latest fix, then
>> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
>> 4.71.2-2).
>> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
>> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
>> >> It' s a locking problem?
>> >> Must reinstall with --nodeps?
>> >>
>> >> Here 'MailScanner --lint':
>> >>
>> >> Trying to setlogsock(unix)
>> >> Read 824 hostnames from the phishing whitelist Read 3052
>> >> hostnames from the phishing blacklist Checking version numbers...
>> >> Version number in MailScanner.conf (4.71.2) is correct.
>> >>
>> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>> >>
>> >> Checking for SpamAssassin errors (if you use it)...
>> >> SpamAssassin temporary working directory is
>> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> >> SpamAssassin temp dir =
>> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> >> Using SpamAssassin results cache
>> >> Connected to SpamAssassin cache database SpamAssassin
>> >> reported no errors.
>> >> ClamAV scanner using unrar command /usr/bin/unrar Using
>> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
>> >> Found these virus scanners installed: clamavmodule
>> >> ==============================================================
>> >> =============
>> >> Virus and Content Scanning: Starting
>> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
>> >> Eicar-Test-Signature FOUND
>> >>
>> >> /var/spool/MailScanner/incoming/9520/./1.message:
>> >> Eicar-Test-Signature FOUND
>> >>
>> >> Virus Scanning: ClamAV found 2 infections Infected message
>> >> 1.message came from Infected message 1 came from 10.1.1.1
>> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
>> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
>> >> Checks: Found 1 problems
>> >> ==============================================================
>> >> =============
>> >> Virus Scanner test reports:
>> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
>> >>
>> >> If any of your virus scanners (clamavmodule) are not listed
>> >> there, you should check that they are installed correctly and
>> >> that MailScanner is finding them correctly via its
>> >> virus.scanners.conf.
>> >>
>> >>
>> >> --
>> >>
>> >> Here 'MailScanner -v':
>> >> Running on
>> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
>> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
>> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
>> >>
>> >> This is MailScanner version 4.71.2
>> >> Module versions are:
>> >> 1.00    AnyDBM_File
>> >> 1.20    Archive::Zip
>> >> 0.21    bignum
>> >> 1.04    Carp
>> >> 2.005   Compress::Zlib
>> >> 1.119   Convert::BinHex
>> >> 0.17    Convert::TNEF
>> >> 2.121_08        Data::Dumper
>> >> 2.27    Date::Parse
>> >> 1.00    DirHandle
>> >> 1.05    Fcntl
>> >> 2.74    File::Basename
>> >> 2.09    File::Copy
>> >> 2.01    FileHandle
>> >> 1.08    File::Path
>> >> 0.20    File::Temp
>> >> 0.90    Filesys::Df
>> >> 1.35    HTML::Entities
>> >> 3.56    HTML::Parser
>> >> 2.37    HTML::TokeParser
>> >> 1.23    IO
>> >> 1.14    IO::File
>> >> 1.13    IO::Pipe
>> >> 2.02    Mail::Header
>> >> 1.86    Math::BigInt
>> >> 0.19    Math::BigRat
>> >> 3.07    MIME::Base64
>> >> 5.425   MIME::Decoder
>> >> 5.425   MIME::Decoder::UU
>> >> 5.425   MIME::Head
>> >> 5.425   MIME::Parser
>> >> 3.07    MIME::QuotedPrint
>> >> 5.425   MIME::Tools
>> >> 0.11    Net::CIDR
>> >> 1.25    Net::IP
>> >> 0.16    OLE::Storage_Lite
>> >> 1.04    Pod::Escapes
>> >> 3.05    Pod::Simple
>> >> 1.09    POSIX
>> >> 1.19    Scalar::Util
>> >> 1.78    Socket
>> >> 2.15    Storable
>> >> 1.4     Sys::Hostname::Long
>> >> 0.18    Sys::Syslog
>> >> 1.26    Test::Pod
>> >> 0.78    Test::Simple
>> >> 1.86    Time::HiRes
>> >> 1.02    Time::localtime
>> >>
>> >> Optional module versions are:
>> >> 1.34    Archive::Tar
>> >> 0.21    bignum
>> >> 1.82    Business::ISBN
>> >> 1.10    Business::ISBN::Data
>> >> 1.08    Data::Dump
>> >> 1.815   DB_File
>> >> 1.14    DBD::SQLite
>> >> 1.58    DBI
>> >> 1.15    Digest
>> >> 1.01    Digest::HMAC
>> >> 2.36    Digest::MD5
>> >> 2.11    Digest::SHA1
>> >> 1.00    Encode::Detect
>> >> 0.17010 Error
>> >> 0.18    ExtUtils::CBuilder
>> >> 2.18    ExtUtils::ParseXS
>> >> 2.36    Getopt::Long
>> >> 0.44    Inline
>> >> 1.08    IO::String
>> >> 1.07    IO::Zlib
>> >> 2.21    IP::Country
>> >> 0.22    Mail::ClamAV
>> >> 3.002005        Mail::SpamAssassin
>> >> v2.005  Mail::SPF
>> >> 1.999001        Mail::SPF::Query
>> >> 0.2808  Module::Build
>> >> 0.20    Net::CIDR::Lite
>> >> 0.63    Net::DNS
>> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>> >>  4.004  NetAddr::IP
>> >> 1.94    Parse::RecDescent
>> >> missing SAVI
>> >> 2.64    Test::Harness
>> >> 0.95    Test::Manifest
>> >> 1.98    Text::Balanced
>> >> 1.35    URI
>> >> 0.7203  version
>> >> 0.62    YAML
>> >>
>> >> Thanks
>> >>  Luciano.
>> >>
>
>> > --
>> > MailScanner mailing list
>> > mailscanner@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>> > --
>> > Il messaggio e' stato analizzato alla ricerca di virus o
>> > contenuti pericolosi da MailScanner, ed e'
>> > risultato non infetto.
>> >
>> >
>>
>> HI Martin,
>> Lock Type = flock
>>  ... for test my ideas ...
>>
>> I've setup this Mailscanner box for my client and
>> i' ve reboot the machine friday at 18:45 with new params.
>> Now i'm checking logs and i see Mailscanner pickup messages
>> from Sunday at
>> 15:00. None first!
>> MailScanner needs more time for starting up?
>>
>> I' ve put
>> Lock Type =
>> now and
>> 'service MailScanner restart'.
>> Thank you.
>> L.
>>
>>
>
> Hi
>
> Anything in the maillog reguarding mailScanner???
>
> Should only take a few seconds to get going.
>
> I'd drop to debug and see if you can spot anything.
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> -- 
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.
>
> 



-- 
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.

From J.Ede at birchenallhowden.co.uk  Mon Jul  7 11:42:53 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Mon Jul  7 11:44:09 2008
Subject: MailScanner on FC8 don't pickup emails
In-Reply-To: <461154D3BC314695B971D5B750769C3D@LUCIANO>
References: <22c28cd18b8a8445861e6ca828c11786@solidstatelogic.com>,
	<461154D3BC314695B971D5B750769C3D@LUCIANO>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717B8599@server02.bhl.local>


Have you configured your MTA to work with MailScanner properly?

Jason
________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Luciano Grego [lucianog@metline.it]
Sent: 07 July 2008 11:33
To: MailScanner discussion
Subject: Re: MailScanner on FC8 don't pickup emails

Hi,
Excuse me for long list ...
But ... in debug mode i should see the email passing through MailScanner?

I have not answered your question first:  What install instructions have you
followed?
I' ve follow the INSTALL file guide. Untar src file and ./install.sh.

--

mail  root  [ /var/log ] MailScanner --debug --debug-sa
In Debugging mode, not forking...
Trying to setlogsock(unix)
12:23:04 SpamAssassin temp dir =
/var/spool/MailScanner/incoming/SpamAssassin-Temp
12:23:04 [10417] dbg: logger: adding facilities: all
12:23:04 [10417] dbg: logger: logging level is DBG
12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5
12:23:04 [10417] dbg: config: score set 0 chosen.
12:23:04 [10417] dbg: util: running in taint mode? no
12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes
12:23:04 [10417] dbg: dns: Net::DNS version: 0.63
12:23:04 [10417] dbg: ignore: test message to precompile patterns and load
modules
12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site rules
pre files
12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/init.pre
12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v310.pre
12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v312.pre
12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v320.pre
12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for sys
rules pre files
12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for
default rules dir
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site rules
dir
12:23:04 [10417] dbg: config: read file
/etc/mail/spamassassin/mailscanner.cf
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from
@INC
12:23:04 [10417] dbg: plugin: loading
Mail::SpamAssassin::Plugin::RelayCountry from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2
from @INC
12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from
@INC
12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor
12:23:04 [10417] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::Razor2, already registered
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop
from @INC
12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from
@INC
12:23:04 [10417] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
12:23:04 [10417] dbg: plugin: loading
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader
from @INC
12:23:04 [10417] dbg: plugin: loading
Mail::SpamAssassin::Plugin::ReplaceTags from @INC
12:23:04 [10417] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::RelayCountry, already registered
12:23:04 [10417] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::SPF, already registered
12:23:04 [10417] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::URIDNSBL, already registered
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from
@INC
12:23:04 [10417] dbg: plugin: loading
Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from
@INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce
from @INC
12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo
from @INC
12:23:04 [10417] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::RelayCountry, already registered
12:23:04 [10417] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::SPF, already registered
12:23:04 [10417] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::URIDNSBL, already registered
12:23:04 [10417] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::Razor2, already registered
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for
included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
12:23:04 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
12:23:04 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf"
for included file
12:23:04 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
12:23:05 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
12:23:05 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf"
for included file
12:23:05 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
12:23:05 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
12:23:05 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" for
included file
12:23:05 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
12:23:05 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
12:23:05 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" for
included file
12:23:05 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
12:23:05 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
12:23:05 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" for
included file
12:23:05 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
12:23:05 [10417] dbg: config: fixed relative path:
/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
12:23:05 [10417] dbg: config: using
"/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf"
for included file
12:23:05 [10417] dbg: config: read file
/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA
12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E
12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E
__MO_OL_F3B05
12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates:
__RATWARE_0_TZ_DATE
12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340
__XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF
__XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01
12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA
12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates:
HS_SUBJ_NEW_SOFTWARE
12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates:
__HAS_MSMAIL_PRI
12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A
12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C
__XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1
__XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8
12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1
__MO_OL_CF0C0
12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15
KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6
12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240
__MO_OL_ADFF7
12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6
12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB
__MO_OL_7533E
12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40
12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates:
__HAS_ANY_URI
12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B
12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates:
BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF
DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1
HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE
URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS
URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED
XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING
12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E
12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8
12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01
12:23:05 [10417] dbg: conf: finish parsing
12:23:05 [10417] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) implements
'finish_parsing_end', priority 0
12:23:05 [10417] dbg: replacetags: replacing tags
12:23:05 [10417] dbg: replacetags: done replacing tags
12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
/etc/MailScanner/bayes/bayes__toks
12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
/etc/MailScanner/bayes/bayes__seen
12:23:05 [10417] dbg: bayes: found bayes db version 3
12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in
bayes DB < 200
12:23:05 [10417] dbg: bayes: untie-ing
12:23:05 [10417] dbg: config: score set 1 chosen.
12:23:05 [10417] dbg: message: main message type: text/plain
12:23:05 [10417] dbg: message: ---- MIME PARSER START ----
12:23:05 [10417] dbg: message: parsing normal part
12:23:05 [10417] dbg: message: ---- MIME PARSER END ----
12:23:05 [10417] dbg: plugin:
Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) implements
'check_start', priority 0
12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
/etc/MailScanner/bayes/bayes__toks
12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
/etc/MailScanner/bayes/bayes__seen
12:23:05 [10417] dbg: bayes: found bayes db version 3
12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in
bayes DB < 200
12:23:05 [10417] dbg: bayes: untie-ing
12:23:05 [10417] dbg: plugin:
Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements 'check_main',
priority 0
12:23:05 [10417] dbg: conf: trusted_networks are not configured; it is
recommended that you configure trusted_networks manually
12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted:
12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted:
12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal:
12:23:05 [10417] dbg: metadata: X-Spam-Relays-External:
12:23:05 [10417] dbg: plugin:
Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements
'extract_metadata', priority 0
12:23:05 [10417] dbg: metadata: X-Relay-Countries:
12:23:05 [10417] dbg: message: no encoding detected
12:23:05 [10417] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) implements
'parsed_metadata', priority 0
12:23:05 [10417] dbg: plugin:
Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements
'parsed_metadata', priority 0
12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes
12:23:05 [10417] dbg: dns: Net::DNS version: 0.63
12:23:05 [10417] dbg: dns: name server: 85.42.104.18, LocalAddr: 0.0.0.0
12:23:05 [10417] dbg: dns: resolver socket rx buffer size is 110592 bytes
12:23:05 [10417] dbg: dns: dns_available set to yes in config file, skipping
test
12:23:05 [10417] dbg: uridnsbl: domains to query:
12:23:05 [10417] dbg: dns: checking RBL sa-other.bondedsender.org., set
bsp-untrusted
12:23:05 [10417] dbg: dns: checking RBL plus.bondedsender.org., set
ssc-firsttrusted
12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl
12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop
12:23:05 [10417] dbg: dns: checking RBL dob.sibl.support-intelligence.net.,
set dob
12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set
zen-lastexternal
12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set
sorbs-lastexternal
12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set
zen-lastexternal
12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set
dnswl-firsttrusted
12:23:05 [10417] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set
dsbl-lastexternal
12:23:05 [10417] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen
12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set
iadb-firsttrusted
12:23:05 [10417] dbg: check: running tests for priority: -1000
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: eval: all '*From' addrs:
ignore@compiling.spamassassin.taint.org
12:23:05 [10417] dbg: eval: all '*To' addrs:
12:23:05 [10417] dbg: rules: running body tests; score so far=0
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: running uri tests; score so far=0
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: running full tests; score so far=0
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: rules: running meta tests; score so far=0
12:23:05 [10417] dbg: rules: compiled meta tests
12:23:05 [10417] dbg: check: running tests for priority: -950
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: rules: running body tests; score so far=0
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: running uri tests; score so far=0
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: running full tests; score so far=0
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: rules: running meta tests; score so far=0
12:23:05 [10417] dbg: rules: compiled meta tests
12:23:05 [10417] dbg: check: running tests for priority: -900
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: rules: running body tests; score so far=0
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: running uri tests; score so far=0
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: running full tests; score so far=0
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: rules: running meta tests; score so far=0
12:23:05 [10417] dbg: rules: compiled meta tests
12:23:05 [10417] dbg: check: running tests for priority: -400
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: rules: running body tests; score so far=0
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: running uri tests; score so far=0
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: running full tests; score so far=0
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: rules: running meta tests; score so far=0
12:23:05 [10417] dbg: rules: compiled meta tests
12:23:05 [10417] dbg: check: running tests for priority: 0
12:23:05 [10417] dbg: rules: running head tests; score so far=0
12:23:05 [10417] dbg: rules: compiled head tests
12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF ======> got hit:
"UNSET"
12:23:05 [10417] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======>
got hit: "
12:23:05 [10417] dbg: rules: Message-Id: "
12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE ======> got hit:
"UNSET"
12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST ======> got
hit: "@spamassassin_spamd_init>"
12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got
hit: "1215426184"
12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID ======> got hit:
"<"
12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<1215426184.34281@spamassassin_spamd_init>
12:23:05 [10417] dbg: rules: "
12:23:05 [10417] dbg: spf: checking to see if the message has a Received-SPF
header that we can use
12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks
12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping
SPF-helo check
12:23:05 [10417] dbg: spf: already checked for Received-SPF headers,
proceeding with DNS based checks
12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping SPF
check
12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1)
12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already checked spf and
didn't get pass, skipping whitelist check
12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
(1)
12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit
(1)
12:23:05 [10417] dbg: spf: whitelist_from_spf: already checked spf and
didn't get pass, skipping whitelist check
12:23:05 [10417] dbg: rules: running body tests; score so far=1.581
12:23:05 [10417] dbg: rules: compiled body tests
12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit:
"I"
12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581
12:23:05 [10417] dbg: rules: compiled uri tests
12:23:05 [10417] dbg: eval: stock info total: 0
12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581
12:23:05 [10417] dbg: rules: compiled rawbody tests
12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit:
"need"
12:23:05 [10417] dbg: rules: running full tests; score so far=1.581
12:23:05 [10417] dbg: rules: compiled full tests
12:23:05 [10417] dbg: info: entering helper-app run mode
12:23:06 [10417] dbg: info: leaving helper-app run mode
12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0
12:23:06 [10417] dbg: razor2: results: spam? 0
12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0
12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0
12:23:06 [10417] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin
12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor executable
found
12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor
12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled meta tests
12:23:06 [10417] dbg: check: running tests for priority: 500
12:23:06 [10417] dbg: dns: harvest_dnsbl_queries
12:23:06 [10417] dbg: rules: running head tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled head tests
12:23:06 [10417] dbg: rules: running body tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled body tests
12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled uri tests
12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled rawbody tests
12:23:06 [10417] dbg: rules: running full tests; score so far=1.581
12:23:06 [10417] dbg: rules: compiled full tests
12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has undefined
dependency 'DCC_CHECK'
12:23:06 [10417] dbg: rules: compiled meta tests
12:23:06 [10417] dbg: check: running tests for priority: 1000
12:23:06 [10417] dbg: rules: running head tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled head tests
12:23:06 [10417] dbg: locker: safe_lock: created
/root/.spamassassin/auto-whitelist.mutex
12:23:06 [10417] dbg: locker: safe_lock: trying to get lock on
/root/.spamassassin/auto-whitelist with 30 timeout
12:23:06 [10417] dbg: locker: safe_lock: link to
/root/.spamassassin/auto-whitelist.mutex: link ok
12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W
in /root/.spamassassin/auto-whitelist
12:23:06 [10417] dbg: auto-whitelist: db-based
ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: 2.865,
autolearn score: 2.865, mean: undef, IP: undef
12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
12:23:06 [10417] dbg: auto-whitelist: DB addr list: file locked, breaking
lock
12:23:06 [10417] dbg: locker: safe_unlock: unlocked
/root/.spamassassin/auto-whitelist.mutex
12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865
12:23:06 [10417] dbg: rules: running body tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled body tests
12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled uri tests
12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled rawbody tests
12:23:06 [10417] dbg: rules: running full tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled full tests
12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865
12:23:06 [10417] dbg: rules: compiled meta tests
12:23:06 [10417] dbg: check: is spam? score=2.865 required=5
12:23:06 [10417] dbg: check:
tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS
12:23:06 [10417] dbg: check:
subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID
12:23:06 Building a message batch to scan...



----- Original Message -----
From: "Martin.Hepworth" <martinh@solidstatelogic.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Monday, July 07, 2008 12:08 PM
Subject: RE: MailScanner on FC8 don't pickup emails


>
>
>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Luciano Grego
>> Sent: 07 July 2008 11:00
>> To: MailScanner discussion
>> Subject: Re: MailScanner on FC8 don't pickup emails
>>
>>
>> ----- Original Message -----
>> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> Sent: Monday, July 07, 2008 11:06 AM
>> Subject: RE: MailScanner on FC8 don't pickup emails
>>
>>
>> >I would have thought you'd need to change the Lock Type to
>> the default
>> >(blank) as sendmail 8.14 usually uses posix (unless fedora
>> change this)
>> >
>> > Also a "MailScanner --debug --debug-sa" output to a
>> pastebin or web page
>> > (as they can be large) would be interesting to see?
>> >
>> > What install instructions have you followed?
>> >
>> > --
>> > Martin Hepworth
>> > Snr Systems Administrator
>> > Solid State Logic
>> > Tel: +44 (0)1865 842300
>> >
>> >> -----Original Message-----
>> >> From: mailscanner-bounces@lists.mailscanner.info
>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> >> Of Luciano Grego
>> >> Sent: 07 July 2008 09:54
>> >> To: mailscanner@lists.mailscanner.info
>> >> Subject: MailScanner on FC8 don't pickup emails
>> >>
>> >> Hi,
>> >> I' ve installed Fedora Core 8 and updated at latest fix, then
>> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
>> 4.71.2-2).
>> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
>> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
>> >> It' s a locking problem?
>> >> Must reinstall with --nodeps?
>> >>
>> >> Here 'MailScanner --lint':
>> >>
>> >> Trying to setlogsock(unix)
>> >> Read 824 hostnames from the phishing whitelist Read 3052
>> >> hostnames from the phishing blacklist Checking version numbers...
>> >> Version number in MailScanner.conf (4.71.2) is correct.
>> >>
>> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>> >>
>> >> Checking for SpamAssassin errors (if you use it)...
>> >> SpamAssassin temporary working directory is
>> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> >> SpamAssassin temp dir =
>> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> >> Using SpamAssassin results cache
>> >> Connected to SpamAssassin cache database SpamAssassin
>> >> reported no errors.
>> >> ClamAV scanner using unrar command /usr/bin/unrar Using
>> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
>> >> Found these virus scanners installed: clamavmodule
>> >> ==============================================================
>> >> =============
>> >> Virus and Content Scanning: Starting
>> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
>> >> Eicar-Test-Signature FOUND
>> >>
>> >> /var/spool/MailScanner/incoming/9520/./1.message:
>> >> Eicar-Test-Signature FOUND
>> >>
>> >> Virus Scanning: ClamAV found 2 infections Infected message
>> >> 1.message came from Infected message 1 came from 10.1.1.1
>> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
>> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
>> >> Checks: Found 1 problems
>> >> ==============================================================
>> >> =============
>> >> Virus Scanner test reports:
>> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
>> >>
>> >> If any of your virus scanners (clamavmodule) are not listed
>> >> there, you should check that they are installed correctly and
>> >> that MailScanner is finding them correctly via its
>> >> virus.scanners.conf.
>> >>
>> >>
>> >> --
>> >>
>> >> Here 'MailScanner -v':
>> >> Running on
>> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
>> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
>> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
>> >>
>> >> This is MailScanner version 4.71.2
>> >> Module versions are:
>> >> 1.00    AnyDBM_File
>> >> 1.20    Archive::Zip
>> >> 0.21    bignum
>> >> 1.04    Carp
>> >> 2.005   Compress::Zlib
>> >> 1.119   Convert::BinHex
>> >> 0.17    Convert::TNEF
>> >> 2.121_08        Data::Dumper
>> >> 2.27    Date::Parse
>> >> 1.00    DirHandle
>> >> 1.05    Fcntl
>> >> 2.74    File::Basename
>> >> 2.09    File::Copy
>> >> 2.01    FileHandle
>> >> 1.08    File::Path
>> >> 0.20    File::Temp
>> >> 0.90    Filesys::Df
>> >> 1.35    HTML::Entities
>> >> 3.56    HTML::Parser
>> >> 2.37    HTML::TokeParser
>> >> 1.23    IO
>> >> 1.14    IO::File
>> >> 1.13    IO::Pipe
>> >> 2.02    Mail::Header
>> >> 1.86    Math::BigInt
>> >> 0.19    Math::BigRat
>> >> 3.07    MIME::Base64
>> >> 5.425   MIME::Decoder
>> >> 5.425   MIME::Decoder::UU
>> >> 5.425   MIME::Head
>> >> 5.425   MIME::Parser
>> >> 3.07    MIME::QuotedPrint
>> >> 5.425   MIME::Tools
>> >> 0.11    Net::CIDR
>> >> 1.25    Net::IP
>> >> 0.16    OLE::Storage_Lite
>> >> 1.04    Pod::Escapes
>> >> 3.05    Pod::Simple
>> >> 1.09    POSIX
>> >> 1.19    Scalar::Util
>> >> 1.78    Socket
>> >> 2.15    Storable
>> >> 1.4     Sys::Hostname::Long
>> >> 0.18    Sys::Syslog
>> >> 1.26    Test::Pod
>> >> 0.78    Test::Simple
>> >> 1.86    Time::HiRes
>> >> 1.02    Time::localtime
>> >>
>> >> Optional module versions are:
>> >> 1.34    Archive::Tar
>> >> 0.21    bignum
>> >> 1.82    Business::ISBN
>> >> 1.10    Business::ISBN::Data
>> >> 1.08    Data::Dump
>> >> 1.815   DB_File
>> >> 1.14    DBD::SQLite
>> >> 1.58    DBI
>> >> 1.15    Digest
>> >> 1.01    Digest::HMAC
>> >> 2.36    Digest::MD5
>> >> 2.11    Digest::SHA1
>> >> 1.00    Encode::Detect
>> >> 0.17010 Error
>> >> 0.18    ExtUtils::CBuilder
>> >> 2.18    ExtUtils::ParseXS
>> >> 2.36    Getopt::Long
>> >> 0.44    Inline
>> >> 1.08    IO::String
>> >> 1.07    IO::Zlib
>> >> 2.21    IP::Country
>> >> 0.22    Mail::ClamAV
>> >> 3.002005        Mail::SpamAssassin
>> >> v2.005  Mail::SPF
>> >> 1.999001        Mail::SPF::Query
>> >> 0.2808  Module::Build
>> >> 0.20    Net::CIDR::Lite
>> >> 0.63    Net::DNS
>> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>> >>  4.004  NetAddr::IP
>> >> 1.94    Parse::RecDescent
>> >> missing SAVI
>> >> 2.64    Test::Harness
>> >> 0.95    Test::Manifest
>> >> 1.98    Text::Balanced
>> >> 1.35    URI
>> >> 0.7203  version
>> >> 0.62    YAML
>> >>
>> >> Thanks
>> >>  Luciano.
>> >>
>
>> > --
>> > MailScanner mailing list
>> > mailscanner@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>> > --
>> > Il messaggio e' stato analizzato alla ricerca di virus o
>> > contenuti pericolosi da MailScanner, ed e'
>> > risultato non infetto.
>> >
>> >
>>
>> HI Martin,
>> Lock Type = flock
>>  ... for test my ideas ...
>>
>> I've setup this Mailscanner box for my client and
>> i' ve reboot the machine friday at 18:45 with new params.
>> Now i'm checking logs and i see Mailscanner pickup messages
>> from Sunday at
>> 15:00. None first!
>> MailScanner needs more time for starting up?
>>
>> I' ve put
>> Lock Type =
>> now and
>> 'service MailScanner restart'.
>> Thank you.
>> L.
>>
>>
>
> Hi
>
> Anything in the maillog reguarding mailScanner???
>
> Should only take a few seconds to get going.
>
> I'd drop to debug and see if you can spot anything.
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.
>
>



--
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From martinh at solidstatelogic.com  Mon Jul  7 12:07:22 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jul  7 12:07:36 2008
Subject: MailScanner on FC8 don't pickup emails
In-Reply-To: <461154D3BC314695B971D5B750769C3D@LUCIANO>
Message-ID: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com>

Luciano

You should be using the rpm version for Fedora installs..

http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz

Than follow the rpm based install instructions.

You need to configure the MailScanner.conf to point at correct locations for the sendmail queues etc.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Luciano Grego
> Sent: 07 July 2008 11:34
> To: MailScanner discussion
> Subject: Re: MailScanner on FC8 don't pickup emails
>
> Hi,
> Excuse me for long list ...
> But ... in debug mode i should see the email passing through
> MailScanner?
>
> I have not answered your question first:  What install
> instructions have you followed?
> I' ve follow the INSTALL file guide. Untar src file and ./install.sh.
>
> --
>
> mail  root  [ /var/log ] MailScanner --debug --debug-sa In
> Debugging mode, not forking...
> Trying to setlogsock(unix)
> 12:23:04 SpamAssassin temp dir =
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> 12:23:04 [10417] dbg: logger: adding facilities: all
> 12:23:04 [10417] dbg: logger: logging level is DBG
> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5
> 12:23:04 [10417] dbg: config: score set 0 chosen.
> 12:23:04 [10417] dbg: util: running in taint mode? no
> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes
> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63
> 12:23:04 [10417] dbg: ignore: test message to precompile
> patterns and load modules
> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
> for site rules pre files
> 12:23:04 [10417] dbg: config: read file
> /etc/mail/spamassassin/init.pre
> 12:23:04 [10417] dbg: config: read file
> /etc/mail/spamassassin/v310.pre
> 12:23:04 [10417] dbg: config: read file
> /etc/mail/spamassassin/v312.pre
> 12:23:04 [10417] dbg: config: read file
> /etc/mail/spamassassin/v320.pre
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005" for sys rules pre files
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005" for default rules dir
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
> for site rules dir
> 12:23:04 [10417] dbg: config: read file
> /etc/mail/spamassassin/mailscanner.cf
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::URIDNSBL
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Hashcash
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::SPF from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::RelayCountry from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Razor2
> from @INC
> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Pyzor from @INC
> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::Razor2, already registered
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::SpamCop
> from @INC
> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::AWL from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::MIMEHeader
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::ReplaceTags from @INC
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::RelayCountry, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::SPF, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Check from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::URIDetail
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Bayes from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::BodyEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::DNSEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::HTMLEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::HeaderEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::MIMEEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::RelayEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::URIEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::WLBLEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::VBounce
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::ImageInfo
> from @INC
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::RelayCountry, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::SPF, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::Razor2, already registered
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
> ault_prefs.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de
> fault_prefs.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
> ault_prefs.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
> ance_fee.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad
> vance_fee.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
> ance_fee.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
> y_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo
> dy_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
> y_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
> pensate.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co
> mpensate.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
> pensate.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
> bl_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn
> sbl_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
> bl_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr
> ugs.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy
> nrdns.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
> e_helo_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa
> ke_helo_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
> e_helo_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
> d_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he
> ad_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
> d_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
> l_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht
> ml_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
> l_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
> geinfo.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im
> ageinfo.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
> geinfo.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
> a_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me
> ta_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
> a_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
> _tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne
> t_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
> _tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph
> rases.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po
> rn.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra
> tware.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
> _tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur
> i_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
> _tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb
> ounce.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba
> yes.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac
> cessdb.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
> ivirus.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an
> tivirus.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
> ivirus.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as
> n.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc
> c.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk
> im.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
> ainkeys.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do
> mainkeys.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
> ainkeys.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha
> shcash.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py
> zor.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra
> zor2.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re
> place.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp
> f.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te
> xtcat.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur
> ibl.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
> xt_de.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
> xt_fr.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
> xt_it.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
> xt_nl.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
> xt_pl.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
> t_pt_br.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
> xt_pt_br.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
> t_pt_br.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc
> ores.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw
> l.cf" for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
> rtcircuit.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh
> ortcircuit.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
> rtcircuit.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
> itelist.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist_dk.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
> itelist_dk.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist_dk.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist_dkim.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
> itelist_dkim.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist_dkim.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist_spf.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
> itelist_spf.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist_spf.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist_subject.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
> itelist_subject.cf"
> for included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
> telist_subject.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac
> tive.cf" for included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re
> moved.cf" for included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc
> ores.cf" for included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
> itional.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad
> ditional.cf"
> for included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
> itional.cf
> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates:
> __MO_OL_C65FA
> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates:
> __XM_OL_A842E
> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates:
> __MO_OL_8627E
> __MO_OL_F3B05
> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates:
> __RATWARE_0_TZ_DATE
> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates:
> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5
> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0
> __XM_OL_F475E __XM_OL_F6D01
> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged
> duplicates: __MSGID_VGA
> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates:
> HS_SUBJ_NEW_SOFTWARE
> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates:
> __HAS_MSMAIL_PRI
> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates:
> __MO_OL_6554A
> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates:
> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B
> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6
> __XM_OL_F3B05 __XM_OL_FF5C8
> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates:
> __MO_OL_B30D1 __MO_OL_CF0C0
> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates:
> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4
> KAM_STOCKTIP6
> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates:
> __MO_OL_4F240
> __MO_OL_ADFF7
> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates:
> __MO_OL_BC7E6
> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates:
> __MO_OL_4EEDB __MO_OL_7533E
> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates:
> __MO_OL_B4B40
> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates:
> __HAS_ANY_URI
> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates:
> __XM_OL_EF20B
> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates:
> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER
> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2
> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE
> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX
> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS
> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED
> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY
> YOUR_CRD_RATING
> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates:
> __MO_OL_A842E
> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates:
> __MO_OL_FF5C8
> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates:
> __MO_OL_F6D01
> 12:23:05 [10417] dbg: conf: finish parsing
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c)
> implements 'finish_parsing_end', priority 0
> 12:23:05 [10417] dbg: replacetags: replacing tags
> 12:23:05 [10417] dbg: replacetags: done replacing tags
> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes__toks
> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes__seen
> 12:23:05 [10417] dbg: bayes: found bayes db version 3
> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
> 12:23:05 [10417] dbg: bayes: not available for scanning, only
> 1 spam(s) in bayes DB < 200
> 12:23:05 [10417] dbg: bayes: untie-ing
> 12:23:05 [10417] dbg: config: score set 1 chosen.
> 12:23:05 [10417] dbg: message: main message type: text/plain
> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ----
> 12:23:05 [10417] dbg: message: parsing normal part
> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ----
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc)
> implements 'check_start', priority 0
> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes__toks
> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes__seen
> 12:23:05 [10417] dbg: bayes: found bayes db version 3
> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
> 12:23:05 [10417] dbg: bayes: not available for scanning, only
> 1 spam(s) in bayes DB < 200
> 12:23:05 [10417] dbg: bayes: untie-ing
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements
> 'check_main', priority 0
> 12:23:05 [10417] dbg: conf: trusted_networks are not
> configured; it is recommended that you configure
> trusted_networks manually
> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted:
> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted:
> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal:
> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External:
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
> implements 'extract_metadata', priority 0
> 12:23:05 [10417] dbg: metadata: X-Relay-Countries:
> 12:23:05 [10417] dbg: message: no encoding detected
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08)
> implements 'parsed_metadata', priority 0
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
> implements 'parsed_metadata', priority 0
> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes
> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63
> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18,
> LocalAddr: 0.0.0.0
> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is
> 110592 bytes
> 12:23:05 [10417] dbg: dns: dns_available set to yes in config
> file, skipping test
> 12:23:05 [10417] dbg: uridnsbl: domains to query:
> 12:23:05 [10417] dbg: dns: checking RBL
> sa-other.bondedsender.org., set bsp-untrusted
> 12:23:05 [10417] dbg: dns: checking RBL
> plus.bondedsender.org., set ssc-firsttrusted
> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl
> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop
> 12:23:05 [10417] dbg: dns: checking RBL
> dob.sibl.support-intelligence.net.,
> set dob
> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
> set zen-lastexternal
> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set
> sorbs-lastexternal
> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
> set zen-lastexternal
> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set
> dnswl-firsttrusted
> 12:23:05 [10417] dbg: dns: checking RBL
> sa-accredit.habeas.com., set habeas-firsttrusted
> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set
> dsbl-lastexternal
> 12:23:05 [10417] dbg: dns: checking RBL
> sa-trusted.bondedsender.org., set bsp-firsttrusted
> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen
> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set
> iadb-firsttrusted
> 12:23:05 [10417] dbg: check: running tests for priority: -1000
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: eval: all '*From' addrs:
> ignore@compiling.spamassassin.taint.org
> 12:23:05 [10417] dbg: eval: all '*To' addrs:
> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled meta tests
> 12:23:05 [10417] dbg: check: running tests for priority: -950
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled meta tests
> 12:23:05 [10417] dbg: check: running tests for priority: -900
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled meta tests
> 12:23:05 [10417] dbg: check: running tests for priority: -400
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled meta tests
> 12:23:05 [10417] dbg: check: running tests for priority: 0
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF
> ======> got hit:
> "UNSET"
> 12:23:05 [10417] dbg: rules: ran header rule
> __MSOE_MID_WRONG_CASE ======> got hit: "
> 12:23:05 [10417] dbg: rules: Message-Id: "
> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE
> ======> got hit:
> "UNSET"
> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST
> ======> got
> hit: "@spamassassin_spamd_init>"
> 12:23:05 [10417] dbg: rules: ran header rule
> __MSGID_OK_DIGITS ======> got
> hit: "1215426184"
> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID
> ======> got hit:
> "<"
> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID
> ======> got hit:
> "<1215426184.34281@spamassassin_spamd_init>
> 12:23:05 [10417] dbg: rules: "
> 12:23:05 [10417] dbg: spf: checking to see if the message has
> a Received-SPF header that we can use
> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks
> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
> found, skipping SPF-helo check
> 12:23:05 [10417] dbg: spf: already checked for Received-SPF
> headers, proceeding with DNS based checks
> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
> found, skipping SPF check
> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======>
> got hit (1)
> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already
> checked spf and didn't get pass, skipping whitelist check
> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID
> ======> got hit
> (1)
> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS
> ======> got hit
> (1)
> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already
> checked spf and didn't get pass, skipping whitelist check
> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY
> ======> got hit:
> "I"
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: eval: stock info total: 0
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY
> ======> got hit:
> "need"
> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: info: entering helper-app run mode
> 12:23:06 [10417] dbg: info: leaving helper-app run mode
> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0
> 12:23:06 [10417] dbg: razor2: results: spam? 0
> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0
> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0
> 12:23:06 [10417] dbg: util: current PATH is:
> /sbin:/bin:/usr/sbin:/usr/bin
> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor
> executable found
> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor
> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled meta tests
> 12:23:06 [10417] dbg: check: running tests for priority: 500
> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries
> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled head tests
> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled body tests
> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled uri tests
> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled rawbody tests
> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled full tests
> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has
> undefined dependency 'DCC_CHECK'
> 12:23:06 [10417] dbg: rules: compiled meta tests
> 12:23:06 [10417] dbg: check: running tests for priority: 1000
> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled head tests
> 12:23:06 [10417] dbg: locker: safe_lock: created
> /root/.spamassassin/auto-whitelist.mutex
> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock
> on /root/.spamassassin/auto-whitelist with 30 timeout
> 12:23:06 [10417] dbg: locker: safe_lock: link to
> /root/.spamassassin/auto-whitelist.mutex: link ok
> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of
> type DB_File R/W in /root/.spamassassin/auto-whitelist
> 12:23:06 [10417] dbg: auto-whitelist: db-based
> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score:
> 2.865, autolearn score: 2.865, mean: undef, IP: undef
> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing
> and unlocking
> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file
> locked, breaking lock
> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked
> /root/.spamassassin/auto-whitelist.mutex
> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865
> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled body tests
> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled uri tests
> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled rawbody tests
> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled full tests
> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled meta tests
> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5
> 12:23:06 [10417] dbg: check:
> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED
> ,NO_RELAYS
> 12:23:06 [10417] dbg: check:
> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O
> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV
> D_BODY,__UNUSABLE_MSGID
> 12:23:06 Building a message batch to scan...
>
>
>
> ----- Original Message -----
> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Monday, July 07, 2008 12:08 PM
> Subject: RE: MailScanner on FC8 don't pickup emails
>
>
> >
> >
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> >> Of Luciano Grego
> >> Sent: 07 July 2008 11:00
> >> To: MailScanner discussion
> >> Subject: Re: MailScanner on FC8 don't pickup emails
> >>
> >>
> >> ----- Original Message -----
> >> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
> >> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> >> Sent: Monday, July 07, 2008 11:06 AM
> >> Subject: RE: MailScanner on FC8 don't pickup emails
> >>
> >>
> >> >I would have thought you'd need to change the Lock Type to
> >> the default
> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora
> >> change this)
> >> >
> >> > Also a "MailScanner --debug --debug-sa" output to a
> >> pastebin or web page
> >> > (as they can be large) would be interesting to see?
> >> >
> >> > What install instructions have you followed?
> >> >
> >> > --
> >> > Martin Hepworth
> >> > Snr Systems Administrator
> >> > Solid State Logic
> >> > Tel: +44 (0)1865 842300
> >> >
> >> >> -----Original Message-----
> >> >> From: mailscanner-bounces@lists.mailscanner.info
> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> >> >> Of Luciano Grego
> >> >> Sent: 07 July 2008 09:54
> >> >> To: mailscanner@lists.mailscanner.info
> >> >> Subject: MailScanner on FC8 don't pickup emails
> >> >>
> >> >> Hi,
> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then
> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
> >> 4.71.2-2).
> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
> >> >> It' s a locking problem?
> >> >> Must reinstall with --nodeps?
> >> >>
> >> >> Here 'MailScanner --lint':
> >> >>
> >> >> Trying to setlogsock(unix)
> >> >> Read 824 hostnames from the phishing whitelist Read 3052
> >> >> hostnames from the phishing blacklist Checking version
> numbers...
> >> >> Version number in MailScanner.conf (4.71.2) is correct.
> >> >>
> >> >> Your envelope_sender_header in spam.assassin.prefs.conf
> is correct.
> >> >>
> >> >> Checking for SpamAssassin errors (if you use it)...
> >> >> SpamAssassin temporary working directory is
> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> >> >> SpamAssassin temp dir =
> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> >> >> Using SpamAssassin results cache
> >> >> Connected to SpamAssassin cache database SpamAssassin
> >> >> reported no errors.
> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using
> >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
> >> >> Found these virus scanners installed: clamavmodule
> >> >> ==============================================================
> >> >> =============
> >> >> Virus and Content Scanning: Starting
> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
> >> >> Eicar-Test-Signature FOUND
> >> >>
> >> >> /var/spool/MailScanner/incoming/9520/./1.message:
> >> >> Eicar-Test-Signature FOUND
> >> >>
> >> >> Virus Scanning: ClamAV found 2 infections Infected message
> >> >> 1.message came from Infected message 1 came from 10.1.1.1
> >> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
> >> >> Checks: Found 1 problems
> >> >> ==============================================================
> >> >> =============
> >> >> Virus Scanner test reports:
> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
> >> >>
> >> >> If any of your virus scanners (clamavmodule) are not listed
> >> >> there, you should check that they are installed correctly and
> >> >> that MailScanner is finding them correctly via its
> >> >> virus.scanners.conf.
> >> >>
> >> >>
> >> >> --
> >> >>
> >> >> Here 'MailScanner -v':
> >> >> Running on
> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
> >> >>
> >> >> This is MailScanner version 4.71.2
> >> >> Module versions are:
> >> >> 1.00    AnyDBM_File
> >> >> 1.20    Archive::Zip
> >> >> 0.21    bignum
> >> >> 1.04    Carp
> >> >> 2.005   Compress::Zlib
> >> >> 1.119   Convert::BinHex
> >> >> 0.17    Convert::TNEF
> >> >> 2.121_08        Data::Dumper
> >> >> 2.27    Date::Parse
> >> >> 1.00    DirHandle
> >> >> 1.05    Fcntl
> >> >> 2.74    File::Basename
> >> >> 2.09    File::Copy
> >> >> 2.01    FileHandle
> >> >> 1.08    File::Path
> >> >> 0.20    File::Temp
> >> >> 0.90    Filesys::Df
> >> >> 1.35    HTML::Entities
> >> >> 3.56    HTML::Parser
> >> >> 2.37    HTML::TokeParser
> >> >> 1.23    IO
> >> >> 1.14    IO::File
> >> >> 1.13    IO::Pipe
> >> >> 2.02    Mail::Header
> >> >> 1.86    Math::BigInt
> >> >> 0.19    Math::BigRat
> >> >> 3.07    MIME::Base64
> >> >> 5.425   MIME::Decoder
> >> >> 5.425   MIME::Decoder::UU
> >> >> 5.425   MIME::Head
> >> >> 5.425   MIME::Parser
> >> >> 3.07    MIME::QuotedPrint
> >> >> 5.425   MIME::Tools
> >> >> 0.11    Net::CIDR
> >> >> 1.25    Net::IP
> >> >> 0.16    OLE::Storage_Lite
> >> >> 1.04    Pod::Escapes
> >> >> 3.05    Pod::Simple
> >> >> 1.09    POSIX
> >> >> 1.19    Scalar::Util
> >> >> 1.78    Socket
> >> >> 2.15    Storable
> >> >> 1.4     Sys::Hostname::Long
> >> >> 0.18    Sys::Syslog
> >> >> 1.26    Test::Pod
> >> >> 0.78    Test::Simple
> >> >> 1.86    Time::HiRes
> >> >> 1.02    Time::localtime
> >> >>
> >> >> Optional module versions are:
> >> >> 1.34    Archive::Tar
> >> >> 0.21    bignum
> >> >> 1.82    Business::ISBN
> >> >> 1.10    Business::ISBN::Data
> >> >> 1.08    Data::Dump
> >> >> 1.815   DB_File
> >> >> 1.14    DBD::SQLite
> >> >> 1.58    DBI
> >> >> 1.15    Digest
> >> >> 1.01    Digest::HMAC
> >> >> 2.36    Digest::MD5
> >> >> 2.11    Digest::SHA1
> >> >> 1.00    Encode::Detect
> >> >> 0.17010 Error
> >> >> 0.18    ExtUtils::CBuilder
> >> >> 2.18    ExtUtils::ParseXS
> >> >> 2.36    Getopt::Long
> >> >> 0.44    Inline
> >> >> 1.08    IO::String
> >> >> 1.07    IO::Zlib
> >> >> 2.21    IP::Country
> >> >> 0.22    Mail::ClamAV
> >> >> 3.002005        Mail::SpamAssassin
> >> >> v2.005  Mail::SPF
> >> >> 1.999001        Mail::SPF::Query
> >> >> 0.2808  Module::Build
> >> >> 0.20    Net::CIDR::Lite
> >> >> 0.63    Net::DNS
> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
> >> >>  4.004  NetAddr::IP
> >> >> 1.94    Parse::RecDescent
> >> >> missing SAVI
> >> >> 2.64    Test::Harness
> >> >> 0.95    Test::Manifest
> >> >> 1.98    Text::Balanced
> >> >> 1.35    URI
> >> >> 0.7203  version
> >> >> 0.62    YAML
> >> >>
> >> >> Thanks
> >> >>  Luciano.
> >> >>
> >
> >> > --
> >> > MailScanner mailing list
> >> > mailscanner@lists.mailscanner.info
> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >
> >> > Before posting, read http://wiki.mailscanner.info/posting
> >> >
> >> > Support MailScanner development - buy the book off the website!
> >> >
> >> > --
> >> > Il messaggio e' stato analizzato alla ricerca di virus o
> >> > contenuti pericolosi da MailScanner, ed e'
> >> > risultato non infetto.
> >> >
> >> >
> >>
> >> HI Martin,
> >> Lock Type = flock
> >>  ... for test my ideas ...
> >>
> >> I've setup this Mailscanner box for my client and
> >> i' ve reboot the machine friday at 18:45 with new params.
> >> Now i'm checking logs and i see Mailscanner pickup messages
> >> from Sunday at
> >> 15:00. None first!
> >> MailScanner needs more time for starting up?
> >>
> >> I' ve put
> >> Lock Type =
> >> now and
> >> 'service MailScanner restart'.
> >> Thank you.
> >> L.
> >>
> >>
> >
> > Hi
> >
> > Anything in the maillog reguarding mailScanner???
> >
> > Should only take a few seconds to get going.
> >
> > I'd drop to debug and see if you can spot anything.
> >
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >
> >
> >
> >
> >
> **********************************************************************
> > Confidentiality : This e-mail and any attachments are
> intended for the
> > addressee only and may be confidential. If they come to you in error
> > you must take no action based on them, nor must you copy or
> show them
> > to anyone. Please advise the sender by replying to this e-mail
> > immediately and then delete the original from your computer.
> > Opinion : Any opinions expressed in this e-mail are
> entirely those of
> > the author and unless specifically stated to the contrary, are not
> > necessarily those of the author's employer.
> > Security Warning : Internet e-mail is not necessarily a secure
> > communications medium and can be subject to data
> corruption. We advise
> > that you consider this fact when e-mailing us.
> > Viruses : We have taken steps to ensure that this e-mail and any
> > attachments are free from known viruses but in keeping with good
> > computing practice, you should ensure that they are virus free.
> >
> > Red Lion 49 Ltd T/A Solid State Logic
> > Registered as a limited company in England and Wales
> > (Company No:5362730)
> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> > United Kingdom
> >
> **********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> > --
> > Il messaggio e' stato analizzato alla ricerca di virus o
> > contenuti pericolosi da MailScanner, ed e'
> > risultato non infetto.
> >
> >
>
>
>
> --
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From alex at rtpty.com  Mon Jul  7 12:46:10 2008
From: alex at rtpty.com (Alex Neuman)
Date: Mon Jul  7 12:46:31 2008
Subject: Non-English testers?
In-Reply-To: <4871DA46.8050906@utwente.nl>
References: <486D352F.1040002@ecs.soton.ac.uk>
	<EMEW-k62Lij7a0222bd2aca6defd2f36c98aec5e4fe-0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com>
	<486D3C1B.9090604@ecs.soton.ac.uk> <4871DA46.8050906@utwente.nl>
Message-ID: <32095F2B-DCA3-44CD-8D39-BAA1532C018F@rtpty.com>

Have you tried googling +filetype:doc or +filetype:docx for a sample?

Sent from my iPhone

On Jul 7, 2008, at 3:56 AM, Peter Peters <P.G.M.Peters@utwente.nl>  
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Julian Field wrote on 3-7-2008 22:52:
>
>>> One other thing, if somebody here could be so kind to try out Office
>>> 2007 documents and/or Word documents with pictures and stuff  
>>> embedded
>>> within which *themselves* have international characters... Well,  
>>> just
>>> to be on the exaggerated safe side, if you catch my drift.
>> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword  
>> doesn't
>> support them. If anyone has a way of managing to read them, I would  
>> be
>> very interested to hear it. Or even just some helpful ideas.
>
> According to
> http://www.oooninja.com/2008/01/convert-openxml-docx-etc-in-linux-using.html
> odfconverter also supports docx. I haven't been able to test it  
> because
> I don't have access to a docx file.
>
> - --
> Peter Peters, Teamleider Unix/Linux-Beheer
> ICT-Servicecentrum
> Universiteit Twente, Postbus 217, 7500 AE Enschede
> Telefoon 053 489 2301, Fax 053 489 2383,
> P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIcdpFelLo80lrIdIRAvglAKCYBJ0XPQ1+21G8aWNp3Ufma5XeVwCaAlGh
> ZKs/loX0ox0QnWvoMP+cbRc=
> =45rn
> -----END PGP SIGNATURE-----
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From jra at baylink.com  Mon Jul  7 13:24:37 2008
From: jra at baylink.com (Jay R. Ashworth)
Date: Mon Jul  7 13:24:49 2008
Subject: Phishing Links
In-Reply-To: <g4isc7$iq6$2@ger.gmane.org>
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
	<g4isc7$iq6$2@ger.gmane.org>
Message-ID: <20080707122437.GA19043@cgi.jachomes.com>

On Thu, Jul 03, 2008 at 08:48:47AM -0700, Scott Silva wrote:
> on 7-3-2008 6:58 AM Pedro Bordin Hoffmann - [M]orpheus spake the following:
> >When Mailscanner finds some phishing link, it puts a message that this 
> >link may be some phishing, but it don't remove the link.
> >
> >Is there a way to remove links that mailscanner thinks is phishing?
> >
> >Thanks!
> >
> But what if it is wrong?
> Then you have removed links that might be legitimate.
> Not all links that "look phishy" are phishing attempts.

Indeed; this is a topic the RISKS Digest covers fairly often: lots of
legitimate organizations sub out their emailing, to companies that
aren't smart enough to not make legit emails *look* like phishes.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)
From jra at baylink.com  Mon Jul  7 13:26:58 2008
From: jra at baylink.com (Jay R. Ashworth)
Date: Mon Jul  7 13:27:08 2008
Subject: Non-English testers?
In-Reply-To: <486D3C1B.9090604@ecs.soton.ac.uk>
References: <486D352F.1040002@ecs.soton.ac.uk>
	<EMEW-k62Lij7a0222bd2aca6defd2f36c98aec5e4fe-0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com>
	<486D3C1B.9090604@ecs.soton.ac.uk>
Message-ID: <20080707122658.GB19043@cgi.jachomes.com>

On Thu, Jul 03, 2008 at 09:52:43PM +0100, Julian Field wrote:
> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword doesn't 
> support them. If anyone has a way of managing to read them, I would be 
> very interested to hear it. Or even just some helpful ideas.

But, but... .docx is this wonderful, open, XML based file format that's
easy to parse.  Right?  I mean, that's what Microsoft has been telling
us...

:-)

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)
From lucianog at metline.it  Mon Jul  7 13:52:46 2008
From: lucianog at metline.it (Luciano Grego)
Date: Mon Jul  7 13:53:38 2008
Subject: MailScanner on FC8 don't pickup emails
References: <22c28cd18b8a8445861e6ca828c11786@solidstatelogic.com>,
	<461154D3BC314695B971D5B750769C3D@LUCIANO>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C65717B8599@server02.bhl.local>
Message-ID: <870FA5DFD90F4230BE12BFC138711E3A@LUCIANO>

Hi Jason,
I' ve configured and tested sendmail previous of Mailscanner leaving 
sendmail mostly at default.
The box accept email from 1 domain and deliver on local mailboxes.
After installing the RPM version of MailScanner plus Spamassassin / clamAV 
from Mailscanner website,
i' ve stopped sendmail and starting MailScanner. ( chkconfig sendmail off, 
chkconfig MailScanner on + reboot )

I've compiled with $LANG set to default on Fedora ( LANG="it_IT.UTF-8" )
but i remember to change this  in LANG=it_IT in the past ( 2/3 year ago 
... ).
It's the proper option again?
 Luciano



----- Original Message ----- 
From: "Jason Ede" <J.Ede@birchenallhowden.co.uk>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Monday, July 07, 2008 12:42 PM
Subject: RE: MailScanner on FC8 don't pickup emails


>
> Have you configured your MTA to work with MailScanner properly?
>
> Jason
> ________________________________________
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Luciano Grego 
> [lucianog@metline.it]
> Sent: 07 July 2008 11:33
> To: MailScanner discussion
> Subject: Re: MailScanner on FC8 don't pickup emails
>
> Hi,
> Excuse me for long list ...
> But ... in debug mode i should see the email passing through MailScanner?
>
> I have not answered your question first:  What install instructions have 
> you
> followed?
> I' ve follow the INSTALL file guide. Untar src file and ./install.sh.
>
> --
>
> mail  root  [ /var/log ] MailScanner --debug --debug-sa
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> 12:23:04 SpamAssassin temp dir =
> /var/spool/MailScanner/incoming/SpamAssassin-Temp
> 12:23:04 [10417] dbg: logger: adding facilities: all
> 12:23:04 [10417] dbg: logger: logging level is DBG
> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5
> 12:23:04 [10417] dbg: config: score set 0 chosen.
> 12:23:04 [10417] dbg: util: running in taint mode? no
> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes
> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63
> 12:23:04 [10417] dbg: ignore: test message to precompile patterns and load
> modules
> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site 
> rules
> pre files
> 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/init.pre
> 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v310.pre
> 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v312.pre
> 12:23:04 [10417] dbg: config: read file /etc/mail/spamassassin/v320.pre
> 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for 
> sys
> rules pre files
> 12:23:04 [10417] dbg: config: using "/var/lib/spamassassin/3.002005" for
> default rules dir
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin" for site 
> rules
> dir
> 12:23:04 [10417] dbg: config: read file
> /etc/mail/spamassassin/mailscanner.cf
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from
> @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::RelayCountry from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2
> from @INC
> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor 
> from
> @INC
> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::Razor2, already registered
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop
> from @INC
> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from
> @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
> 12:23:04 [10417] dbg: plugin: loading 
> Mail::SpamAssassin::Plugin::MIMEHeader
> from @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::ReplaceTags from @INC
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::RelayCountry, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::SPF, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check 
> from
> @INC
> 12:23:04 [10417] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
> 12:23:04 [10417] dbg: plugin: loading 
> Mail::SpamAssassin::Plugin::URIDetail
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes 
> from
> @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading 
> Mail::SpamAssassin::Plugin::HeaderEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading 
> Mail::SpamAssassin::Plugin::RelayEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval
> from @INC
> 12:23:04 [10417] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce
> from @INC
> 12:23:04 [10417] dbg: plugin: loading 
> Mail::SpamAssassin::Plugin::ImageInfo
> from @INC
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::RelayCountry, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::SPF, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
> 12:23:04 [10417] dbg: plugin: did not register
> Mail::SpamAssassin::Plugin::Razor2, already registered
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" 
> for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for
> included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
> 12:23:04 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
> 12:23:04 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf"
> for included file
> 12:23:04 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf"
> for included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" for
> included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" 
> for
> included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" for
> included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
> 12:23:05 [10417] dbg: config: fixed relative path:
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
> 12:23:05 [10417] dbg: config: using
> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf"
> for included file
> 12:23:05 [10417] dbg: config: read file
> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates: 
> __MO_OL_C65FA
> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates: 
> __XM_OL_A842E
> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates: 
> __MO_OL_8627E
> __MO_OL_F3B05
> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates:
> __RATWARE_0_TZ_DATE
> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates: 
> __XM_OL_25340
> __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF
> __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01
> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA
> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates:
> HS_SUBJ_NEW_SOFTWARE
> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates:
> __HAS_MSMAIL_PRI
> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates: 
> __MO_OL_6554A
> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates: 
> __XM_OL_4BF4C
> __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1
> __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8
> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates: 
> __MO_OL_B30D1
> __MO_OL_CF0C0
> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates: 
> KAM_STOCKTIP15
> KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6
> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates: 
> __MO_OL_4F240
> __MO_OL_ADFF7
> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates: 
> __MO_OL_BC7E6
> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates: 
> __MO_OL_4EEDB
> __MO_OL_7533E
> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates: 
> __MO_OL_B4B40
> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates:
> __HAS_ANY_URI
> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates: 
> __XM_OL_EF20B
> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates:
> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF
> DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1
> HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE
> URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS
> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED
> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY 
> YOUR_CRD_RATING
> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates: 
> __MO_OL_A842E
> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates: 
> __MO_OL_FF5C8
> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates: 
> __MO_OL_F6D01
> 12:23:05 [10417] dbg: conf: finish parsing
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c) implements
> 'finish_parsing_end', priority 0
> 12:23:05 [10417] dbg: replacetags: replacing tags
> 12:23:05 [10417] dbg: replacetags: done replacing tags
> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes__toks
> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes__seen
> 12:23:05 [10417] dbg: bayes: found bayes db version 3
> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
> 12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in
> bayes DB < 200
> 12:23:05 [10417] dbg: bayes: untie-ing
> 12:23:05 [10417] dbg: config: score set 1 chosen.
> 12:23:05 [10417] dbg: message: main message type: text/plain
> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ----
> 12:23:05 [10417] dbg: message: parsing normal part
> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ----
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc) implements
> 'check_start', priority 0
> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes__toks
> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
> /etc/MailScanner/bayes/bayes__seen
> 12:23:05 [10417] dbg: bayes: found bayes db version 3
> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
> 12:23:05 [10417] dbg: bayes: not available for scanning, only 1 spam(s) in
> bayes DB < 200
> 12:23:05 [10417] dbg: bayes: untie-ing
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements 'check_main',
> priority 0
> 12:23:05 [10417] dbg: conf: trusted_networks are not configured; it is
> recommended that you configure trusted_networks manually
> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted:
> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted:
> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal:
> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External:
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements
> 'extract_metadata', priority 0
> 12:23:05 [10417] dbg: metadata: X-Relay-Countries:
> 12:23:05 [10417] dbg: message: no encoding detected
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08) implements
> 'parsed_metadata', priority 0
> 12:23:05 [10417] dbg: plugin:
> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c) implements
> 'parsed_metadata', priority 0
> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes
> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63
> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18, LocalAddr: 0.0.0.0
> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is 110592 bytes
> 12:23:05 [10417] dbg: dns: dns_available set to yes in config file, 
> skipping
> test
> 12:23:05 [10417] dbg: uridnsbl: domains to query:
> 12:23:05 [10417] dbg: dns: checking RBL sa-other.bondedsender.org., set
> bsp-untrusted
> 12:23:05 [10417] dbg: dns: checking RBL plus.bondedsender.org., set
> ssc-firsttrusted
> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl
> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop
> 12:23:05 [10417] dbg: dns: checking RBL 
> dob.sibl.support-intelligence.net.,
> set dob
> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set
> zen-lastexternal
> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set
> sorbs-lastexternal
> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set
> zen-lastexternal
> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set
> dnswl-firsttrusted
> 12:23:05 [10417] dbg: dns: checking RBL sa-accredit.habeas.com., set
> habeas-firsttrusted
> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set
> dsbl-lastexternal
> 12:23:05 [10417] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
> bsp-firsttrusted
> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen
> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set
> iadb-firsttrusted
> 12:23:05 [10417] dbg: check: running tests for priority: -1000
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: eval: all '*From' addrs:
> ignore@compiling.spamassassin.taint.org
> 12:23:05 [10417] dbg: eval: all '*To' addrs:
> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled meta tests
> 12:23:05 [10417] dbg: check: running tests for priority: -950
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled meta tests
> 12:23:05 [10417] dbg: check: running tests for priority: -900
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled meta tests
> 12:23:05 [10417] dbg: check: running tests for priority: -400
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled meta tests
> 12:23:05 [10417] dbg: check: running tests for priority: 0
> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
> 12:23:05 [10417] dbg: rules: compiled head tests
> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF ======> got 
> hit:
> "UNSET"
> 12:23:05 [10417] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======>
> got hit: "
> 12:23:05 [10417] dbg: rules: Message-Id: "
> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE ======> got hit:
> "UNSET"
> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST ======> got
> hit: "@spamassassin_spamd_init>"
> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got
> hit: "1215426184"
> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID ======> got hit:
> "<"
> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
> "<1215426184.34281@spamassassin_spamd_init>
> 12:23:05 [10417] dbg: rules: "
> 12:23:05 [10417] dbg: spf: checking to see if the message has a 
> Received-SPF
> header that we can use
> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks
> 12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping
> SPF-helo check
> 12:23:05 [10417] dbg: spf: already checked for Received-SPF headers,
> proceeding with DNS based checks
> 12:23:05 [10417] dbg: spf: no suitable relay for spf use found, skipping 
> SPF
> check
> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1)
> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already checked spf and
> didn't get pass, skipping whitelist check
> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got 
> hit
> (1)
> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit
> (1)
> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already checked spf and
> didn't get pass, skipping whitelist check
> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581
> 12:23:05 [10417] dbg: rules: compiled body tests
> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY ======> got 
> hit:
> "I"
> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581
> 12:23:05 [10417] dbg: rules: compiled uri tests
> 12:23:05 [10417] dbg: eval: stock info total: 0
> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581
> 12:23:05 [10417] dbg: rules: compiled rawbody tests
> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit:
> "need"
> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581
> 12:23:05 [10417] dbg: rules: compiled full tests
> 12:23:05 [10417] dbg: info: entering helper-app run mode
> 12:23:06 [10417] dbg: info: leaving helper-app run mode
> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0
> 12:23:06 [10417] dbg: razor2: results: spam? 0
> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0
> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0
> 12:23:06 [10417] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin
> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor executable
> found
> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor
> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled meta tests
> 12:23:06 [10417] dbg: check: running tests for priority: 500
> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries
> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled head tests
> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled body tests
> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled uri tests
> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled rawbody tests
> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: compiled full tests
> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has undefined
> dependency 'DCC_CHECK'
> 12:23:06 [10417] dbg: rules: compiled meta tests
> 12:23:06 [10417] dbg: check: running tests for priority: 1000
> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled head tests
> 12:23:06 [10417] dbg: locker: safe_lock: created
> /root/.spamassassin/auto-whitelist.mutex
> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock on
> /root/.spamassassin/auto-whitelist with 30 timeout
> 12:23:06 [10417] dbg: locker: safe_lock: link to
> /root/.spamassassin/auto-whitelist.mutex: link ok
> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of type DB_File 
> R/W
> in /root/.spamassassin/auto-whitelist
> 12:23:06 [10417] dbg: auto-whitelist: db-based
> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score: 2.865,
> autolearn score: 2.865, mean: undef, IP: undef
> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing and 
> unlocking
> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file locked, breaking
> lock
> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked
> /root/.spamassassin/auto-whitelist.mutex
> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865
> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled body tests
> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled uri tests
> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled rawbody tests
> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled full tests
> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865
> 12:23:06 [10417] dbg: rules: compiled meta tests
> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5
> 12:23:06 [10417] dbg: check:
> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS
> 12:23:06 [10417] dbg: check:
> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID
> 12:23:06 Building a message batch to scan...
>
>
>
> ----- Original Message -----
> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Monday, July 07, 2008 12:08 PM
> Subject: RE: MailScanner on FC8 don't pickup emails
>
>
>>
>>
>>
>>> -----Original Message-----
>>> From: mailscanner-bounces@lists.mailscanner.info
>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>> Of Luciano Grego
>>> Sent: 07 July 2008 11:00
>>> To: MailScanner discussion
>>> Subject: Re: MailScanner on FC8 don't pickup emails
>>>
>>>
>>> ----- Original Message -----
>>> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>> Sent: Monday, July 07, 2008 11:06 AM
>>> Subject: RE: MailScanner on FC8 don't pickup emails
>>>
>>>
>>> >I would have thought you'd need to change the Lock Type to
>>> the default
>>> >(blank) as sendmail 8.14 usually uses posix (unless fedora
>>> change this)
>>> >
>>> > Also a "MailScanner --debug --debug-sa" output to a
>>> pastebin or web page
>>> > (as they can be large) would be interesting to see?
>>> >
>>> > What install instructions have you followed?
>>> >
>>> > --
>>> > Martin Hepworth
>>> > Snr Systems Administrator
>>> > Solid State Logic
>>> > Tel: +44 (0)1865 842300
>>> >
>>> >> -----Original Message-----
>>> >> From: mailscanner-bounces@lists.mailscanner.info
>>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>> >> Of Luciano Grego
>>> >> Sent: 07 July 2008 09:54
>>> >> To: mailscanner@lists.mailscanner.info
>>> >> Subject: MailScanner on FC8 don't pickup emails
>>> >>
>>> >> Hi,
>>> >> I' ve installed Fedora Core 8 and updated at latest fix, then
>>> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
>>> 4.71.2-2).
>>> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
>>> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
>>> >> It' s a locking problem?
>>> >> Must reinstall with --nodeps?
>>> >>
>>> >> Here 'MailScanner --lint':
>>> >>
>>> >> Trying to setlogsock(unix)
>>> >> Read 824 hostnames from the phishing whitelist Read 3052
>>> >> hostnames from the phishing blacklist Checking version numbers...
>>> >> Version number in MailScanner.conf (4.71.2) is correct.
>>> >>
>>> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>> >>
>>> >> Checking for SpamAssassin errors (if you use it)...
>>> >> SpamAssassin temporary working directory is
>>> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>> >> SpamAssassin temp dir =
>>> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>> >> Using SpamAssassin results cache
>>> >> Connected to SpamAssassin cache database SpamAssassin
>>> >> reported no errors.
>>> >> ClamAV scanner using unrar command /usr/bin/unrar Using
>>> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
>>> >> Found these virus scanners installed: clamavmodule
>>> >> ==============================================================
>>> >> =============
>>> >> Virus and Content Scanning: Starting
>>> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
>>> >> Eicar-Test-Signature FOUND
>>> >>
>>> >> /var/spool/MailScanner/incoming/9520/./1.message:
>>> >> Eicar-Test-Signature FOUND
>>> >>
>>> >> Virus Scanning: ClamAV found 2 infections Infected message
>>> >> 1.message came from Infected message 1 came from 10.1.1.1
>>> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
>>> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
>>> >> Checks: Found 1 problems
>>> >> ==============================================================
>>> >> =============
>>> >> Virus Scanner test reports:
>>> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
>>> >>
>>> >> If any of your virus scanners (clamavmodule) are not listed
>>> >> there, you should check that they are installed correctly and
>>> >> that MailScanner is finding them correctly via its
>>> >> virus.scanners.conf.
>>> >>
>>> >>
>>> >> --
>>> >>
>>> >> Here 'MailScanner -v':
>>> >> Running on
>>> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
>>> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
>>> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
>>> >>
>>> >> This is MailScanner version 4.71.2
>>> >> Module versions are:
>>> >> 1.00    AnyDBM_File
>>> >> 1.20    Archive::Zip
>>> >> 0.21    bignum
>>> >> 1.04    Carp
>>> >> 2.005   Compress::Zlib
>>> >> 1.119   Convert::BinHex
>>> >> 0.17    Convert::TNEF
>>> >> 2.121_08        Data::Dumper
>>> >> 2.27    Date::Parse
>>> >> 1.00    DirHandle
>>> >> 1.05    Fcntl
>>> >> 2.74    File::Basename
>>> >> 2.09    File::Copy
>>> >> 2.01    FileHandle
>>> >> 1.08    File::Path
>>> >> 0.20    File::Temp
>>> >> 0.90    Filesys::Df
>>> >> 1.35    HTML::Entities
>>> >> 3.56    HTML::Parser
>>> >> 2.37    HTML::TokeParser
>>> >> 1.23    IO
>>> >> 1.14    IO::File
>>> >> 1.13    IO::Pipe
>>> >> 2.02    Mail::Header
>>> >> 1.86    Math::BigInt
>>> >> 0.19    Math::BigRat
>>> >> 3.07    MIME::Base64
>>> >> 5.425   MIME::Decoder
>>> >> 5.425   MIME::Decoder::UU
>>> >> 5.425   MIME::Head
>>> >> 5.425   MIME::Parser
>>> >> 3.07    MIME::QuotedPrint
>>> >> 5.425   MIME::Tools
>>> >> 0.11    Net::CIDR
>>> >> 1.25    Net::IP
>>> >> 0.16    OLE::Storage_Lite
>>> >> 1.04    Pod::Escapes
>>> >> 3.05    Pod::Simple
>>> >> 1.09    POSIX
>>> >> 1.19    Scalar::Util
>>> >> 1.78    Socket
>>> >> 2.15    Storable
>>> >> 1.4     Sys::Hostname::Long
>>> >> 0.18    Sys::Syslog
>>> >> 1.26    Test::Pod
>>> >> 0.78    Test::Simple
>>> >> 1.86    Time::HiRes
>>> >> 1.02    Time::localtime
>>> >>
>>> >> Optional module versions are:
>>> >> 1.34    Archive::Tar
>>> >> 0.21    bignum
>>> >> 1.82    Business::ISBN
>>> >> 1.10    Business::ISBN::Data
>>> >> 1.08    Data::Dump
>>> >> 1.815   DB_File
>>> >> 1.14    DBD::SQLite
>>> >> 1.58    DBI
>>> >> 1.15    Digest
>>> >> 1.01    Digest::HMAC
>>> >> 2.36    Digest::MD5
>>> >> 2.11    Digest::SHA1
>>> >> 1.00    Encode::Detect
>>> >> 0.17010 Error
>>> >> 0.18    ExtUtils::CBuilder
>>> >> 2.18    ExtUtils::ParseXS
>>> >> 2.36    Getopt::Long
>>> >> 0.44    Inline
>>> >> 1.08    IO::String
>>> >> 1.07    IO::Zlib
>>> >> 2.21    IP::Country
>>> >> 0.22    Mail::ClamAV
>>> >> 3.002005        Mail::SpamAssassin
>>> >> v2.005  Mail::SPF
>>> >> 1.999001        Mail::SPF::Query
>>> >> 0.2808  Module::Build
>>> >> 0.20    Net::CIDR::Lite
>>> >> 0.63    Net::DNS
>>> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>>> >>  4.004  NetAddr::IP
>>> >> 1.94    Parse::RecDescent
>>> >> missing SAVI
>>> >> 2.64    Test::Harness
>>> >> 0.95    Test::Manifest
>>> >> 1.98    Text::Balanced
>>> >> 1.35    URI
>>> >> 0.7203  version
>>> >> 0.62    YAML
>>> >>
>>> >> Thanks
>>> >>  Luciano.
>>> >>
>>
>>> > --
>>> > MailScanner mailing list
>>> > mailscanner@lists.mailscanner.info
>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> >
>>> > Before posting, read http://wiki.mailscanner.info/posting
>>> >
>>> > Support MailScanner development - buy the book off the website!
>>> >
>>> > --
>>> > Il messaggio e' stato analizzato alla ricerca di virus o
>>> > contenuti pericolosi da MailScanner, ed e'
>>> > risultato non infetto.
>>> >
>>> >
>>>
>>> HI Martin,
>>> Lock Type = flock
>>>  ... for test my ideas ...
>>>
>>> I've setup this Mailscanner box for my client and
>>> i' ve reboot the machine friday at 18:45 with new params.
>>> Now i'm checking logs and i see Mailscanner pickup messages
>>> from Sunday at
>>> 15:00. None first!
>>> MailScanner needs more time for starting up?
>>>
>>> I' ve put
>>> Lock Type =
>>> now and
>>> 'service MailScanner restart'.
>>> Thank you.
>>> L.
>>>
>>>
>>
>> Hi
>>
>> Anything in the maillog reguarding mailScanner???
>>
>> Should only take a few seconds to get going.
>>
>> I'd drop to debug and see if you can spot anything.
>>
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>>
>>
>>
>> **********************************************************************
>> Confidentiality : This e-mail and any attachments are intended for the
>> addressee only and may be confidential. If they come to you in error
>> you must take no action based on them, nor must you copy or show them
>> to anyone. Please advise the sender by replying to this e-mail
>> immediately and then delete the original from your computer.
>> Opinion : Any opinions expressed in this e-mail are entirely those of
>> the author and unless specifically stated to the contrary, are not
>> necessarily those of the author's employer.
>> Security Warning : Internet e-mail is not necessarily a secure
>> communications medium and can be subject to data corruption. We advise
>> that you consider this fact when e-mailing us.
>> Viruses : We have taken steps to ensure that this e-mail and any
>> attachments are free from known viruses but in keeping with good
>> computing practice, you should ensure that they are virus free.
>>
>> Red Lion 49 Ltd T/A Solid State Logic
>> Registered as a limited company in England and Wales
>> (Company No:5362730)
>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>> United Kingdom
>> **********************************************************************
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>> --
>> Il messaggio e' stato analizzato alla ricerca di virus o
>> contenuti pericolosi da MailScanner, ed e'
>> risultato non infetto.
>>
>>
>
>
>
> --
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> -- 
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.
>
> 



-- 
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.

From lucianog at metline.it  Mon Jul  7 14:14:15 2008
From: lucianog at metline.it (Luciano Grego)
Date: Mon Jul  7 14:17:16 2008
Subject: MailScanner on FC8 don't pickup emails
References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com>
Message-ID: <B71CA6E291D24F2BB9712EE07A20757B@LUCIANO>

I've used the default path in MailScanner.conf. ( 
INQDIR=/var/spool/mqueue.in )
and leaving MailScanner in /etc/init.d that starting sendmail in agreement.


----- Original Message ----- 
From: "Martin.Hepworth" <martinh@solidstatelogic.com>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Monday, July 07, 2008 1:07 PM
Subject: RE: MailScanner on FC8 don't pickup emails


> Luciano
>
> You should be using the rpm version for Fedora installs..
>
> http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz
>
> Than follow the rpm based install instructions.
>
> You need to configure the MailScanner.conf to point at correct locations 
> for the sendmail queues etc.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Luciano Grego
>> Sent: 07 July 2008 11:34
>> To: MailScanner discussion
>> Subject: Re: MailScanner on FC8 don't pickup emails
>>
>> Hi,
>> Excuse me for long list ...
>> But ... in debug mode i should see the email passing through
>> MailScanner?
>>
>> I have not answered your question first:  What install
>> instructions have you followed?
>> I' ve follow the INSTALL file guide. Untar src file and ./install.sh.
>>
>> --
>>
>> mail  root  [ /var/log ] MailScanner --debug --debug-sa In
>> Debugging mode, not forking...
>> Trying to setlogsock(unix)
>> 12:23:04 SpamAssassin temp dir =
>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> 12:23:04 [10417] dbg: logger: adding facilities: all
>> 12:23:04 [10417] dbg: logger: logging level is DBG
>> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5
>> 12:23:04 [10417] dbg: config: score set 0 chosen.
>> 12:23:04 [10417] dbg: util: running in taint mode? no
>> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes
>> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63
>> 12:23:04 [10417] dbg: ignore: test message to precompile
>> patterns and load modules
>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
>> for site rules pre files
>> 12:23:04 [10417] dbg: config: read file
>> /etc/mail/spamassassin/init.pre
>> 12:23:04 [10417] dbg: config: read file
>> /etc/mail/spamassassin/v310.pre
>> 12:23:04 [10417] dbg: config: read file
>> /etc/mail/spamassassin/v312.pre
>> 12:23:04 [10417] dbg: config: read file
>> /etc/mail/spamassassin/v320.pre
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005" for sys rules pre files
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005" for default rules dir
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
>> for site rules dir
>> 12:23:04 [10417] dbg: config: read file
>> /etc/mail/spamassassin/mailscanner.cf
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::URIDNSBL
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Hashcash
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::SPF from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::RelayCountry from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Razor2
>> from @INC
>> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Pyzor from @INC
>> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor
>> 12:23:04 [10417] dbg: plugin: did not register
>> Mail::SpamAssassin::Plugin::Razor2, already registered
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::SpamCop
>> from @INC
>> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::AWL from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::MIMEHeader
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC
>> 12:23:04 [10417] dbg: plugin: did not register
>> Mail::SpamAssassin::Plugin::RelayCountry, already registered
>> 12:23:04 [10417] dbg: plugin: did not register
>> Mail::SpamAssassin::Plugin::SPF, already registered
>> 12:23:04 [10417] dbg: plugin: did not register
>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Check from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::URIDetail
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Bayes from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::BodyEval
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::DNSEval
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::HTMLEval
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::HeaderEval
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::MIMEEval
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::RelayEval
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::URIEval
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::WLBLEval
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::VBounce
>> from @INC
>> 12:23:04 [10417] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::ImageInfo
>> from @INC
>> 12:23:04 [10417] dbg: plugin: did not register
>> Mail::SpamAssassin::Plugin::RelayCountry, already registered
>> 12:23:04 [10417] dbg: plugin: did not register
>> Mail::SpamAssassin::Plugin::SPF, already registered
>> 12:23:04 [10417] dbg: plugin: did not register
>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
>> 12:23:04 [10417] dbg: plugin: did not register
>> Mail::SpamAssassin::Plugin::Razor2, already registered
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
>> ault_prefs.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de
>> fault_prefs.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
>> ault_prefs.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
>> ance_fee.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad
>> vance_fee.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
>> ance_fee.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
>> y_tests.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo
>> dy_tests.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
>> y_tests.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
>> pensate.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co
>> mpensate.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
>> pensate.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
>> bl_tests.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn
>> sbl_tests.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
>> bl_tests.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr
>> ugs.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy
>> nrdns.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
>> e_helo_tests.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa
>> ke_helo_tests.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
>> e_helo_tests.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
>> d_tests.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he
>> ad_tests.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
>> d_tests.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
>> l_tests.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht
>> ml_tests.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
>> l_tests.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
>> geinfo.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im
>> ageinfo.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
>> geinfo.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
>> a_tests.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me
>> ta_tests.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
>> a_tests.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
>> _tests.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne
>> t_tests.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
>> _tests.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph
>> rases.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po
>> rn.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra
>> tware.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
>> _tests.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur
>> i_tests.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
>> _tests.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb
>> ounce.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba
>> yes.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac
>> cessdb.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
>> ivirus.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an
>> tivirus.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
>> ivirus.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as
>> n.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc
>> c.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk
>> im.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
>> ainkeys.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do
>> mainkeys.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
>> ainkeys.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha
>> shcash.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py
>> zor.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra
>> zor2.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re
>> place.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp
>> f.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te
>> xtcat.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur
>> ibl.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>> xt_de.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>> xt_fr.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>> xt_it.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>> xt_nl.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>> xt_pl.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
>> t_pt_br.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>> xt_pt_br.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
>> t_pt_br.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc
>> ores.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw
>> l.cf" for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
>> rtcircuit.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh
>> ortcircuit.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
>> rtcircuit.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>> itelist.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist_dk.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>> itelist_dk.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist_dk.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist_dkim.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>> itelist_dkim.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist_dkim.cf
>> 12:23:04 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist_spf.cf
>> 12:23:04 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>> itelist_spf.cf"
>> for included file
>> 12:23:04 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist_spf.cf
>> 12:23:05 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist_subject.cf
>> 12:23:05 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>> itelist_subject.cf"
>> for included file
>> 12:23:05 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>> telist_subject.cf
>> 12:23:05 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
>> 12:23:05 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac
>> tive.cf" for included file
>> 12:23:05 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
>> 12:23:05 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
>> 12:23:05 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re
>> moved.cf" for included file
>> 12:23:05 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
>> 12:23:05 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>> 12:23:05 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc
>> ores.cf" for included file
>> 12:23:05 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>> 12:23:05 [10417] dbg: config: fixed relative path:
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
>> itional.cf
>> 12:23:05 [10417] dbg: config: using
>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad
>> ditional.cf"
>> for included file
>> 12:23:05 [10417] dbg: config: read file
>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
>> itional.cf
>> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates:
>> __MO_OL_C65FA
>> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates:
>> __XM_OL_A842E
>> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates:
>> __MO_OL_8627E
>> __MO_OL_F3B05
>> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates:
>> __RATWARE_0_TZ_DATE
>> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates:
>> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5
>> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0
>> __XM_OL_F475E __XM_OL_F6D01
>> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged
>> duplicates: __MSGID_VGA
>> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates:
>> HS_SUBJ_NEW_SOFTWARE
>> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates:
>> __HAS_MSMAIL_PRI
>> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates:
>> __MO_OL_6554A
>> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates:
>> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B
>> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6
>> __XM_OL_F3B05 __XM_OL_FF5C8
>> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates:
>> __MO_OL_B30D1 __MO_OL_CF0C0
>> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates:
>> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4
>> KAM_STOCKTIP6
>> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates:
>> __MO_OL_4F240
>> __MO_OL_ADFF7
>> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates:
>> __MO_OL_BC7E6
>> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates:
>> __MO_OL_4EEDB __MO_OL_7533E
>> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates:
>> __MO_OL_B4B40
>> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates:
>> __HAS_ANY_URI
>> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates:
>> __XM_OL_EF20B
>> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates:
>> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER
>> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2
>> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE
>> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX
>> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS
>> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED
>> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY
>> YOUR_CRD_RATING
>> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates:
>> __MO_OL_A842E
>> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates:
>> __MO_OL_FF5C8
>> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates:
>> __MO_OL_F6D01
>> 12:23:05 [10417] dbg: conf: finish parsing
>> 12:23:05 [10417] dbg: plugin:
>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c)
>> implements 'finish_parsing_end', priority 0
>> 12:23:05 [10417] dbg: replacetags: replacing tags
>> 12:23:05 [10417] dbg: replacetags: done replacing tags
>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>> /etc/MailScanner/bayes/bayes__toks
>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>> /etc/MailScanner/bayes/bayes__seen
>> 12:23:05 [10417] dbg: bayes: found bayes db version 3
>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
>> 12:23:05 [10417] dbg: bayes: not available for scanning, only
>> 1 spam(s) in bayes DB < 200
>> 12:23:05 [10417] dbg: bayes: untie-ing
>> 12:23:05 [10417] dbg: config: score set 1 chosen.
>> 12:23:05 [10417] dbg: message: main message type: text/plain
>> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ----
>> 12:23:05 [10417] dbg: message: parsing normal part
>> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ----
>> 12:23:05 [10417] dbg: plugin:
>> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc)
>> implements 'check_start', priority 0
>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>> /etc/MailScanner/bayes/bayes__toks
>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>> /etc/MailScanner/bayes/bayes__seen
>> 12:23:05 [10417] dbg: bayes: found bayes db version 3
>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
>> 12:23:05 [10417] dbg: bayes: not available for scanning, only
>> 1 spam(s) in bayes DB < 200
>> 12:23:05 [10417] dbg: bayes: untie-ing
>> 12:23:05 [10417] dbg: plugin:
>> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements
>> 'check_main', priority 0
>> 12:23:05 [10417] dbg: conf: trusted_networks are not
>> configured; it is recommended that you configure
>> trusted_networks manually
>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted:
>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted:
>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal:
>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External:
>> 12:23:05 [10417] dbg: plugin:
>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
>> implements 'extract_metadata', priority 0
>> 12:23:05 [10417] dbg: metadata: X-Relay-Countries:
>> 12:23:05 [10417] dbg: message: no encoding detected
>> 12:23:05 [10417] dbg: plugin:
>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08)
>> implements 'parsed_metadata', priority 0
>> 12:23:05 [10417] dbg: plugin:
>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
>> implements 'parsed_metadata', priority 0
>> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes
>> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63
>> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18,
>> LocalAddr: 0.0.0.0
>> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is
>> 110592 bytes
>> 12:23:05 [10417] dbg: dns: dns_available set to yes in config
>> file, skipping test
>> 12:23:05 [10417] dbg: uridnsbl: domains to query:
>> 12:23:05 [10417] dbg: dns: checking RBL
>> sa-other.bondedsender.org., set bsp-untrusted
>> 12:23:05 [10417] dbg: dns: checking RBL
>> plus.bondedsender.org., set ssc-firsttrusted
>> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl
>> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop
>> 12:23:05 [10417] dbg: dns: checking RBL
>> dob.sibl.support-intelligence.net.,
>> set dob
>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
>> set zen-lastexternal
>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set
>> sorbs-lastexternal
>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
>> set zen-lastexternal
>> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set
>> dnswl-firsttrusted
>> 12:23:05 [10417] dbg: dns: checking RBL
>> sa-accredit.habeas.com., set habeas-firsttrusted
>> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set
>> dsbl-lastexternal
>> 12:23:05 [10417] dbg: dns: checking RBL
>> sa-trusted.bondedsender.org., set bsp-firsttrusted
>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen
>> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set
>> iadb-firsttrusted
>> 12:23:05 [10417] dbg: check: running tests for priority: -1000
>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled head tests
>> 12:23:05 [10417] dbg: eval: all '*From' addrs:
>> ignore@compiling.spamassassin.taint.org
>> 12:23:05 [10417] dbg: eval: all '*To' addrs:
>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled body tests
>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled uri tests
>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled full tests
>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled meta tests
>> 12:23:05 [10417] dbg: check: running tests for priority: -950
>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled head tests
>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled body tests
>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled uri tests
>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled full tests
>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled meta tests
>> 12:23:05 [10417] dbg: check: running tests for priority: -900
>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled head tests
>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled body tests
>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled uri tests
>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled full tests
>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled meta tests
>> 12:23:05 [10417] dbg: check: running tests for priority: -400
>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled head tests
>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled body tests
>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled uri tests
>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled full tests
>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled meta tests
>> 12:23:05 [10417] dbg: check: running tests for priority: 0
>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>> 12:23:05 [10417] dbg: rules: compiled head tests
>> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF
>> ======> got hit:
>> "UNSET"
>> 12:23:05 [10417] dbg: rules: ran header rule
>> __MSOE_MID_WRONG_CASE ======> got hit: "
>> 12:23:05 [10417] dbg: rules: Message-Id: "
>> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE
>> ======> got hit:
>> "UNSET"
>> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST
>> ======> got
>> hit: "@spamassassin_spamd_init>"
>> 12:23:05 [10417] dbg: rules: ran header rule
>> __MSGID_OK_DIGITS ======> got
>> hit: "1215426184"
>> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID
>> ======> got hit:
>> "<"
>> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID
>> ======> got hit:
>> "<1215426184.34281@spamassassin_spamd_init>
>> 12:23:05 [10417] dbg: rules: "
>> 12:23:05 [10417] dbg: spf: checking to see if the message has
>> a Received-SPF header that we can use
>> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks
>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
>> found, skipping SPF-helo check
>> 12:23:05 [10417] dbg: spf: already checked for Received-SPF
>> headers, proceeding with DNS based checks
>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
>> found, skipping SPF check
>> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======>
>> got hit (1)
>> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already
>> checked spf and didn't get pass, skipping whitelist check
>> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID
>> ======> got hit
>> (1)
>> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS
>> ======> got hit
>> (1)
>> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already
>> checked spf and didn't get pass, skipping whitelist check
>> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581
>> 12:23:05 [10417] dbg: rules: compiled body tests
>> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY
>> ======> got hit:
>> "I"
>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581
>> 12:23:05 [10417] dbg: rules: compiled uri tests
>> 12:23:05 [10417] dbg: eval: stock info total: 0
>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581
>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY
>> ======> got hit:
>> "need"
>> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581
>> 12:23:05 [10417] dbg: rules: compiled full tests
>> 12:23:05 [10417] dbg: info: entering helper-app run mode
>> 12:23:06 [10417] dbg: info: leaving helper-app run mode
>> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0
>> 12:23:06 [10417] dbg: razor2: results: spam? 0
>> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0
>> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0
>> 12:23:06 [10417] dbg: util: current PATH is:
>> /sbin:/bin:/usr/sbin:/usr/bin
>> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor
>> executable found
>> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor
>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
>> 12:23:06 [10417] dbg: rules: compiled meta tests
>> 12:23:06 [10417] dbg: check: running tests for priority: 500
>> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries
>> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581
>> 12:23:06 [10417] dbg: rules: compiled head tests
>> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581
>> 12:23:06 [10417] dbg: rules: compiled body tests
>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581
>> 12:23:06 [10417] dbg: rules: compiled uri tests
>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581
>> 12:23:06 [10417] dbg: rules: compiled rawbody tests
>> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581
>> 12:23:06 [10417] dbg: rules: compiled full tests
>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
>> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has
>> undefined dependency 'DCC_CHECK'
>> 12:23:06 [10417] dbg: rules: compiled meta tests
>> 12:23:06 [10417] dbg: check: running tests for priority: 1000
>> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865
>> 12:23:06 [10417] dbg: rules: compiled head tests
>> 12:23:06 [10417] dbg: locker: safe_lock: created
>> /root/.spamassassin/auto-whitelist.mutex
>> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock
>> on /root/.spamassassin/auto-whitelist with 30 timeout
>> 12:23:06 [10417] dbg: locker: safe_lock: link to
>> /root/.spamassassin/auto-whitelist.mutex: link ok
>> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of
>> type DB_File R/W in /root/.spamassassin/auto-whitelist
>> 12:23:06 [10417] dbg: auto-whitelist: db-based
>> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
>> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score:
>> 2.865, autolearn score: 2.865, mean: undef, IP: undef
>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing
>> and unlocking
>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file
>> locked, breaking lock
>> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked
>> /root/.spamassassin/auto-whitelist.mutex
>> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865
>> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865
>> 12:23:06 [10417] dbg: rules: compiled body tests
>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865
>> 12:23:06 [10417] dbg: rules: compiled uri tests
>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865
>> 12:23:06 [10417] dbg: rules: compiled rawbody tests
>> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865
>> 12:23:06 [10417] dbg: rules: compiled full tests
>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865
>> 12:23:06 [10417] dbg: rules: compiled meta tests
>> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5
>> 12:23:06 [10417] dbg: check:
>> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED
>> ,NO_RELAYS
>> 12:23:06 [10417] dbg: check:
>> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O
>> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV
>> D_BODY,__UNUSABLE_MSGID
>> 12:23:06 Building a message batch to scan...
>>
>>
>>
>> ----- Original Message -----
>> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> Sent: Monday, July 07, 2008 12:08 PM
>> Subject: RE: MailScanner on FC8 don't pickup emails
>>
>>
>> >
>> >
>> >
>> >> -----Original Message-----
>> >> From: mailscanner-bounces@lists.mailscanner.info
>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> >> Of Luciano Grego
>> >> Sent: 07 July 2008 11:00
>> >> To: MailScanner discussion
>> >> Subject: Re: MailScanner on FC8 don't pickup emails
>> >>
>> >>
>> >> ----- Original Message -----
>> >> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>> >> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> >> Sent: Monday, July 07, 2008 11:06 AM
>> >> Subject: RE: MailScanner on FC8 don't pickup emails
>> >>
>> >>
>> >> >I would have thought you'd need to change the Lock Type to
>> >> the default
>> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora
>> >> change this)
>> >> >
>> >> > Also a "MailScanner --debug --debug-sa" output to a
>> >> pastebin or web page
>> >> > (as they can be large) would be interesting to see?
>> >> >
>> >> > What install instructions have you followed?
>> >> >
>> >> > --
>> >> > Martin Hepworth
>> >> > Snr Systems Administrator
>> >> > Solid State Logic
>> >> > Tel: +44 (0)1865 842300
>> >> >
>> >> >> -----Original Message-----
>> >> >> From: mailscanner-bounces@lists.mailscanner.info
>> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> >> >> Of Luciano Grego
>> >> >> Sent: 07 July 2008 09:54
>> >> >> To: mailscanner@lists.mailscanner.info
>> >> >> Subject: MailScanner on FC8 don't pickup emails
>> >> >>
>> >> >> Hi,
>> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then
>> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
>> >> 4.71.2-2).
>> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
>> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
>> >> >> It' s a locking problem?
>> >> >> Must reinstall with --nodeps?
>> >> >>
>> >> >> Here 'MailScanner --lint':
>> >> >>
>> >> >> Trying to setlogsock(unix)
>> >> >> Read 824 hostnames from the phishing whitelist Read 3052
>> >> >> hostnames from the phishing blacklist Checking version
>> numbers...
>> >> >> Version number in MailScanner.conf (4.71.2) is correct.
>> >> >>
>> >> >> Your envelope_sender_header in spam.assassin.prefs.conf
>> is correct.
>> >> >>
>> >> >> Checking for SpamAssassin errors (if you use it)...
>> >> >> SpamAssassin temporary working directory is
>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> >> >> SpamAssassin temp dir =
>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>> >> >> Using SpamAssassin results cache
>> >> >> Connected to SpamAssassin cache database SpamAssassin
>> >> >> reported no errors.
>> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using
>> >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
>> >> >> Found these virus scanners installed: clamavmodule
>> >> >> ==============================================================
>> >> >> =============
>> >> >> Virus and Content Scanning: Starting
>> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
>> >> >> Eicar-Test-Signature FOUND
>> >> >>
>> >> >> /var/spool/MailScanner/incoming/9520/./1.message:
>> >> >> Eicar-Test-Signature FOUND
>> >> >>
>> >> >> Virus Scanning: ClamAV found 2 infections Infected message
>> >> >> 1.message came from Infected message 1 came from 10.1.1.1
>> >> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
>> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
>> >> >> Checks: Found 1 problems
>> >> >> ==============================================================
>> >> >> =============
>> >> >> Virus Scanner test reports:
>> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
>> >> >>
>> >> >> If any of your virus scanners (clamavmodule) are not listed
>> >> >> there, you should check that they are installed correctly and
>> >> >> that MailScanner is finding them correctly via its
>> >> >> virus.scanners.conf.
>> >> >>
>> >> >>
>> >> >> --
>> >> >>
>> >> >> Here 'MailScanner -v':
>> >> >> Running on
>> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
>> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
>> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
>> >> >>
>> >> >> This is MailScanner version 4.71.2
>> >> >> Module versions are:
>> >> >> 1.00    AnyDBM_File
>> >> >> 1.20    Archive::Zip
>> >> >> 0.21    bignum
>> >> >> 1.04    Carp
>> >> >> 2.005   Compress::Zlib
>> >> >> 1.119   Convert::BinHex
>> >> >> 0.17    Convert::TNEF
>> >> >> 2.121_08        Data::Dumper
>> >> >> 2.27    Date::Parse
>> >> >> 1.00    DirHandle
>> >> >> 1.05    Fcntl
>> >> >> 2.74    File::Basename
>> >> >> 2.09    File::Copy
>> >> >> 2.01    FileHandle
>> >> >> 1.08    File::Path
>> >> >> 0.20    File::Temp
>> >> >> 0.90    Filesys::Df
>> >> >> 1.35    HTML::Entities
>> >> >> 3.56    HTML::Parser
>> >> >> 2.37    HTML::TokeParser
>> >> >> 1.23    IO
>> >> >> 1.14    IO::File
>> >> >> 1.13    IO::Pipe
>> >> >> 2.02    Mail::Header
>> >> >> 1.86    Math::BigInt
>> >> >> 0.19    Math::BigRat
>> >> >> 3.07    MIME::Base64
>> >> >> 5.425   MIME::Decoder
>> >> >> 5.425   MIME::Decoder::UU
>> >> >> 5.425   MIME::Head
>> >> >> 5.425   MIME::Parser
>> >> >> 3.07    MIME::QuotedPrint
>> >> >> 5.425   MIME::Tools
>> >> >> 0.11    Net::CIDR
>> >> >> 1.25    Net::IP
>> >> >> 0.16    OLE::Storage_Lite
>> >> >> 1.04    Pod::Escapes
>> >> >> 3.05    Pod::Simple
>> >> >> 1.09    POSIX
>> >> >> 1.19    Scalar::Util
>> >> >> 1.78    Socket
>> >> >> 2.15    Storable
>> >> >> 1.4     Sys::Hostname::Long
>> >> >> 0.18    Sys::Syslog
>> >> >> 1.26    Test::Pod
>> >> >> 0.78    Test::Simple
>> >> >> 1.86    Time::HiRes
>> >> >> 1.02    Time::localtime
>> >> >>
>> >> >> Optional module versions are:
>> >> >> 1.34    Archive::Tar
>> >> >> 0.21    bignum
>> >> >> 1.82    Business::ISBN
>> >> >> 1.10    Business::ISBN::Data
>> >> >> 1.08    Data::Dump
>> >> >> 1.815   DB_File
>> >> >> 1.14    DBD::SQLite
>> >> >> 1.58    DBI
>> >> >> 1.15    Digest
>> >> >> 1.01    Digest::HMAC
>> >> >> 2.36    Digest::MD5
>> >> >> 2.11    Digest::SHA1
>> >> >> 1.00    Encode::Detect
>> >> >> 0.17010 Error
>> >> >> 0.18    ExtUtils::CBuilder
>> >> >> 2.18    ExtUtils::ParseXS
>> >> >> 2.36    Getopt::Long
>> >> >> 0.44    Inline
>> >> >> 1.08    IO::String
>> >> >> 1.07    IO::Zlib
>> >> >> 2.21    IP::Country
>> >> >> 0.22    Mail::ClamAV
>> >> >> 3.002005        Mail::SpamAssassin
>> >> >> v2.005  Mail::SPF
>> >> >> 1.999001        Mail::SPF::Query
>> >> >> 0.2808  Module::Build
>> >> >> 0.20    Net::CIDR::Lite
>> >> >> 0.63    Net::DNS
>> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>> >> >>  4.004  NetAddr::IP
>> >> >> 1.94    Parse::RecDescent
>> >> >> missing SAVI
>> >> >> 2.64    Test::Harness
>> >> >> 0.95    Test::Manifest
>> >> >> 1.98    Text::Balanced
>> >> >> 1.35    URI
>> >> >> 0.7203  version
>> >> >> 0.62    YAML
>> >> >>
>> >> >> Thanks
>> >> >>  Luciano.
>> >> >>
>> >
>> >> > --
>> >> > MailScanner mailing list
>> >> > mailscanner@lists.mailscanner.info
>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >
>> >> > Before posting, read http://wiki.mailscanner.info/posting
>> >> >
>> >> > Support MailScanner development - buy the book off the website!
>> >> >
>> >> > --
>> >> > Il messaggio e' stato analizzato alla ricerca di virus o
>> >> > contenuti pericolosi da MailScanner, ed e'
>> >> > risultato non infetto.
>> >> >
>> >> >
>> >>
>> >> HI Martin,
>> >> Lock Type = flock
>> >>  ... for test my ideas ...
>> >>
>> >> I've setup this Mailscanner box for my client and
>> >> i' ve reboot the machine friday at 18:45 with new params.
>> >> Now i'm checking logs and i see Mailscanner pickup messages
>> >> from Sunday at
>> >> 15:00. None first!
>> >> MailScanner needs more time for starting up?
>> >>
>> >> I' ve put
>> >> Lock Type =
>> >> now and
>> >> 'service MailScanner restart'.
>> >> Thank you.
>> >> L.
>> >>
>> >>
>> >
>> > Hi
>> >
>> > Anything in the maillog reguarding mailScanner???
>> >
>> > Should only take a few seconds to get going.
>> >
>> > I'd drop to debug and see if you can spot anything.
>> >
>> >
>> > --
>> > Martin Hepworth
>> > Snr Systems Administrator
>> > Solid State Logic
>> > Tel: +44 (0)1865 842300
>> >
>> >
>> >
>> >
>> >
>> >
>> **********************************************************************
>> > Confidentiality : This e-mail and any attachments are
>> intended for the
>> > addressee only and may be confidential. If they come to you in error
>> > you must take no action based on them, nor must you copy or
>> show them
>> > to anyone. Please advise the sender by replying to this e-mail
>> > immediately and then delete the original from your computer.
>> > Opinion : Any opinions expressed in this e-mail are
>> entirely those of
>> > the author and unless specifically stated to the contrary, are not
>> > necessarily those of the author's employer.
>> > Security Warning : Internet e-mail is not necessarily a secure
>> > communications medium and can be subject to data
>> corruption. We advise
>> > that you consider this fact when e-mailing us.
>> > Viruses : We have taken steps to ensure that this e-mail and any
>> > attachments are free from known viruses but in keeping with good
>> > computing practice, you should ensure that they are virus free.
>> >
>> > Red Lion 49 Ltd T/A Solid State Logic
>> > Registered as a limited company in England and Wales
>> > (Company No:5362730)
>> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>> > United Kingdom
>> >
>> **********************************************************************
>> >
>> > --
>> > MailScanner mailing list
>> > mailscanner@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>> > --
>> > Il messaggio e' stato analizzato alla ricerca di virus o
>> > contenuti pericolosi da MailScanner, ed e'
>> > risultato non infetto.
>> >
>> >
>>
>>
>>
>> --
>> Il messaggio e' stato analizzato alla ricerca di virus o
>> contenuti pericolosi da MailScanner, ed e'
>> risultato non infetto.
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> -- 
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.
>
> 



-- 
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.

From rick at duvals.ca  Mon Jul  7 14:29:36 2008
From: rick at duvals.ca (Rick Duval)
Date: Mon Jul  7 14:29:45 2008
Subject: Bypassing Custom PLugin
Message-ID: <4baa40ce0807070629y36bdac25g3a00727a50ee1bb2@mail.gmail.com>

I have written a customs plugin and part of what it does is log every email
that is passed to it but some emails never seem to reach it.

Can anyone tell me where this might be happening?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/9e0dfe7b/attachment.html
From MailScanner at ecs.soton.ac.uk  Mon Jul  7 14:35:36 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jul  7 14:36:13 2008
Subject: MailScanner on FC8 don't pickup emails
In-Reply-To: <EMEW-k66ENce02c9e21cf3eec8cf6e13e90e40432f0-B71CA6E291D24F2BB9712EE07A20757B@LUCIANO>
References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com>
	<EMEW-k66ENce02c9e21cf3eec8cf6e13e90e40432f0-B71CA6E291D24F2BB9712EE07A20757B@LUCIANO>
Message-ID: <48721BA8.4060507@ecs.soton.ac.uk>

Have you done
chkconfig sendmail off
chkconfig MailScanner on
service sendmail stop
service MailScanner start
?
If you still have sendmail running from before you installed it, then 
you will get symptoms you are seeing.


Luciano Grego wrote:
> I've used the default path in MailScanner.conf. ( 
> INQDIR=/var/spool/mqueue.in )
> and leaving MailScanner in /etc/init.d that starting sendmail in 
> agreement.
>
>
> ----- Original Message ----- From: "Martin.Hepworth" 
> <martinh@solidstatelogic.com>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Monday, July 07, 2008 1:07 PM
> Subject: RE: MailScanner on FC8 don't pickup emails
>
>
>> Luciano
>>
>> You should be using the rpm version for Fedora installs..
>>
>> http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz
>>
>> Than follow the rpm based install instructions.
>>
>> You need to configure the MailScanner.conf to point at correct 
>> locations for the sendmail queues etc.
>>
>> -- 
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>> -----Original Message-----
>>> From: mailscanner-bounces@lists.mailscanner.info
>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>> Of Luciano Grego
>>> Sent: 07 July 2008 11:34
>>> To: MailScanner discussion
>>> Subject: Re: MailScanner on FC8 don't pickup emails
>>>
>>> Hi,
>>> Excuse me for long list ...
>>> But ... in debug mode i should see the email passing through
>>> MailScanner?
>>>
>>> I have not answered your question first:  What install
>>> instructions have you followed?
>>> I' ve follow the INSTALL file guide. Untar src file and ./install.sh.
>>>
>>> -- 
>>>
>>> mail  root  [ /var/log ] MailScanner --debug --debug-sa In
>>> Debugging mode, not forking...
>>> Trying to setlogsock(unix)
>>> 12:23:04 SpamAssassin temp dir =
>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>> 12:23:04 [10417] dbg: logger: adding facilities: all
>>> 12:23:04 [10417] dbg: logger: logging level is DBG
>>> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5
>>> 12:23:04 [10417] dbg: config: score set 0 chosen.
>>> 12:23:04 [10417] dbg: util: running in taint mode? no
>>> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes
>>> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63
>>> 12:23:04 [10417] dbg: ignore: test message to precompile
>>> patterns and load modules
>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
>>> for site rules pre files
>>> 12:23:04 [10417] dbg: config: read file
>>> /etc/mail/spamassassin/init.pre
>>> 12:23:04 [10417] dbg: config: read file
>>> /etc/mail/spamassassin/v310.pre
>>> 12:23:04 [10417] dbg: config: read file
>>> /etc/mail/spamassassin/v312.pre
>>> 12:23:04 [10417] dbg: config: read file
>>> /etc/mail/spamassassin/v320.pre
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005" for sys rules pre files
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005" for default rules dir
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
>>> for site rules dir
>>> 12:23:04 [10417] dbg: config: read file
>>> /etc/mail/spamassassin/mailscanner.cf
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::URIDNSBL
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::Hashcash
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::SPF from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::Razor2
>>> from @INC
>>> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::Pyzor from @INC
>>> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor
>>> 12:23:04 [10417] dbg: plugin: did not register
>>> Mail::SpamAssassin::Plugin::Razor2, already registered
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::SpamCop
>>> from @INC
>>> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::AWL from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::MIMEHeader
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC
>>> 12:23:04 [10417] dbg: plugin: did not register
>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered
>>> 12:23:04 [10417] dbg: plugin: did not register
>>> Mail::SpamAssassin::Plugin::SPF, already registered
>>> 12:23:04 [10417] dbg: plugin: did not register
>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::Check from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::URIDetail
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::Bayes from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::BodyEval
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::DNSEval
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::HTMLEval
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::HeaderEval
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::MIMEEval
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::RelayEval
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::URIEval
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::WLBLEval
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::VBounce
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::ImageInfo
>>> from @INC
>>> 12:23:04 [10417] dbg: plugin: did not register
>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered
>>> 12:23:04 [10417] dbg: plugin: did not register
>>> Mail::SpamAssassin::Plugin::SPF, already registered
>>> 12:23:04 [10417] dbg: plugin: did not register
>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
>>> 12:23:04 [10417] dbg: plugin: did not register
>>> Mail::SpamAssassin::Plugin::Razor2, already registered
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
>>> ault_prefs.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de
>>> fault_prefs.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
>>> ault_prefs.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
>>> ance_fee.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad
>>> vance_fee.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
>>> ance_fee.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
>>> y_tests.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo
>>> dy_tests.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
>>> y_tests.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
>>> pensate.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co
>>> mpensate.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
>>> pensate.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
>>> bl_tests.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn
>>> sbl_tests.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
>>> bl_tests.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr
>>> ugs.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy
>>> nrdns.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
>>> e_helo_tests.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa
>>> ke_helo_tests.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
>>> e_helo_tests.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
>>> d_tests.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he
>>> ad_tests.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
>>> d_tests.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
>>> l_tests.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht
>>> ml_tests.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
>>> l_tests.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
>>> geinfo.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im
>>> ageinfo.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
>>> geinfo.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
>>> a_tests.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me
>>> ta_tests.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
>>> a_tests.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
>>> _tests.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne
>>> t_tests.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
>>> _tests.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph
>>> rases.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po
>>> rn.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra
>>> tware.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
>>> _tests.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur
>>> i_tests.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
>>> _tests.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb
>>> ounce.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba
>>> yes.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac
>>> cessdb.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
>>> ivirus.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an
>>> tivirus.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
>>> ivirus.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as
>>> n.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc
>>> c.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk
>>> im.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
>>> ainkeys.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do
>>> mainkeys.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
>>> ainkeys.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha
>>> shcash.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py
>>> zor.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra
>>> zor2.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re
>>> place.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp
>>> f.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te
>>> xtcat.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur
>>> ibl.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>> xt_de.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>> xt_fr.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>> xt_it.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>> xt_nl.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>> xt_pl.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
>>> t_pt_br.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>> xt_pt_br.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
>>> t_pt_br.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc
>>> ores.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw
>>> l.cf" for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
>>> rtcircuit.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh
>>> ortcircuit.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
>>> rtcircuit.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>> itelist.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist_dk.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>> itelist_dk.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist_dk.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist_dkim.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>> itelist_dkim.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist_dkim.cf
>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist_spf.cf
>>> 12:23:04 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>> itelist_spf.cf"
>>> for included file
>>> 12:23:04 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist_spf.cf
>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist_subject.cf
>>> 12:23:05 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>> itelist_subject.cf"
>>> for included file
>>> 12:23:05 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>> telist_subject.cf
>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
>>> 12:23:05 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac
>>> tive.cf" for included file
>>> 12:23:05 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
>>> 12:23:05 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re
>>> moved.cf" for included file
>>> 12:23:05 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>>> 12:23:05 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc
>>> ores.cf" for included file
>>> 12:23:05 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
>>> itional.cf
>>> 12:23:05 [10417] dbg: config: using
>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad
>>> ditional.cf"
>>> for included file
>>> 12:23:05 [10417] dbg: config: read file
>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
>>> itional.cf
>>> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates:
>>> __MO_OL_C65FA
>>> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates:
>>> __XM_OL_A842E
>>> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates:
>>> __MO_OL_8627E
>>> __MO_OL_F3B05
>>> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates:
>>> __RATWARE_0_TZ_DATE
>>> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates:
>>> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5
>>> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0
>>> __XM_OL_F475E __XM_OL_F6D01
>>> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged
>>> duplicates: __MSGID_VGA
>>> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates:
>>> HS_SUBJ_NEW_SOFTWARE
>>> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates:
>>> __HAS_MSMAIL_PRI
>>> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates:
>>> __MO_OL_6554A
>>> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates:
>>> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B
>>> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6
>>> __XM_OL_F3B05 __XM_OL_FF5C8
>>> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates:
>>> __MO_OL_B30D1 __MO_OL_CF0C0
>>> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates:
>>> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4
>>> KAM_STOCKTIP6
>>> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates:
>>> __MO_OL_4F240
>>> __MO_OL_ADFF7
>>> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates:
>>> __MO_OL_BC7E6
>>> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates:
>>> __MO_OL_4EEDB __MO_OL_7533E
>>> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates:
>>> __MO_OL_B4B40
>>> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates:
>>> __HAS_ANY_URI
>>> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates:
>>> __XM_OL_EF20B
>>> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates:
>>> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER
>>> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2
>>> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE
>>> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX
>>> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS
>>> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED
>>> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY
>>> YOUR_CRD_RATING
>>> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates:
>>> __MO_OL_A842E
>>> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates:
>>> __MO_OL_FF5C8
>>> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates:
>>> __MO_OL_F6D01
>>> 12:23:05 [10417] dbg: conf: finish parsing
>>> 12:23:05 [10417] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c)
>>> implements 'finish_parsing_end', priority 0
>>> 12:23:05 [10417] dbg: replacetags: replacing tags
>>> 12:23:05 [10417] dbg: replacetags: done replacing tags
>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>> /etc/MailScanner/bayes/bayes__toks
>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>> /etc/MailScanner/bayes/bayes__seen
>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3
>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only
>>> 1 spam(s) in bayes DB < 200
>>> 12:23:05 [10417] dbg: bayes: untie-ing
>>> 12:23:05 [10417] dbg: config: score set 1 chosen.
>>> 12:23:05 [10417] dbg: message: main message type: text/plain
>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ----
>>> 12:23:05 [10417] dbg: message: parsing normal part
>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ----
>>> 12:23:05 [10417] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc)
>>> implements 'check_start', priority 0
>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>> /etc/MailScanner/bayes/bayes__toks
>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>> /etc/MailScanner/bayes/bayes__seen
>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3
>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only
>>> 1 spam(s) in bayes DB < 200
>>> 12:23:05 [10417] dbg: bayes: untie-ing
>>> 12:23:05 [10417] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements
>>> 'check_main', priority 0
>>> 12:23:05 [10417] dbg: conf: trusted_networks are not
>>> configured; it is recommended that you configure
>>> trusted_networks manually
>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted:
>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted:
>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal:
>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External:
>>> 12:23:05 [10417] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
>>> implements 'extract_metadata', priority 0
>>> 12:23:05 [10417] dbg: metadata: X-Relay-Countries:
>>> 12:23:05 [10417] dbg: message: no encoding detected
>>> 12:23:05 [10417] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08)
>>> implements 'parsed_metadata', priority 0
>>> 12:23:05 [10417] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
>>> implements 'parsed_metadata', priority 0
>>> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes
>>> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63
>>> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18,
>>> LocalAddr: 0.0.0.0
>>> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is
>>> 110592 bytes
>>> 12:23:05 [10417] dbg: dns: dns_available set to yes in config
>>> file, skipping test
>>> 12:23:05 [10417] dbg: uridnsbl: domains to query:
>>> 12:23:05 [10417] dbg: dns: checking RBL
>>> sa-other.bondedsender.org., set bsp-untrusted
>>> 12:23:05 [10417] dbg: dns: checking RBL
>>> plus.bondedsender.org., set ssc-firsttrusted
>>> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl
>>> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop
>>> 12:23:05 [10417] dbg: dns: checking RBL
>>> dob.sibl.support-intelligence.net.,
>>> set dob
>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
>>> set zen-lastexternal
>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set
>>> sorbs-lastexternal
>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
>>> set zen-lastexternal
>>> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set
>>> dnswl-firsttrusted
>>> 12:23:05 [10417] dbg: dns: checking RBL
>>> sa-accredit.habeas.com., set habeas-firsttrusted
>>> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set
>>> dsbl-lastexternal
>>> 12:23:05 [10417] dbg: dns: checking RBL
>>> sa-trusted.bondedsender.org., set bsp-firsttrusted
>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen
>>> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set
>>> iadb-firsttrusted
>>> 12:23:05 [10417] dbg: check: running tests for priority: -1000
>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>> 12:23:05 [10417] dbg: eval: all '*From' addrs:
>>> ignore@compiling.spamassassin.taint.org
>>> 12:23:05 [10417] dbg: eval: all '*To' addrs:
>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>> 12:23:05 [10417] dbg: check: running tests for priority: -950
>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>> 12:23:05 [10417] dbg: check: running tests for priority: -900
>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>> 12:23:05 [10417] dbg: check: running tests for priority: -400
>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>> 12:23:05 [10417] dbg: check: running tests for priority: 0
>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF
>>> ======> got hit:
>>> "UNSET"
>>> 12:23:05 [10417] dbg: rules: ran header rule
>>> __MSOE_MID_WRONG_CASE ======> got hit: "
>>> 12:23:05 [10417] dbg: rules: Message-Id: "
>>> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE
>>> ======> got hit:
>>> "UNSET"
>>> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST
>>> ======> got
>>> hit: "@spamassassin_spamd_init>"
>>> 12:23:05 [10417] dbg: rules: ran header rule
>>> __MSGID_OK_DIGITS ======> got
>>> hit: "1215426184"
>>> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID
>>> ======> got hit:
>>> "<"
>>> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID
>>> ======> got hit:
>>> "<1215426184.34281@spamassassin_spamd_init>
>>> 12:23:05 [10417] dbg: rules: "
>>> 12:23:05 [10417] dbg: spf: checking to see if the message has
>>> a Received-SPF header that we can use
>>> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks
>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
>>> found, skipping SPF-helo check
>>> 12:23:05 [10417] dbg: spf: already checked for Received-SPF
>>> headers, proceeding with DNS based checks
>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
>>> found, skipping SPF check
>>> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======>
>>> got hit (1)
>>> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already
>>> checked spf and didn't get pass, skipping whitelist check
>>> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID
>>> ======> got hit
>>> (1)
>>> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS
>>> ======> got hit
>>> (1)
>>> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already
>>> checked spf and didn't get pass, skipping whitelist check
>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581
>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY
>>> ======> got hit:
>>> "I"
>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581
>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>> 12:23:05 [10417] dbg: eval: stock info total: 0
>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581
>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY
>>> ======> got hit:
>>> "need"
>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581
>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>> 12:23:05 [10417] dbg: info: entering helper-app run mode
>>> 12:23:06 [10417] dbg: info: leaving helper-app run mode
>>> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0
>>> 12:23:06 [10417] dbg: razor2: results: spam? 0
>>> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0
>>> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0
>>> 12:23:06 [10417] dbg: util: current PATH is:
>>> /sbin:/bin:/usr/sbin:/usr/bin
>>> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor
>>> executable found
>>> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor
>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>> 12:23:06 [10417] dbg: check: running tests for priority: 500
>>> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries
>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581
>>> 12:23:06 [10417] dbg: rules: compiled head tests
>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581
>>> 12:23:06 [10417] dbg: rules: compiled body tests
>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581
>>> 12:23:06 [10417] dbg: rules: compiled uri tests
>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581
>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests
>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581
>>> 12:23:06 [10417] dbg: rules: compiled full tests
>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
>>> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has
>>> undefined dependency 'DCC_CHECK'
>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>> 12:23:06 [10417] dbg: check: running tests for priority: 1000
>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865
>>> 12:23:06 [10417] dbg: rules: compiled head tests
>>> 12:23:06 [10417] dbg: locker: safe_lock: created
>>> /root/.spamassassin/auto-whitelist.mutex
>>> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock
>>> on /root/.spamassassin/auto-whitelist with 30 timeout
>>> 12:23:06 [10417] dbg: locker: safe_lock: link to
>>> /root/.spamassassin/auto-whitelist.mutex: link ok
>>> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of
>>> type DB_File R/W in /root/.spamassassin/auto-whitelist
>>> 12:23:06 [10417] dbg: auto-whitelist: db-based
>>> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
>>> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score:
>>> 2.865, autolearn score: 2.865, mean: undef, IP: undef
>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing
>>> and unlocking
>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file
>>> locked, breaking lock
>>> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked
>>> /root/.spamassassin/auto-whitelist.mutex
>>> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865
>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865
>>> 12:23:06 [10417] dbg: rules: compiled body tests
>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865
>>> 12:23:06 [10417] dbg: rules: compiled uri tests
>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865
>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests
>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865
>>> 12:23:06 [10417] dbg: rules: compiled full tests
>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865
>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5
>>> 12:23:06 [10417] dbg: check:
>>> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED
>>> ,NO_RELAYS
>>> 12:23:06 [10417] dbg: check:
>>> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O
>>> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV
>>> D_BODY,__UNUSABLE_MSGID
>>> 12:23:06 Building a message batch to scan...
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>> Sent: Monday, July 07, 2008 12:08 PM
>>> Subject: RE: MailScanner on FC8 don't pickup emails
>>>
>>>
>>> >
>>> >
>>> >
>>> >> -----Original Message-----
>>> >> From: mailscanner-bounces@lists.mailscanner.info
>>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>> >> Of Luciano Grego
>>> >> Sent: 07 July 2008 11:00
>>> >> To: MailScanner discussion
>>> >> Subject: Re: MailScanner on FC8 don't pickup emails
>>> >>
>>> >>
>>> >> ----- Original Message -----
>>> >> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>>> >> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>> >> Sent: Monday, July 07, 2008 11:06 AM
>>> >> Subject: RE: MailScanner on FC8 don't pickup emails
>>> >>
>>> >>
>>> >> >I would have thought you'd need to change the Lock Type to
>>> >> the default
>>> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora
>>> >> change this)
>>> >> >
>>> >> > Also a "MailScanner --debug --debug-sa" output to a
>>> >> pastebin or web page
>>> >> > (as they can be large) would be interesting to see?
>>> >> >
>>> >> > What install instructions have you followed?
>>> >> >
>>> >> > --
>>> >> > Martin Hepworth
>>> >> > Snr Systems Administrator
>>> >> > Solid State Logic
>>> >> > Tel: +44 (0)1865 842300
>>> >> >
>>> >> >> -----Original Message-----
>>> >> >> From: mailscanner-bounces@lists.mailscanner.info
>>> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>> >> >> Of Luciano Grego
>>> >> >> Sent: 07 July 2008 09:54
>>> >> >> To: mailscanner@lists.mailscanner.info
>>> >> >> Subject: MailScanner on FC8 don't pickup emails
>>> >> >>
>>> >> >> Hi,
>>> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then
>>> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
>>> >> 4.71.2-2).
>>> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
>>> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
>>> >> >> It' s a locking problem?
>>> >> >> Must reinstall with --nodeps?
>>> >> >>
>>> >> >> Here 'MailScanner --lint':
>>> >> >>
>>> >> >> Trying to setlogsock(unix)
>>> >> >> Read 824 hostnames from the phishing whitelist Read 3052
>>> >> >> hostnames from the phishing blacklist Checking version
>>> numbers...
>>> >> >> Version number in MailScanner.conf (4.71.2) is correct.
>>> >> >>
>>> >> >> Your envelope_sender_header in spam.assassin.prefs.conf
>>> is correct.
>>> >> >>
>>> >> >> Checking for SpamAssassin errors (if you use it)...
>>> >> >> SpamAssassin temporary working directory is
>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>> >> >> SpamAssassin temp dir =
>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>> >> >> Using SpamAssassin results cache
>>> >> >> Connected to SpamAssassin cache database SpamAssassin
>>> >> >> reported no errors.
>>> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using
>>> >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
>>> >> >> Found these virus scanners installed: clamavmodule
>>> >> >> ==============================================================
>>> >> >> =============
>>> >> >> Virus and Content Scanning: Starting
>>> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
>>> >> >> Eicar-Test-Signature FOUND
>>> >> >>
>>> >> >> /var/spool/MailScanner/incoming/9520/./1.message:
>>> >> >> Eicar-Test-Signature FOUND
>>> >> >>
>>> >> >> Virus Scanning: ClamAV found 2 infections Infected message
>>> >> >> 1.message came from Infected message 1 came from 10.1.1.1
>>> >> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
>>> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
>>> >> >> Checks: Found 1 problems
>>> >> >> ==============================================================
>>> >> >> =============
>>> >> >> Virus Scanner test reports:
>>> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
>>> >> >>
>>> >> >> If any of your virus scanners (clamavmodule) are not listed
>>> >> >> there, you should check that they are installed correctly and
>>> >> >> that MailScanner is finding them correctly via its
>>> >> >> virus.scanners.conf.
>>> >> >>
>>> >> >>
>>> >> >> --
>>> >> >>
>>> >> >> Here 'MailScanner -v':
>>> >> >> Running on
>>> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
>>> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
>>> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
>>> >> >>
>>> >> >> This is MailScanner version 4.71.2
>>> >> >> Module versions are:
>>> >> >> 1.00    AnyDBM_File
>>> >> >> 1.20    Archive::Zip
>>> >> >> 0.21    bignum
>>> >> >> 1.04    Carp
>>> >> >> 2.005   Compress::Zlib
>>> >> >> 1.119   Convert::BinHex
>>> >> >> 0.17    Convert::TNEF
>>> >> >> 2.121_08        Data::Dumper
>>> >> >> 2.27    Date::Parse
>>> >> >> 1.00    DirHandle
>>> >> >> 1.05    Fcntl
>>> >> >> 2.74    File::Basename
>>> >> >> 2.09    File::Copy
>>> >> >> 2.01    FileHandle
>>> >> >> 1.08    File::Path
>>> >> >> 0.20    File::Temp
>>> >> >> 0.90    Filesys::Df
>>> >> >> 1.35    HTML::Entities
>>> >> >> 3.56    HTML::Parser
>>> >> >> 2.37    HTML::TokeParser
>>> >> >> 1.23    IO
>>> >> >> 1.14    IO::File
>>> >> >> 1.13    IO::Pipe
>>> >> >> 2.02    Mail::Header
>>> >> >> 1.86    Math::BigInt
>>> >> >> 0.19    Math::BigRat
>>> >> >> 3.07    MIME::Base64
>>> >> >> 5.425   MIME::Decoder
>>> >> >> 5.425   MIME::Decoder::UU
>>> >> >> 5.425   MIME::Head
>>> >> >> 5.425   MIME::Parser
>>> >> >> 3.07    MIME::QuotedPrint
>>> >> >> 5.425   MIME::Tools
>>> >> >> 0.11    Net::CIDR
>>> >> >> 1.25    Net::IP
>>> >> >> 0.16    OLE::Storage_Lite
>>> >> >> 1.04    Pod::Escapes
>>> >> >> 3.05    Pod::Simple
>>> >> >> 1.09    POSIX
>>> >> >> 1.19    Scalar::Util
>>> >> >> 1.78    Socket
>>> >> >> 2.15    Storable
>>> >> >> 1.4     Sys::Hostname::Long
>>> >> >> 0.18    Sys::Syslog
>>> >> >> 1.26    Test::Pod
>>> >> >> 0.78    Test::Simple
>>> >> >> 1.86    Time::HiRes
>>> >> >> 1.02    Time::localtime
>>> >> >>
>>> >> >> Optional module versions are:
>>> >> >> 1.34    Archive::Tar
>>> >> >> 0.21    bignum
>>> >> >> 1.82    Business::ISBN
>>> >> >> 1.10    Business::ISBN::Data
>>> >> >> 1.08    Data::Dump
>>> >> >> 1.815   DB_File
>>> >> >> 1.14    DBD::SQLite
>>> >> >> 1.58    DBI
>>> >> >> 1.15    Digest
>>> >> >> 1.01    Digest::HMAC
>>> >> >> 2.36    Digest::MD5
>>> >> >> 2.11    Digest::SHA1
>>> >> >> 1.00    Encode::Detect
>>> >> >> 0.17010 Error
>>> >> >> 0.18    ExtUtils::CBuilder
>>> >> >> 2.18    ExtUtils::ParseXS
>>> >> >> 2.36    Getopt::Long
>>> >> >> 0.44    Inline
>>> >> >> 1.08    IO::String
>>> >> >> 1.07    IO::Zlib
>>> >> >> 2.21    IP::Country
>>> >> >> 0.22    Mail::ClamAV
>>> >> >> 3.002005        Mail::SpamAssassin
>>> >> >> v2.005  Mail::SPF
>>> >> >> 1.999001        Mail::SPF::Query
>>> >> >> 0.2808  Module::Build
>>> >> >> 0.20    Net::CIDR::Lite
>>> >> >> 0.63    Net::DNS
>>> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>>> >> >>  4.004  NetAddr::IP
>>> >> >> 1.94    Parse::RecDescent
>>> >> >> missing SAVI
>>> >> >> 2.64    Test::Harness
>>> >> >> 0.95    Test::Manifest
>>> >> >> 1.98    Text::Balanced
>>> >> >> 1.35    URI
>>> >> >> 0.7203  version
>>> >> >> 0.62    YAML
>>> >> >>
>>> >> >> Thanks
>>> >> >>  Luciano.
>>> >> >>
>>> >
>>> >> > --
>>> >> > MailScanner mailing list
>>> >> > mailscanner@lists.mailscanner.info
>>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> >> >
>>> >> > Before posting, read http://wiki.mailscanner.info/posting
>>> >> >
>>> >> > Support MailScanner development - buy the book off the website!
>>> >> >
>>> >> > --
>>> >> > Il messaggio e' stato analizzato alla ricerca di virus o
>>> >> > contenuti pericolosi da MailScanner, ed e'
>>> >> > risultato non infetto.
>>> >> >
>>> >> >
>>> >>
>>> >> HI Martin,
>>> >> Lock Type = flock
>>> >>  ... for test my ideas ...
>>> >>
>>> >> I've setup this Mailscanner box for my client and
>>> >> i' ve reboot the machine friday at 18:45 with new params.
>>> >> Now i'm checking logs and i see Mailscanner pickup messages
>>> >> from Sunday at
>>> >> 15:00. None first!
>>> >> MailScanner needs more time for starting up?
>>> >>
>>> >> I' ve put
>>> >> Lock Type =
>>> >> now and
>>> >> 'service MailScanner restart'.
>>> >> Thank you.
>>> >> L.
>>> >>
>>> >>
>>> >
>>> > Hi
>>> >
>>> > Anything in the maillog reguarding mailScanner???
>>> >
>>> > Should only take a few seconds to get going.
>>> >
>>> > I'd drop to debug and see if you can spot anything.
>>> >
>>> >
>>> > --
>>> > Martin Hepworth
>>> > Snr Systems Administrator
>>> > Solid State Logic
>>> > Tel: +44 (0)1865 842300
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> **********************************************************************
>>> > Confidentiality : This e-mail and any attachments are
>>> intended for the
>>> > addressee only and may be confidential. If they come to you in error
>>> > you must take no action based on them, nor must you copy or
>>> show them
>>> > to anyone. Please advise the sender by replying to this e-mail
>>> > immediately and then delete the original from your computer.
>>> > Opinion : Any opinions expressed in this e-mail are
>>> entirely those of
>>> > the author and unless specifically stated to the contrary, are not
>>> > necessarily those of the author's employer.
>>> > Security Warning : Internet e-mail is not necessarily a secure
>>> > communications medium and can be subject to data
>>> corruption. We advise
>>> > that you consider this fact when e-mailing us.
>>> > Viruses : We have taken steps to ensure that this e-mail and any
>>> > attachments are free from known viruses but in keeping with good
>>> > computing practice, you should ensure that they are virus free.
>>> >
>>> > Red Lion 49 Ltd T/A Solid State Logic
>>> > Registered as a limited company in England and Wales
>>> > (Company No:5362730)
>>> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>>> > United Kingdom
>>> >
>>> **********************************************************************
>>> >
>>> > --
>>> > MailScanner mailing list
>>> > mailscanner@lists.mailscanner.info
>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>> >
>>> > Before posting, read http://wiki.mailscanner.info/posting
>>> >
>>> > Support MailScanner development - buy the book off the website!
>>> >
>>> > --
>>> > Il messaggio e' stato analizzato alla ricerca di virus o
>>> > contenuti pericolosi da MailScanner, ed e'
>>> > risultato non infetto.
>>> >
>>> >
>>>
>>>
>>>
>>> -- 
>>> Il messaggio e' stato analizzato alla ricerca di virus o
>>> contenuti pericolosi da MailScanner, ed e'
>>> risultato non infetto.
>>>
>>> -- 
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>>
>>
>>
>> **********************************************************************
>> Confidentiality : This e-mail and any attachments are intended for the
>> addressee only and may be confidential. If they come to you in error
>> you must take no action based on them, nor must you copy or show them
>> to anyone. Please advise the sender by replying to this e-mail
>> immediately and then delete the original from your computer.
>> Opinion : Any opinions expressed in this e-mail are entirely those of
>> the author and unless specifically stated to the contrary, are not
>> necessarily those of the author's employer.
>> Security Warning : Internet e-mail is not necessarily a secure
>> communications medium and can be subject to data corruption. We advise
>> that you consider this fact when e-mailing us.
>> Viruses : We have taken steps to ensure that this e-mail and any
>> attachments are free from known viruses but in keeping with good
>> computing practice, you should ensure that they are virus free.
>>
>> Red Lion 49 Ltd T/A Solid State Logic
>> Registered as a limited company in England and Wales
>> (Company No:5362730)
>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>> United Kingdom
>> **********************************************************************
>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>> -- 
>> Il messaggio e' stato analizzato alla ricerca di virus o
>> contenuti pericolosi da MailScanner, ed e'
>> risultato non infetto.
>>
>>
>
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From lucianog at metline.it  Mon Jul  7 15:15:42 2008
From: lucianog at metline.it (Luciano Grego)
Date: Mon Jul  7 15:16:11 2008
Subject: MailScanner on FC8 don't pickup emails
References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><EMEW-k66ENce02c9e21cf3eec8cf6e13e90e40432f0-B71CA6E291D24F2BB9712EE07A20757B@LUCIANO>
	<48721BA8.4060507@ecs.soton.ac.uk>
Message-ID: <A607C7667E044457B5F7203052580ADA@LUCIANO>

Hi,
Yes, i've stopped sendmail and starting mailscanner ( with chkconfig ) plus 
reboot the machine many times.
The strange things is:
LOCK TYPE = flock + reboot
Mailscanner see the messages ( with errors ), here the mail log:

Jul  6 15:54:39 mail sendmail[2160]: m66DsbjM002160: 
from=<tequilla99@hotmail.com>, size=581, class=0, nrcpts=1, 
msgid=<01c8df2c$c82ce680$655c7b59@tequilla99>, proto=ESMTP, daemon=Daemon0, 
relay=[89.123.92.101]
Jul  6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=XXXXXX, 
delay=00:00:01, xdelay=00:00:01, mailer=local, pri=60768, dsn=2.0.0, 
stat=Sent
Jul  6 15:54:40 mail MailScanner[21651]: New Batch: Scanning 1 messages, 
1034 bytes
Jul  6 15:54:40 mail MailScanner[21651]: Spam Checks: Starting
Jul  6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=xxxxxxx, 
delay=00:00:01, xdelay=00:00:00, mailer=local, pri=60768, dsn=2.0.0, 
stat=Sent
Jul  6 15:54:40 mail MailScanner[21651]: RBL checks: m66DsbjM002160 found in 
spamhaus-ZEN
Jul  6 15:54:45 mail MailScanner[21651]: Message m66DsbjM002160 from 
89.123.92.101 (tequilla99@hotmail.com) to xxxxxxx.it is spam, spamhaus-ZEN, 
SpamAssassin (not cached, punteggio=26.821, necessario 4, autolearn=spam, 
FORGED_HOTMAIL_RCVD2 1.12, HELO_LH_HOME 3.17, INVALID_DATE 1.65, 
RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 
0.50, RCVD_IN_PBL 0.51, RCVD_IN_XBL 2.90, RDNS_NONE 0.10, SPF_SOFTFAIL 0.65, 
SUBJ_ALL_CAPS 1.81, URIBL_BLACK 1.96, URIBL_JP_SURBL 2.86, URIBL_OB_SURBL 
2.13, URIBL_RHS_DOB 0.90, URIBL_SBL 2.47, URIBL_WS_SURBL 2.10)
Jul  6 15:54:45 mail MailScanner[21651]: Spam Checks: Found 1 spam messages
Jul  6 15:54:45 mail MailScanner[21651]: Spam Actions: message 
m66DsbjM002160 actions are store
Jul  6 15:54:45 mail MailScanner[21651]: Unlinking 
/var/spool/mqueue.in/qfm66DsbjM002160 failed: No such file or directory
Jul  6 15:54:45 mail MailScanner[21651]: Unlinking 
/var/spool/mqueue.in/dfm66DsbjM002160 failed: No such file or directory
Jul  6 15:54:45 mail MailScanner[21651]: Virus and Content Scanning: 
Starting
Jul  6 15:54:51 mail MailScanner[21651]: MailScanner child dying of old age
Jul  6 15:54:51 mail MailScanner[2174]: MailScanner E-Mail Virus Scanner 
version 4.71.2 starting...
Jul  6 15:54:51 mail MailScanner[2174]: Read 824 hostnames from the phishing 
whitelist
Jul  6 15:54:51 mail MailScanner[2174]: Read 3090 hostnames from the 
phishing blacklist
Jul  6 15:54:51 mail MailScanner[2174]: SpamAssassin temporary working 
directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Jul  6 15:54:51 mail MailScanner[2174]: Using SpamAssassin results cache
Jul  6 15:54:51 mail MailScanner[2174]: Connected to SpamAssassin cache 
database
Jul  6 15:54:51 mail MailScanner[2174]: Enabling SpamAssassin auto-whitelist 
functionality...
Jul  6 15:54:53 mail MailScanner[2174]: ClamAV scanner using unrar command 
/usr/bin/unrar
Jul  6 15:54:53 mail MailScanner[2174]: Using locktype = flock
Jul  6 16:01:01 mail update.bad.phishing.sites: Delaying cron job up to 600 
seconds
Jul  6 16:09:43 mail update.virus.scanners: Delaying cron job up to 600 
seconds
Jul  6 16:12:23 mail update.virus.scanners: Found clamav installed
Jul  6 16:12:23 mail update.virus.scanners: Running autoupdate for clamav
Jul  6 16:12:23 mail ClamAV-autoupdate[2261]: ClamAV did not need updating
Jul  6 16:12:23 mail update.virus.scanners: Found generic installed

Again,
LOCK TYPE =
Mailscanner don't see any messages:

Jul  7 12:36:20 mail MailScanner[10714]: MailScanner E-Mail Virus Scanner 
version 4.71.2 starting...
Jul  7 12:36:20 mail MailScanner[10714]: Read 824 hostnames from the 
phishing whitelist
Jul  7 12:36:20 mail MailScanner[10714]: Read 3056 hostnames from the 
phishing blacklist
Jul  7 12:36:20 mail MailScanner[10714]: SpamAssassin temporary working 
directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Jul  7 12:36:20 mail MailScanner[10714]: Using SpamAssassin results cache
Jul  7 12:36:20 mail MailScanner[10714]: Connected to SpamAssassin cache 
database
Jul  7 12:36:20 mail MailScanner[10714]: Enabling SpamAssassin 
auto-whitelist functionality...
Jul  7 12:36:22 mail MailScanner[10714]: ClamAV scanner using unrar command 
/usr/bin/unrar
Jul  7 12:36:22 mail MailScanner[10714]: Using locktype = posix
Jul  7 13:01:01 mail update.bad.phishing.sites: Delaying cron job up to 600 
seconds
Jul  7 13:10:54 mail update.virus.scanners: Delaying cron job up to 600 
seconds
Jul  7 13:12:48 mail update.virus.scanners: Found clamav installed
Jul  7 13:12:48 mail update.virus.scanners: Running autoupdate for clamav
Jul  7 13:13:22 mail ClamAV-autoupdate[10805]: ClamAV updated
Jul  7 13:13:22 mail update.virus.scanners: Found generic installed
Jul  7 13:13:22 mail update.virus.scanners: Running autoupdate for generic
Jul  7 13:27:34 mail sendmail[10919]: m67BRTfq010919: 
<iamjustsendingthisleter@xxxx.it>... User unknown
Jul  7 13:27:34 mail sendmail[10919]: m67BRTfq010919: 
from=<totedb6@ramasahayam.com>, size=0, class=0, nrcpts=0, proto=ESMTP, 
daemon=Daemon0, relay=[82.114.71.182]
Jul  7 13:29:14 mail sendmail[10920]: m67BTCqS010920: 
from=<info@pianetabimbofestival.com>, size=5082, class=0, nrcpts=1, 
msgid=<200807071129.10479701581833459663@mx1.sfarratu.com>, proto=SMTP, 
daemon=Daemon0, relay=mx1.sfarratu.com [69.12.222.232]
Jul  7 13:29:14 mail sendmail[10921]: m67BTCqS010920: to=xxx, 
delay=00:00:01, xdelay=00:00:00, mailer=local, pri=65293, dsn=2.0.0, 
stat=Sent
Jul  7 13:29:14 mail sendmail[10921]: m67BTCqS010920: to=xxx, 
delay=00:00:01, xdelay=00:00:00, mailer=local, pri=65293, dsn=2.0.0, 
stat=Sent
Jul  7 13:33:54 mail sendmail[10924]: m67BXr3X010924: 
from=<uber1@tiscali.it>, size=5172, class=0, nrcpts=1, 
msgid=<000001c8e025$57cd8e40$1400000a@acerfed0a54eeb>, proto=ESMTP, 
daemon=Daemon0, relay=jack.mail.tiscali.it [213.205.33.53]
Jul  7 13:33:54 mail sendmail[10925]: m67BXr3X010924: to=xxx, 
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65385, dsn=2.0.0, 
stat=Sent
Jul  7 13:33:54 mail sendmail[10925]: m67BXr3X010924: to=xxx, 
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65385, dsn=2.0.0, 
stat=Sent
Jul  7 13:48:59 mail sendmail[10933]: m67Bmolh010933: from=<gixr@borzu.com>, 
size=567, class=0, nrcpts=1, msgid=<76feedfd$7bf7f7ef$4fc49f89@gixr>, 
bodytype=8BITMIME, proto=ESMTP, daemon=Daemon0, relay=[124.133.160.88]



----- Original Message ----- 
From: "Julian Field" <MailScanner@ecs.soton.ac.uk>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Monday, July 07, 2008 3:35 PM
Subject: Re: MailScanner on FC8 don't pickup emails


> Have you done
> chkconfig sendmail off
> chkconfig MailScanner on
> service sendmail stop
> service MailScanner start
> ?
> If you still have sendmail running from before you installed it, then you 
> will get symptoms you are seeing.
>
>
> Luciano Grego wrote:
>> I've used the default path in MailScanner.conf. ( 
>> INQDIR=/var/spool/mqueue.in )
>> and leaving MailScanner in /etc/init.d that starting sendmail in 
>> agreement.
>>
>>
>> ----- Original Message ----- From: "Martin.Hepworth" 
>> <martinh@solidstatelogic.com>
>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>> Sent: Monday, July 07, 2008 1:07 PM
>> Subject: RE: MailScanner on FC8 don't pickup emails
>>
>>
>>> Luciano
>>>
>>> You should be using the rpm version for Fedora installs..
>>>
>>> http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz
>>>
>>> Than follow the rpm based install instructions.
>>>
>>> You need to configure the MailScanner.conf to point at correct locations 
>>> for the sendmail queues etc.
>>>
>>> -- 
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>> -----Original Message-----
>>>> From: mailscanner-bounces@lists.mailscanner.info
>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>>> Of Luciano Grego
>>>> Sent: 07 July 2008 11:34
>>>> To: MailScanner discussion
>>>> Subject: Re: MailScanner on FC8 don't pickup emails
>>>>
>>>> Hi,
>>>> Excuse me for long list ...
>>>> But ... in debug mode i should see the email passing through
>>>> MailScanner?
>>>>
>>>> I have not answered your question first:  What install
>>>> instructions have you followed?
>>>> I' ve follow the INSTALL file guide. Untar src file and ./install.sh.
>>>>
>>>> -- 
>>>>
>>>> mail  root  [ /var/log ] MailScanner --debug --debug-sa In
>>>> Debugging mode, not forking...
>>>> Trying to setlogsock(unix)
>>>> 12:23:04 SpamAssassin temp dir =
>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> 12:23:04 [10417] dbg: logger: adding facilities: all
>>>> 12:23:04 [10417] dbg: logger: logging level is DBG
>>>> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5
>>>> 12:23:04 [10417] dbg: config: score set 0 chosen.
>>>> 12:23:04 [10417] dbg: util: running in taint mode? no
>>>> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes
>>>> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63
>>>> 12:23:04 [10417] dbg: ignore: test message to precompile
>>>> patterns and load modules
>>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
>>>> for site rules pre files
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /etc/mail/spamassassin/init.pre
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /etc/mail/spamassassin/v310.pre
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /etc/mail/spamassassin/v312.pre
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /etc/mail/spamassassin/v320.pre
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005" for sys rules pre files
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005" for default rules dir
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
>>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
>>>> for site rules dir
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /etc/mail/spamassassin/mailscanner.cf
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::URIDNSBL
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::Hashcash
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::SPF from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::Razor2
>>>> from @INC
>>>> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC
>>>> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor
>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>> Mail::SpamAssassin::Plugin::Razor2, already registered
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::SpamCop
>>>> from @INC
>>>> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::AWL from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::MIMEHeader
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC
>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered
>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>> Mail::SpamAssassin::Plugin::SPF, already registered
>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::Check from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::URIDetail
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::Bayes from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::BodyEval
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::DNSEval
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::HTMLEval
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::HeaderEval
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::MIMEEval
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::RelayEval
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::URIEval
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::WLBLEval
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::VBounce
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: loading
>>>> Mail::SpamAssassin::Plugin::ImageInfo
>>>> from @INC
>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered
>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>> Mail::SpamAssassin::Plugin::SPF, already registered
>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>> Mail::SpamAssassin::Plugin::Razor2, already registered
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
>>>> ault_prefs.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de
>>>> fault_prefs.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
>>>> ault_prefs.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
>>>> ance_fee.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad
>>>> vance_fee.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
>>>> ance_fee.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
>>>> y_tests.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo
>>>> dy_tests.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
>>>> y_tests.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
>>>> pensate.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co
>>>> mpensate.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
>>>> pensate.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
>>>> bl_tests.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn
>>>> sbl_tests.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
>>>> bl_tests.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr
>>>> ugs.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy
>>>> nrdns.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
>>>> e_helo_tests.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa
>>>> ke_helo_tests.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
>>>> e_helo_tests.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
>>>> d_tests.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he
>>>> ad_tests.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
>>>> d_tests.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
>>>> l_tests.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht
>>>> ml_tests.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
>>>> l_tests.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
>>>> geinfo.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im
>>>> ageinfo.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
>>>> geinfo.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
>>>> a_tests.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me
>>>> ta_tests.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
>>>> a_tests.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
>>>> _tests.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne
>>>> t_tests.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
>>>> _tests.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph
>>>> rases.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po
>>>> rn.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra
>>>> tware.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
>>>> _tests.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur
>>>> i_tests.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
>>>> _tests.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb
>>>> ounce.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba
>>>> yes.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac
>>>> cessdb.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
>>>> ivirus.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an
>>>> tivirus.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
>>>> ivirus.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as
>>>> n.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc
>>>> c.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk
>>>> im.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
>>>> ainkeys.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do
>>>> mainkeys.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
>>>> ainkeys.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha
>>>> shcash.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py
>>>> zor.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra
>>>> zor2.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re
>>>> place.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp
>>>> f.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te
>>>> xtcat.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur
>>>> ibl.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>> xt_de.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>> xt_fr.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>> xt_it.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>> xt_nl.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>> xt_pl.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
>>>> t_pt_br.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>> xt_pt_br.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
>>>> t_pt_br.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc
>>>> ores.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw
>>>> l.cf" for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
>>>> rtcircuit.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh
>>>> ortcircuit.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
>>>> rtcircuit.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>> itelist.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist_dk.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>> itelist_dk.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist_dk.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist_dkim.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>> itelist_dkim.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist_dkim.cf
>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist_spf.cf
>>>> 12:23:04 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>> itelist_spf.cf"
>>>> for included file
>>>> 12:23:04 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist_spf.cf
>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist_subject.cf
>>>> 12:23:05 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>> itelist_subject.cf"
>>>> for included file
>>>> 12:23:05 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>> telist_subject.cf
>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
>>>> 12:23:05 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac
>>>> tive.cf" for included file
>>>> 12:23:05 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
>>>> 12:23:05 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re
>>>> moved.cf" for included file
>>>> 12:23:05 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>>>> 12:23:05 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc
>>>> ores.cf" for included file
>>>> 12:23:05 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
>>>> itional.cf
>>>> 12:23:05 [10417] dbg: config: using
>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad
>>>> ditional.cf"
>>>> for included file
>>>> 12:23:05 [10417] dbg: config: read file
>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
>>>> itional.cf
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates:
>>>> __MO_OL_C65FA
>>>> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates:
>>>> __XM_OL_A842E
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates:
>>>> __MO_OL_8627E
>>>> __MO_OL_F3B05
>>>> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates:
>>>> __RATWARE_0_TZ_DATE
>>>> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates:
>>>> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5
>>>> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0
>>>> __XM_OL_F475E __XM_OL_F6D01
>>>> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged
>>>> duplicates: __MSGID_VGA
>>>> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates:
>>>> HS_SUBJ_NEW_SOFTWARE
>>>> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates:
>>>> __HAS_MSMAIL_PRI
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates:
>>>> __MO_OL_6554A
>>>> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates:
>>>> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B
>>>> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6
>>>> __XM_OL_F3B05 __XM_OL_FF5C8
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates:
>>>> __MO_OL_B30D1 __MO_OL_CF0C0
>>>> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates:
>>>> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4
>>>> KAM_STOCKTIP6
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates:
>>>> __MO_OL_4F240
>>>> __MO_OL_ADFF7
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates:
>>>> __MO_OL_BC7E6
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates:
>>>> __MO_OL_4EEDB __MO_OL_7533E
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates:
>>>> __MO_OL_B4B40
>>>> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates:
>>>> __HAS_ANY_URI
>>>> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates:
>>>> __XM_OL_EF20B
>>>> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates:
>>>> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER
>>>> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2
>>>> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE
>>>> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX
>>>> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS
>>>> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED
>>>> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY
>>>> YOUR_CRD_RATING
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates:
>>>> __MO_OL_A842E
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates:
>>>> __MO_OL_FF5C8
>>>> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates:
>>>> __MO_OL_F6D01
>>>> 12:23:05 [10417] dbg: conf: finish parsing
>>>> 12:23:05 [10417] dbg: plugin:
>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c)
>>>> implements 'finish_parsing_end', priority 0
>>>> 12:23:05 [10417] dbg: replacetags: replacing tags
>>>> 12:23:05 [10417] dbg: replacetags: done replacing tags
>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>>> /etc/MailScanner/bayes/bayes__toks
>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>>> /etc/MailScanner/bayes/bayes__seen
>>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3
>>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
>>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only
>>>> 1 spam(s) in bayes DB < 200
>>>> 12:23:05 [10417] dbg: bayes: untie-ing
>>>> 12:23:05 [10417] dbg: config: score set 1 chosen.
>>>> 12:23:05 [10417] dbg: message: main message type: text/plain
>>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ----
>>>> 12:23:05 [10417] dbg: message: parsing normal part
>>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ----
>>>> 12:23:05 [10417] dbg: plugin:
>>>> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc)
>>>> implements 'check_start', priority 0
>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>>> /etc/MailScanner/bayes/bayes__toks
>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>>> /etc/MailScanner/bayes/bayes__seen
>>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3
>>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
>>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only
>>>> 1 spam(s) in bayes DB < 200
>>>> 12:23:05 [10417] dbg: bayes: untie-ing
>>>> 12:23:05 [10417] dbg: plugin:
>>>> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements
>>>> 'check_main', priority 0
>>>> 12:23:05 [10417] dbg: conf: trusted_networks are not
>>>> configured; it is recommended that you configure
>>>> trusted_networks manually
>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted:
>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted:
>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal:
>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External:
>>>> 12:23:05 [10417] dbg: plugin:
>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
>>>> implements 'extract_metadata', priority 0
>>>> 12:23:05 [10417] dbg: metadata: X-Relay-Countries:
>>>> 12:23:05 [10417] dbg: message: no encoding detected
>>>> 12:23:05 [10417] dbg: plugin:
>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08)
>>>> implements 'parsed_metadata', priority 0
>>>> 12:23:05 [10417] dbg: plugin:
>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
>>>> implements 'parsed_metadata', priority 0
>>>> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes
>>>> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63
>>>> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18,
>>>> LocalAddr: 0.0.0.0
>>>> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is
>>>> 110592 bytes
>>>> 12:23:05 [10417] dbg: dns: dns_available set to yes in config
>>>> file, skipping test
>>>> 12:23:05 [10417] dbg: uridnsbl: domains to query:
>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>> sa-other.bondedsender.org., set bsp-untrusted
>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>> plus.bondedsender.org., set ssc-firsttrusted
>>>> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set njabl
>>>> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop
>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>> dob.sibl.support-intelligence.net.,
>>>> set dob
>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
>>>> set zen-lastexternal
>>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set
>>>> sorbs-lastexternal
>>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
>>>> set zen-lastexternal
>>>> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set
>>>> dnswl-firsttrusted
>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>> sa-accredit.habeas.com., set habeas-firsttrusted
>>>> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set
>>>> dsbl-lastexternal
>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>> sa-trusted.bondedsender.org., set bsp-firsttrusted
>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen
>>>> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set
>>>> iadb-firsttrusted
>>>> 12:23:05 [10417] dbg: check: running tests for priority: -1000
>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>> 12:23:05 [10417] dbg: eval: all '*From' addrs:
>>>> ignore@compiling.spamassassin.taint.org
>>>> 12:23:05 [10417] dbg: eval: all '*To' addrs:
>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>>> 12:23:05 [10417] dbg: check: running tests for priority: -950
>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>>> 12:23:05 [10417] dbg: check: running tests for priority: -900
>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>>> 12:23:05 [10417] dbg: check: running tests for priority: -400
>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>>> 12:23:05 [10417] dbg: check: running tests for priority: 0
>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF
>>>> ======> got hit:
>>>> "UNSET"
>>>> 12:23:05 [10417] dbg: rules: ran header rule
>>>> __MSOE_MID_WRONG_CASE ======> got hit: "
>>>> 12:23:05 [10417] dbg: rules: Message-Id: "
>>>> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE
>>>> ======> got hit:
>>>> "UNSET"
>>>> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST
>>>> ======> got
>>>> hit: "@spamassassin_spamd_init>"
>>>> 12:23:05 [10417] dbg: rules: ran header rule
>>>> __MSGID_OK_DIGITS ======> got
>>>> hit: "1215426184"
>>>> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID
>>>> ======> got hit:
>>>> "<"
>>>> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID
>>>> ======> got hit:
>>>> "<1215426184.34281@spamassassin_spamd_init>
>>>> 12:23:05 [10417] dbg: rules: "
>>>> 12:23:05 [10417] dbg: spf: checking to see if the message has
>>>> a Received-SPF header that we can use
>>>> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks
>>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
>>>> found, skipping SPF-helo check
>>>> 12:23:05 [10417] dbg: spf: already checked for Received-SPF
>>>> headers, proceeding with DNS based checks
>>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
>>>> found, skipping SPF check
>>>> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======>
>>>> got hit (1)
>>>> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already
>>>> checked spf and didn't get pass, skipping whitelist check
>>>> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID
>>>> ======> got hit
>>>> (1)
>>>> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS
>>>> ======> got hit
>>>> (1)
>>>> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already
>>>> checked spf and didn't get pass, skipping whitelist check
>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581
>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY
>>>> ======> got hit:
>>>> "I"
>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581
>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>> 12:23:05 [10417] dbg: eval: stock info total: 0
>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=1.581
>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY
>>>> ======> got hit:
>>>> "need"
>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581
>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>> 12:23:05 [10417] dbg: info: entering helper-app run mode
>>>> 12:23:06 [10417] dbg: info: leaving helper-app run mode
>>>> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 confidence=0
>>>> 12:23:06 [10417] dbg: razor2: results: spam? 0
>>>> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0
>>>> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0
>>>> 12:23:06 [10417] dbg: util: current PATH is:
>>>> /sbin:/bin:/usr/sbin:/usr/bin
>>>> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor
>>>> executable found
>>>> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor
>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
>>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>>> 12:23:06 [10417] dbg: check: running tests for priority: 500
>>>> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries
>>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581
>>>> 12:23:06 [10417] dbg: rules: compiled head tests
>>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581
>>>> 12:23:06 [10417] dbg: rules: compiled body tests
>>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581
>>>> 12:23:06 [10417] dbg: rules: compiled uri tests
>>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=1.581
>>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests
>>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581
>>>> 12:23:06 [10417] dbg: rules: compiled full tests
>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
>>>> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has
>>>> undefined dependency 'DCC_CHECK'
>>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>>> 12:23:06 [10417] dbg: check: running tests for priority: 1000
>>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865
>>>> 12:23:06 [10417] dbg: rules: compiled head tests
>>>> 12:23:06 [10417] dbg: locker: safe_lock: created
>>>> /root/.spamassassin/auto-whitelist.mutex
>>>> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock
>>>> on /root/.spamassassin/auto-whitelist with 30 timeout
>>>> 12:23:06 [10417] dbg: locker: safe_lock: link to
>>>> /root/.spamassassin/auto-whitelist.mutex: link ok
>>>> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of
>>>> type DB_File R/W in /root/.spamassassin/auto-whitelist
>>>> 12:23:06 [10417] dbg: auto-whitelist: db-based
>>>> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
>>>> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score:
>>>> 2.865, autolearn score: 2.865, mean: undef, IP: undef
>>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing
>>>> and unlocking
>>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file
>>>> locked, breaking lock
>>>> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked
>>>> /root/.spamassassin/auto-whitelist.mutex
>>>> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 2.865
>>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865
>>>> 12:23:06 [10417] dbg: rules: compiled body tests
>>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865
>>>> 12:23:06 [10417] dbg: rules: compiled uri tests
>>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so far=2.865
>>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests
>>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865
>>>> 12:23:06 [10417] dbg: rules: compiled full tests
>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865
>>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>>> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5
>>>> 12:23:06 [10417] dbg: check:
>>>> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED
>>>> ,NO_RELAYS
>>>> 12:23:06 [10417] dbg: check:
>>>> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O
>>>> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV
>>>> D_BODY,__UNUSABLE_MSGID
>>>> 12:23:06 Building a message batch to scan...
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>>>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>>> Sent: Monday, July 07, 2008 12:08 PM
>>>> Subject: RE: MailScanner on FC8 don't pickup emails
>>>>
>>>>
>>>> >
>>>> >
>>>> >
>>>> >> -----Original Message-----
>>>> >> From: mailscanner-bounces@lists.mailscanner.info
>>>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>>> >> Of Luciano Grego
>>>> >> Sent: 07 July 2008 11:00
>>>> >> To: MailScanner discussion
>>>> >> Subject: Re: MailScanner on FC8 don't pickup emails
>>>> >>
>>>> >>
>>>> >> ----- Original Message -----
>>>> >> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>>>> >> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>>> >> Sent: Monday, July 07, 2008 11:06 AM
>>>> >> Subject: RE: MailScanner on FC8 don't pickup emails
>>>> >>
>>>> >>
>>>> >> >I would have thought you'd need to change the Lock Type to
>>>> >> the default
>>>> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora
>>>> >> change this)
>>>> >> >
>>>> >> > Also a "MailScanner --debug --debug-sa" output to a
>>>> >> pastebin or web page
>>>> >> > (as they can be large) would be interesting to see?
>>>> >> >
>>>> >> > What install instructions have you followed?
>>>> >> >
>>>> >> > --
>>>> >> > Martin Hepworth
>>>> >> > Snr Systems Administrator
>>>> >> > Solid State Logic
>>>> >> > Tel: +44 (0)1865 842300
>>>> >> >
>>>> >> >> -----Original Message-----
>>>> >> >> From: mailscanner-bounces@lists.mailscanner.info
>>>> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>>> >> >> Of Luciano Grego
>>>> >> >> Sent: 07 July 2008 09:54
>>>> >> >> To: mailscanner@lists.mailscanner.info
>>>> >> >> Subject: MailScanner on FC8 don't pickup emails
>>>> >> >>
>>>> >> >> Hi,
>>>> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then
>>>> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
>>>> >> 4.71.2-2).
>>>> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
>>>> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
>>>> >> >> It' s a locking problem?
>>>> >> >> Must reinstall with --nodeps?
>>>> >> >>
>>>> >> >> Here 'MailScanner --lint':
>>>> >> >>
>>>> >> >> Trying to setlogsock(unix)
>>>> >> >> Read 824 hostnames from the phishing whitelist Read 3052
>>>> >> >> hostnames from the phishing blacklist Checking version
>>>> numbers...
>>>> >> >> Version number in MailScanner.conf (4.71.2) is correct.
>>>> >> >>
>>>> >> >> Your envelope_sender_header in spam.assassin.prefs.conf
>>>> is correct.
>>>> >> >>
>>>> >> >> Checking for SpamAssassin errors (if you use it)...
>>>> >> >> SpamAssassin temporary working directory is
>>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> >> >> SpamAssassin temp dir =
>>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>> >> >> Using SpamAssassin results cache
>>>> >> >> Connected to SpamAssassin cache database SpamAssassin
>>>> >> >> reported no errors.
>>>> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using
>>>> >> >> locktype = flock MailScanner.conf says "Virus Scanners = clamav"
>>>> >> >> Found these virus scanners installed: clamavmodule
>>>> >> >> ==============================================================
>>>> >> >> =============
>>>> >> >> Virus and Content Scanning: Starting
>>>> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
>>>> >> >> Eicar-Test-Signature FOUND
>>>> >> >>
>>>> >> >> /var/spool/MailScanner/incoming/9520/./1.message:
>>>> >> >> Eicar-Test-Signature FOUND
>>>> >> >>
>>>> >> >> Virus Scanning: ClamAV found 2 infections Infected message
>>>> >> >> 1.message came from Infected message 1 came from 10.1.1.1
>>>> >> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
>>>> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
>>>> >> >> Checks: Found 1 problems
>>>> >> >> ==============================================================
>>>> >> >> =============
>>>> >> >> Virus Scanner test reports:
>>>> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
>>>> >> >>
>>>> >> >> If any of your virus scanners (clamavmodule) are not listed
>>>> >> >> there, you should check that they are installed correctly and
>>>> >> >> that MailScanner is finding them correctly via its
>>>> >> >> virus.scanners.conf.
>>>> >> >>
>>>> >> >>
>>>> >> >> --
>>>> >> >>
>>>> >> >> Here 'MailScanner -v':
>>>> >> >> Running on
>>>> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
>>>> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
>>>> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
>>>> >> >>
>>>> >> >> This is MailScanner version 4.71.2
>>>> >> >> Module versions are:
>>>> >> >> 1.00    AnyDBM_File
>>>> >> >> 1.20    Archive::Zip
>>>> >> >> 0.21    bignum
>>>> >> >> 1.04    Carp
>>>> >> >> 2.005   Compress::Zlib
>>>> >> >> 1.119   Convert::BinHex
>>>> >> >> 0.17    Convert::TNEF
>>>> >> >> 2.121_08        Data::Dumper
>>>> >> >> 2.27    Date::Parse
>>>> >> >> 1.00    DirHandle
>>>> >> >> 1.05    Fcntl
>>>> >> >> 2.74    File::Basename
>>>> >> >> 2.09    File::Copy
>>>> >> >> 2.01    FileHandle
>>>> >> >> 1.08    File::Path
>>>> >> >> 0.20    File::Temp
>>>> >> >> 0.90    Filesys::Df
>>>> >> >> 1.35    HTML::Entities
>>>> >> >> 3.56    HTML::Parser
>>>> >> >> 2.37    HTML::TokeParser
>>>> >> >> 1.23    IO
>>>> >> >> 1.14    IO::File
>>>> >> >> 1.13    IO::Pipe
>>>> >> >> 2.02    Mail::Header
>>>> >> >> 1.86    Math::BigInt
>>>> >> >> 0.19    Math::BigRat
>>>> >> >> 3.07    MIME::Base64
>>>> >> >> 5.425   MIME::Decoder
>>>> >> >> 5.425   MIME::Decoder::UU
>>>> >> >> 5.425   MIME::Head
>>>> >> >> 5.425   MIME::Parser
>>>> >> >> 3.07    MIME::QuotedPrint
>>>> >> >> 5.425   MIME::Tools
>>>> >> >> 0.11    Net::CIDR
>>>> >> >> 1.25    Net::IP
>>>> >> >> 0.16    OLE::Storage_Lite
>>>> >> >> 1.04    Pod::Escapes
>>>> >> >> 3.05    Pod::Simple
>>>> >> >> 1.09    POSIX
>>>> >> >> 1.19    Scalar::Util
>>>> >> >> 1.78    Socket
>>>> >> >> 2.15    Storable
>>>> >> >> 1.4     Sys::Hostname::Long
>>>> >> >> 0.18    Sys::Syslog
>>>> >> >> 1.26    Test::Pod
>>>> >> >> 0.78    Test::Simple
>>>> >> >> 1.86    Time::HiRes
>>>> >> >> 1.02    Time::localtime
>>>> >> >>
>>>> >> >> Optional module versions are:
>>>> >> >> 1.34    Archive::Tar
>>>> >> >> 0.21    bignum
>>>> >> >> 1.82    Business::ISBN
>>>> >> >> 1.10    Business::ISBN::Data
>>>> >> >> 1.08    Data::Dump
>>>> >> >> 1.815   DB_File
>>>> >> >> 1.14    DBD::SQLite
>>>> >> >> 1.58    DBI
>>>> >> >> 1.15    Digest
>>>> >> >> 1.01    Digest::HMAC
>>>> >> >> 2.36    Digest::MD5
>>>> >> >> 2.11    Digest::SHA1
>>>> >> >> 1.00    Encode::Detect
>>>> >> >> 0.17010 Error
>>>> >> >> 0.18    ExtUtils::CBuilder
>>>> >> >> 2.18    ExtUtils::ParseXS
>>>> >> >> 2.36    Getopt::Long
>>>> >> >> 0.44    Inline
>>>> >> >> 1.08    IO::String
>>>> >> >> 1.07    IO::Zlib
>>>> >> >> 2.21    IP::Country
>>>> >> >> 0.22    Mail::ClamAV
>>>> >> >> 3.002005        Mail::SpamAssassin
>>>> >> >> v2.005  Mail::SPF
>>>> >> >> 1.999001        Mail::SPF::Query
>>>> >> >> 0.2808  Module::Build
>>>> >> >> 0.20    Net::CIDR::Lite
>>>> >> >> 0.63    Net::DNS
>>>> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>>>> >> >>  4.004  NetAddr::IP
>>>> >> >> 1.94    Parse::RecDescent
>>>> >> >> missing SAVI
>>>> >> >> 2.64    Test::Harness
>>>> >> >> 0.95    Test::Manifest
>>>> >> >> 1.98    Text::Balanced
>>>> >> >> 1.35    URI
>>>> >> >> 0.7203  version
>>>> >> >> 0.62    YAML
>>>> >> >>
>>>> >> >> Thanks
>>>> >> >>  Luciano.
>>>> >> >>
>>>> >
>>>> >> > --
>>>> >> > MailScanner mailing list
>>>> >> > mailscanner@lists.mailscanner.info
>>>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>> >> >
>>>> >> > Before posting, read http://wiki.mailscanner.info/posting
>>>> >> >
>>>> >> > Support MailScanner development - buy the book off the website!
>>>> >> >
>>>> >> > --
>>>> >> > Il messaggio e' stato analizzato alla ricerca di virus o
>>>> >> > contenuti pericolosi da MailScanner, ed e'
>>>> >> > risultato non infetto.
>>>> >> >
>>>> >> >
>>>> >>
>>>> >> HI Martin,
>>>> >> Lock Type = flock
>>>> >>  ... for test my ideas ...
>>>> >>
>>>> >> I've setup this Mailscanner box for my client and
>>>> >> i' ve reboot the machine friday at 18:45 with new params.
>>>> >> Now i'm checking logs and i see Mailscanner pickup messages
>>>> >> from Sunday at
>>>> >> 15:00. None first!
>>>> >> MailScanner needs more time for starting up?
>>>> >>
>>>> >> I' ve put
>>>> >> Lock Type =
>>>> >> now and
>>>> >> 'service MailScanner restart'.
>>>> >> Thank you.
>>>> >> L.
>>>> >>
>>>> >>
>>>> >
>>>> > Hi
>>>> >
>>>> > Anything in the maillog reguarding mailScanner???
>>>> >
>>>> > Should only take a few seconds to get going.
>>>> >
>>>> > I'd drop to debug and see if you can spot anything.
>>>> >
>>>> >
>>>> > --
>>>> > Martin Hepworth
>>>> > Snr Systems Administrator
>>>> > Solid State Logic
>>>> > Tel: +44 (0)1865 842300
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> **********************************************************************
>>>> > Confidentiality : This e-mail and any attachments are
>>>> intended for the
>>>> > addressee only and may be confidential. If they come to you in error
>>>> > you must take no action based on them, nor must you copy or
>>>> show them
>>>> > to anyone. Please advise the sender by replying to this e-mail
>>>> > immediately and then delete the original from your computer.
>>>> > Opinion : Any opinions expressed in this e-mail are
>>>> entirely those of
>>>> > the author and unless specifically stated to the contrary, are not
>>>> > necessarily those of the author's employer.
>>>> > Security Warning : Internet e-mail is not necessarily a secure
>>>> > communications medium and can be subject to data
>>>> corruption. We advise
>>>> > that you consider this fact when e-mailing us.
>>>> > Viruses : We have taken steps to ensure that this e-mail and any
>>>> > attachments are free from known viruses but in keeping with good
>>>> > computing practice, you should ensure that they are virus free.
>>>> >
>>>> > Red Lion 49 Ltd T/A Solid State Logic
>>>> > Registered as a limited company in England and Wales
>>>> > (Company No:5362730)
>>>> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>>>> > United Kingdom
>>>> >
>>>> **********************************************************************
>>>> >
>>>> > --
>>>> > MailScanner mailing list
>>>> > mailscanner@lists.mailscanner.info
>>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>> >
>>>> > Before posting, read http://wiki.mailscanner.info/posting
>>>> >
>>>> > Support MailScanner development - buy the book off the website!
>>>> >
>>>> > --
>>>> > Il messaggio e' stato analizzato alla ricerca di virus o
>>>> > contenuti pericolosi da MailScanner, ed e'
>>>> > risultato non infetto.
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>> -- 
>>>> Il messaggio e' stato analizzato alla ricerca di virus o
>>>> contenuti pericolosi da MailScanner, ed e'
>>>> risultato non infetto.
>>>>
>>>> -- 
>>>> MailScanner mailing list
>>>> mailscanner@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>>
>>>
>>>
>>> **********************************************************************
>>> Confidentiality : This e-mail and any attachments are intended for the
>>> addressee only and may be confidential. If they come to you in error
>>> you must take no action based on them, nor must you copy or show them
>>> to anyone. Please advise the sender by replying to this e-mail
>>> immediately and then delete the original from your computer.
>>> Opinion : Any opinions expressed in this e-mail are entirely those of
>>> the author and unless specifically stated to the contrary, are not
>>> necessarily those of the author's employer.
>>> Security Warning : Internet e-mail is not necessarily a secure
>>> communications medium and can be subject to data corruption. We advise
>>> that you consider this fact when e-mailing us.
>>> Viruses : We have taken steps to ensure that this e-mail and any
>>> attachments are free from known viruses but in keeping with good
>>> computing practice, you should ensure that they are virus free.
>>>
>>> Red Lion 49 Ltd T/A Solid State Logic
>>> Registered as a limited company in England and Wales
>>> (Company No:5362730)
>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>>> United Kingdom
>>> **********************************************************************
>>>
>>> -- 
>>> MailScanner mailing list
>>> mailscanner@lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>> -- 
>>> Il messaggio e' stato analizzato alla ricerca di virus o
>>> contenuti pericolosi da MailScanner, ed e'
>>> risultato non infetto.
>>>
>>>
>>
>>
>>
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> -- 
> Il messaggio e' stato analizzato alla ricerca di virus o
> contenuti pericolosi da MailScanner, ed e'
> risultato non infetto.
> 



-- 
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.

From MailScanner at ecs.soton.ac.uk  Mon Jul  7 15:25:30 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jul  7 15:25:57 2008
Subject: Bypassing Custom PLugin
In-Reply-To: <EMEW-k66EYN4866af8c7d08d6b63b8fc93552106853-4baa40ce0807070629y36bdac25g3a00727a50ee1bb2@mail.gmail.com>
References: <EMEW-k66EYN4866af8c7d08d6b63b8fc93552106853-4baa40ce0807070629y36bdac25g3a00727a50ee1bb2@mail.gmail.com>
Message-ID: <4872275A.2060601@ecs.soton.ac.uk>

Do you mean a "Custom Function" or a "Generic Spam Scanner" or a 
"Generic Virus Scanner"?
If you mean a "Custom Function" then what configuration setting have you 
attached it to?

Rick Duval wrote:
> I have written a customs plugin and part of what it does is log every 
> email that is passed to it but some emails never seem to reach it.
>
> Can anyone tell me where this might be happening?
>
> Thanks

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Mon Jul  7 15:27:09 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jul  7 15:27:42 2008
Subject: MailScanner on FC8 don't pickup emails
In-Reply-To: <EMEW-k66FKY284e7c01b593c8261aa7966f08946cc7-A607C7667E044457B5F7203052580ADA@LUCIANO>
References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com><EMEW-k66ENce02c9e21cf3eec8cf6e13e90e40432f0-B71CA6E291D24F2BB9712EE07A20757B@LUCIANO>	<48721BA8.4060507@ecs.soton.ac.uk>
	<EMEW-k66FKY284e7c01b593c8261aa7966f08946cc7-A607C7667E044457B5F7203052580ADA@LUCIANO>
Message-ID: <487227BD.4050502@ecs.soton.ac.uk>

Why are you setting "Lock Type = flock"? What version of sendmail are 
you running and what operating system are you running? Have you just 
tried leaving "Lock Type =" (i.e. leaving it set blank)?

Luciano Grego wrote:
> Hi,
> Yes, i've stopped sendmail and starting mailscanner ( with chkconfig ) 
> plus reboot the machine many times.
> The strange things is:
> LOCK TYPE = flock + reboot
> Mailscanner see the messages ( with errors ), here the mail log:
>
> Jul  6 15:54:39 mail sendmail[2160]: m66DsbjM002160: 
> from=<tequilla99@hotmail.com>, size=581, class=0, nrcpts=1, 
> msgid=<01c8df2c$c82ce680$655c7b59@tequilla99>, proto=ESMTP, 
> daemon=Daemon0, relay=[89.123.92.101]
> Jul  6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=XXXXXX, 
> delay=00:00:01, xdelay=00:00:01, mailer=local, pri=60768, dsn=2.0.0, 
> stat=Sent
> Jul  6 15:54:40 mail MailScanner[21651]: New Batch: Scanning 1 
> messages, 1034 bytes
> Jul  6 15:54:40 mail MailScanner[21651]: Spam Checks: Starting
> Jul  6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=xxxxxxx, 
> delay=00:00:01, xdelay=00:00:00, mailer=local, pri=60768, dsn=2.0.0, 
> stat=Sent
> Jul  6 15:54:40 mail MailScanner[21651]: RBL checks: m66DsbjM002160 
> found in spamhaus-ZEN
> Jul  6 15:54:45 mail MailScanner[21651]: Message m66DsbjM002160 from 
> 89.123.92.101 (tequilla99@hotmail.com) to xxxxxxx.it is spam, 
> spamhaus-ZEN, SpamAssassin (not cached, punteggio=26.821, necessario 
> 4, autolearn=spam, FORGED_HOTMAIL_RCVD2 1.12, HELO_LH_HOME 3.17, 
> INVALID_DATE 1.65, RAZOR2_CF_RANGE_51_100 0.50, 
> RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_PBL 0.51, 
> RCVD_IN_XBL 2.90, RDNS_NONE 0.10, SPF_SOFTFAIL 0.65, SUBJ_ALL_CAPS 
> 1.81, URIBL_BLACK 1.96, URIBL_JP_SURBL 2.86, URIBL_OB_SURBL 2.13, 
> URIBL_RHS_DOB 0.90, URIBL_SBL 2.47, URIBL_WS_SURBL 2.10)
> Jul  6 15:54:45 mail MailScanner[21651]: Spam Checks: Found 1 spam 
> messages
> Jul  6 15:54:45 mail MailScanner[21651]: Spam Actions: message 
> m66DsbjM002160 actions are store
> Jul  6 15:54:45 mail MailScanner[21651]: Unlinking 
> /var/spool/mqueue.in/qfm66DsbjM002160 failed: No such file or directory
> Jul  6 15:54:45 mail MailScanner[21651]: Unlinking 
> /var/spool/mqueue.in/dfm66DsbjM002160 failed: No such file or directory
> Jul  6 15:54:45 mail MailScanner[21651]: Virus and Content Scanning: 
> Starting
> Jul  6 15:54:51 mail MailScanner[21651]: MailScanner child dying of 
> old age
> Jul  6 15:54:51 mail MailScanner[2174]: MailScanner E-Mail Virus 
> Scanner version 4.71.2 starting...
> Jul  6 15:54:51 mail MailScanner[2174]: Read 824 hostnames from the 
> phishing whitelist
> Jul  6 15:54:51 mail MailScanner[2174]: Read 3090 hostnames from the 
> phishing blacklist
> Jul  6 15:54:51 mail MailScanner[2174]: SpamAssassin temporary working 
> directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Jul  6 15:54:51 mail MailScanner[2174]: Using SpamAssassin results cache
> Jul  6 15:54:51 mail MailScanner[2174]: Connected to SpamAssassin 
> cache database
> Jul  6 15:54:51 mail MailScanner[2174]: Enabling SpamAssassin 
> auto-whitelist functionality...
> Jul  6 15:54:53 mail MailScanner[2174]: ClamAV scanner using unrar 
> command /usr/bin/unrar
> Jul  6 15:54:53 mail MailScanner[2174]: Using locktype = flock
> Jul  6 16:01:01 mail update.bad.phishing.sites: Delaying cron job up 
> to 600 seconds
> Jul  6 16:09:43 mail update.virus.scanners: Delaying cron job up to 
> 600 seconds
> Jul  6 16:12:23 mail update.virus.scanners: Found clamav installed
> Jul  6 16:12:23 mail update.virus.scanners: Running autoupdate for clamav
> Jul  6 16:12:23 mail ClamAV-autoupdate[2261]: ClamAV did not need 
> updating
> Jul  6 16:12:23 mail update.virus.scanners: Found generic installed
>
> Again,
> LOCK TYPE =
> Mailscanner don't see any messages:
>
> Jul  7 12:36:20 mail MailScanner[10714]: MailScanner E-Mail Virus 
> Scanner version 4.71.2 starting...
> Jul  7 12:36:20 mail MailScanner[10714]: Read 824 hostnames from the 
> phishing whitelist
> Jul  7 12:36:20 mail MailScanner[10714]: Read 3056 hostnames from the 
> phishing blacklist
> Jul  7 12:36:20 mail MailScanner[10714]: SpamAssassin temporary 
> working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
> Jul  7 12:36:20 mail MailScanner[10714]: Using SpamAssassin results cache
> Jul  7 12:36:20 mail MailScanner[10714]: Connected to SpamAssassin 
> cache database
> Jul  7 12:36:20 mail MailScanner[10714]: Enabling SpamAssassin 
> auto-whitelist functionality...
> Jul  7 12:36:22 mail MailScanner[10714]: ClamAV scanner using unrar 
> command /usr/bin/unrar
> Jul  7 12:36:22 mail MailScanner[10714]: Using locktype = posix
> Jul  7 13:01:01 mail update.bad.phishing.sites: Delaying cron job up 
> to 600 seconds
> Jul  7 13:10:54 mail update.virus.scanners: Delaying cron job up to 
> 600 seconds
> Jul  7 13:12:48 mail update.virus.scanners: Found clamav installed
> Jul  7 13:12:48 mail update.virus.scanners: Running autoupdate for clamav
> Jul  7 13:13:22 mail ClamAV-autoupdate[10805]: ClamAV updated
> Jul  7 13:13:22 mail update.virus.scanners: Found generic installed
> Jul  7 13:13:22 mail update.virus.scanners: Running autoupdate for 
> generic
> Jul  7 13:27:34 mail sendmail[10919]: m67BRTfq010919: 
> <iamjustsendingthisleter@xxxx.it>... User unknown
> Jul  7 13:27:34 mail sendmail[10919]: m67BRTfq010919: 
> from=<totedb6@ramasahayam.com>, size=0, class=0, nrcpts=0, 
> proto=ESMTP, daemon=Daemon0, relay=[82.114.71.182]
> Jul  7 13:29:14 mail sendmail[10920]: m67BTCqS010920: 
> from=<info@pianetabimbofestival.com>, size=5082, class=0, nrcpts=1, 
> msgid=<200807071129.10479701581833459663@mx1.sfarratu.com>, 
> proto=SMTP, daemon=Daemon0, relay=mx1.sfarratu.com [69.12.222.232]
> Jul  7 13:29:14 mail sendmail[10921]: m67BTCqS010920: to=xxx, 
> delay=00:00:01, xdelay=00:00:00, mailer=local, pri=65293, dsn=2.0.0, 
> stat=Sent
> Jul  7 13:29:14 mail sendmail[10921]: m67BTCqS010920: to=xxx, 
> delay=00:00:01, xdelay=00:00:00, mailer=local, pri=65293, dsn=2.0.0, 
> stat=Sent
> Jul  7 13:33:54 mail sendmail[10924]: m67BXr3X010924: 
> from=<uber1@tiscali.it>, size=5172, class=0, nrcpts=1, 
> msgid=<000001c8e025$57cd8e40$1400000a@acerfed0a54eeb>, proto=ESMTP, 
> daemon=Daemon0, relay=jack.mail.tiscali.it [213.205.33.53]
> Jul  7 13:33:54 mail sendmail[10925]: m67BXr3X010924: to=xxx, 
> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65385, dsn=2.0.0, 
> stat=Sent
> Jul  7 13:33:54 mail sendmail[10925]: m67BXr3X010924: to=xxx, 
> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=65385, dsn=2.0.0, 
> stat=Sent
> Jul  7 13:48:59 mail sendmail[10933]: m67Bmolh010933: 
> from=<gixr@borzu.com>, size=567, class=0, nrcpts=1, 
> msgid=<76feedfd$7bf7f7ef$4fc49f89@gixr>, bodytype=8BITMIME, 
> proto=ESMTP, daemon=Daemon0, relay=[124.133.160.88]
>
>
>
> ----- Original Message ----- From: "Julian Field" 
> <MailScanner@ecs.soton.ac.uk>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Monday, July 07, 2008 3:35 PM
> Subject: Re: MailScanner on FC8 don't pickup emails
>
>
>> Have you done
>> chkconfig sendmail off
>> chkconfig MailScanner on
>> service sendmail stop
>> service MailScanner start
>> ?
>> If you still have sendmail running from before you installed it, then 
>> you will get symptoms you are seeing.
>>
>>
>> Luciano Grego wrote:
>>> I've used the default path in MailScanner.conf. ( 
>>> INQDIR=/var/spool/mqueue.in )
>>> and leaving MailScanner in /etc/init.d that starting sendmail in 
>>> agreement.
>>>
>>>
>>> ----- Original Message ----- From: "Martin.Hepworth" 
>>> <martinh@solidstatelogic.com>
>>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>> Sent: Monday, July 07, 2008 1:07 PM
>>> Subject: RE: MailScanner on FC8 don't pickup emails
>>>
>>>
>>>> Luciano
>>>>
>>>> You should be using the rpm version for Fedora installs..
>>>>
>>>> http://www.mailscanner.info/files/4/rpm/MailScanner-4.70.7-1.rpm.tar.gz 
>>>>
>>>>
>>>> Than follow the rpm based install instructions.
>>>>
>>>> You need to configure the MailScanner.conf to point at correct 
>>>> locations for the sendmail queues etc.
>>>>
>>>> -- 
>>>> Martin Hepworth
>>>> Snr Systems Administrator
>>>> Solid State Logic
>>>> Tel: +44 (0)1865 842300
>>>>
>>>>> -----Original Message-----
>>>>> From: mailscanner-bounces@lists.mailscanner.info
>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>>>> Of Luciano Grego
>>>>> Sent: 07 July 2008 11:34
>>>>> To: MailScanner discussion
>>>>> Subject: Re: MailScanner on FC8 don't pickup emails
>>>>>
>>>>> Hi,
>>>>> Excuse me for long list ...
>>>>> But ... in debug mode i should see the email passing through
>>>>> MailScanner?
>>>>>
>>>>> I have not answered your question first:  What install
>>>>> instructions have you followed?
>>>>> I' ve follow the INSTALL file guide. Untar src file and ./install.sh.
>>>>>
>>>>> -- 
>>>>>
>>>>> mail  root  [ /var/log ] MailScanner --debug --debug-sa In
>>>>> Debugging mode, not forking...
>>>>> Trying to setlogsock(unix)
>>>>> 12:23:04 SpamAssassin temp dir =
>>>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>>> 12:23:04 [10417] dbg: logger: adding facilities: all
>>>>> 12:23:04 [10417] dbg: logger: logging level is DBG
>>>>> 12:23:04 [10417] dbg: generic: SpamAssassin version 3.2.5
>>>>> 12:23:04 [10417] dbg: config: score set 0 chosen.
>>>>> 12:23:04 [10417] dbg: util: running in taint mode? no
>>>>> 12:23:04 [10417] dbg: dns: is Net::DNS::Resolver available? yes
>>>>> 12:23:04 [10417] dbg: dns: Net::DNS version: 0.63
>>>>> 12:23:04 [10417] dbg: ignore: test message to precompile
>>>>> patterns and load modules
>>>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
>>>>> for site rules pre files
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /etc/mail/spamassassin/init.pre
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /etc/mail/spamassassin/v310.pre
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /etc/mail/spamassassin/v312.pre
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /etc/mail/spamassassin/v320.pre
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005" for sys rules pre files
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005" for default rules dir
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
>>>>> 12:23:04 [10417] dbg: config: using "/etc/mail/spamassassin"
>>>>> for site rules dir
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /etc/mail/spamassassin/mailscanner.cf
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::URIDNSBL
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::Hashcash
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::SPF from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::RelayCountry from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::Razor2
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: razor2: razor2 is available, version 2.84
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::Pyzor from @INC
>>>>> 12:23:04 [10417] dbg: pyzor: network tests on, attempting Pyzor
>>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>>> Mail::SpamAssassin::Plugin::Razor2, already registered
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::SpamCop
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: reporter: network tests on, attempting SpamCop
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::AWL from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::MIMEHeader
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC
>>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered
>>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>>> Mail::SpamAssassin::Plugin::SPF, already registered
>>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::Check from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::URIDetail
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::Bayes from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::BodyEval
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::DNSEval
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::HTMLEval
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::HeaderEval
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::MIMEEval
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::RelayEval
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::URIEval
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::WLBLEval
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::VBounce
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: loading
>>>>> Mail::SpamAssassin::Plugin::ImageInfo
>>>>> from @INC
>>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>>> Mail::SpamAssassin::Plugin::RelayCountry, already registered
>>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>>> Mail::SpamAssassin::Plugin::SPF, already registered
>>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>>> Mail::SpamAssassin::Plugin::URIDNSBL, already registered
>>>>> 12:23:04 [10417] dbg: plugin: did not register
>>>>> Mail::SpamAssassin::Plugin::Razor2, already registered
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
>>>>> ault_prefs.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_de
>>>>> fault_prefs.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_def
>>>>> ault_prefs.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
>>>>> ance_fee.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ad
>>>>> vance_fee.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_adv
>>>>> ance_fee.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
>>>>> y_tests.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bo
>>>>> dy_tests.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_bod
>>>>> y_tests.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
>>>>> pensate.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_co
>>>>> mpensate.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_com
>>>>> pensate.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
>>>>> bl_tests.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dn
>>>>> sbl_tests.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dns
>>>>> bl_tests.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dr
>>>>> ugs.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dy
>>>>> nrdns.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
>>>>> e_helo_tests.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fa
>>>>> ke_helo_tests.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fak
>>>>> e_helo_tests.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
>>>>> d_tests.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_he
>>>>> ad_tests.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_hea
>>>>> d_tests.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
>>>>> l_tests.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ht
>>>>> ml_tests.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_htm
>>>>> l_tests.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
>>>>> geinfo.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_im
>>>>> ageinfo.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ima
>>>>> geinfo.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
>>>>> a_tests.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_me
>>>>> ta_tests.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_met
>>>>> a_tests.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
>>>>> _tests.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ne
>>>>> t_tests.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net
>>>>> _tests.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ph
>>>>> rases.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_po
>>>>> rn.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ra
>>>>> tware.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
>>>>> _tests.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ur
>>>>> i_tests.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri
>>>>> _tests.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vb
>>>>> ounce.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_ba
>>>>> yes.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf 
>>>>>
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ac
>>>>> cessdb.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf 
>>>>>
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
>>>>> ivirus.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_an
>>>>> tivirus.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ant
>>>>> ivirus.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_as
>>>>> n.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dc
>>>>> c.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dk
>>>>> im.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
>>>>> ainkeys.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_do
>>>>> mainkeys.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dom
>>>>> ainkeys.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf 
>>>>>
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ha
>>>>> shcash.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf 
>>>>>
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_py
>>>>> zor.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ra
>>>>> zor2.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_re
>>>>> place.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_sp
>>>>> f.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_te
>>>>> xtcat.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_ur
>>>>> ibl.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>>> xt_de.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>>> xt_fr.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>>> xt_it.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>>> xt_nl.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>>> xt_pl.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
>>>>> t_pt_br.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_te
>>>>> xt_pt_br.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_tex
>>>>> t_pt_br.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_sc
>>>>> ores.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_aw
>>>>> l.cf" for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
>>>>> rtcircuit.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sh
>>>>> ortcircuit.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_sho
>>>>> rtcircuit.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>>> itelist.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist_dk.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>>> itelist_dk.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist_dk.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist_dkim.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>>> itelist_dkim.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist_dkim.cf
>>>>> 12:23:04 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist_spf.cf
>>>>> 12:23:04 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>>> itelist_spf.cf"
>>>>> for included file
>>>>> 12:23:04 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist_spf.cf
>>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist_subject.cf
>>>>> 12:23:05 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_wh
>>>>> itelist_subject.cf"
>>>>> for included file
>>>>> 12:23:05 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whi
>>>>> telist_subject.cf
>>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
>>>>> 12:23:05 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_ac
>>>>> tive.cf" for included file
>>>>> 12:23:05 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
>>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
>>>>> 12:23:05 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_re
>>>>> moved.cf" for included file
>>>>> 12:23:05 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
>>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>>>>> 12:23:05 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_sc
>>>>> ores.cf" for included file
>>>>> 12:23:05 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
>>>>> 12:23:05 [10417] dbg: config: fixed relative path:
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
>>>>> itional.cf
>>>>> 12:23:05 [10417] dbg: config: using
>>>>> "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_ad
>>>>> ditional.cf"
>>>>> for included file
>>>>> 12:23:05 [10417] dbg: config: read file
>>>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_add
>>>>> itional.cf
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_9B90B merged duplicates:
>>>>> __MO_OL_C65FA
>>>>> 12:23:05 [10417] dbg: rules: __XM_OL_22B61 merged duplicates:
>>>>> __XM_OL_A842E
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_07794 merged duplicates:
>>>>> __MO_OL_8627E
>>>>> __MO_OL_F3B05
>>>>> 12:23:05 [10417] dbg: rules: __JM_REACTOR_DATE merged duplicates:
>>>>> __RATWARE_0_TZ_DATE
>>>>> 12:23:05 [10417] dbg: rules: __XM_OL_07794 merged duplicates:
>>>>> __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5
>>>>> __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0
>>>>> __XM_OL_F475E __XM_OL_F6D01
>>>>> 12:23:05 [10417] dbg: rules: FH_MSGID_01C67 merged
>>>>> duplicates: __MSGID_VGA
>>>>> 12:23:05 [10417] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates:
>>>>> HS_SUBJ_NEW_SOFTWARE
>>>>> 12:23:05 [10417] dbg: rules: __FH_HAS_XMSMAIL merged duplicates:
>>>>> __HAS_MSMAIL_PRI
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_015D5 merged duplicates:
>>>>> __MO_OL_6554A
>>>>> 12:23:05 [10417] dbg: rules: __XM_OL_015D5 merged duplicates:
>>>>> __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B
>>>>> __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6
>>>>> __XM_OL_F3B05 __XM_OL_FF5C8
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_91287 merged duplicates:
>>>>> __MO_OL_B30D1 __MO_OL_CF0C0
>>>>> 12:23:05 [10417] dbg: rules: KAM_STOCKOTC merged duplicates:
>>>>> KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4
>>>>> KAM_STOCKTIP6
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_22B61 merged duplicates:
>>>>> __MO_OL_4F240
>>>>> __MO_OL_ADFF7
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_812FF merged duplicates:
>>>>> __MO_OL_BC7E6
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_25340 merged duplicates:
>>>>> __MO_OL_4EEDB __MO_OL_7533E
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_58CB5 merged duplicates:
>>>>> __MO_OL_B4B40
>>>>> 12:23:05 [10417] dbg: rules: __DOS_HAS_ANY_URI merged duplicates:
>>>>> __HAS_ANY_URI
>>>>> 12:23:05 [10417] dbg: rules: __XM_OL_C9068 merged duplicates:
>>>>> __XM_OL_EF20B
>>>>> 12:23:05 [10417] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates:
>>>>> BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER
>>>>> DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2
>>>>> FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE
>>>>> OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX
>>>>> URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS
>>>>> URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED
>>>>> XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY
>>>>> YOUR_CRD_RATING
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_72641 merged duplicates:
>>>>> __MO_OL_A842E
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_F475E merged duplicates:
>>>>> __MO_OL_FF5C8
>>>>> 12:23:05 [10417] dbg: rules: __MO_OL_4BF4C merged duplicates:
>>>>> __MO_OL_F6D01
>>>>> 12:23:05 [10417] dbg: conf: finish parsing
>>>>> 12:23:05 [10417] dbg: plugin:
>>>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xad6884c)
>>>>> implements 'finish_parsing_end', priority 0
>>>>> 12:23:05 [10417] dbg: replacetags: replacing tags
>>>>> 12:23:05 [10417] dbg: replacetags: done replacing tags
>>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>>>> /etc/MailScanner/bayes/bayes__toks
>>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>>>> /etc/MailScanner/bayes/bayes__seen
>>>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3
>>>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
>>>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only
>>>>> 1 spam(s) in bayes DB < 200
>>>>> 12:23:05 [10417] dbg: bayes: untie-ing
>>>>> 12:23:05 [10417] dbg: config: score set 1 chosen.
>>>>> 12:23:05 [10417] dbg: message: main message type: text/plain
>>>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER START ----
>>>>> 12:23:05 [10417] dbg: message: parsing normal part
>>>>> 12:23:05 [10417] dbg: message: ---- MIME PARSER END ----
>>>>> 12:23:05 [10417] dbg: plugin:
>>>>> Mail::SpamAssassin::Plugin::DNSEval=HASH(0xae06ddc)
>>>>> implements 'check_start', priority 0
>>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>>>> /etc/MailScanner/bayes/bayes__toks
>>>>> 12:23:05 [10417] dbg: bayes: tie-ing to DB file R/O
>>>>> /etc/MailScanner/bayes/bayes__seen
>>>>> 12:23:05 [10417] dbg: bayes: found bayes db version 3
>>>>> 12:23:05 [10417] dbg: bayes: DB journal sync: last sync: 0
>>>>> 12:23:05 [10417] dbg: bayes: not available for scanning, only
>>>>> 1 spam(s) in bayes DB < 200
>>>>> 12:23:05 [10417] dbg: bayes: untie-ing
>>>>> 12:23:05 [10417] dbg: plugin:
>>>>> Mail::SpamAssassin::Plugin::Check=HASH(0xadb7358) implements
>>>>> 'check_main', priority 0
>>>>> 12:23:05 [10417] dbg: conf: trusted_networks are not
>>>>> configured; it is recommended that you configure
>>>>> trusted_networks manually
>>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Trusted:
>>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Untrusted:
>>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-Internal:
>>>>> 12:23:05 [10417] dbg: metadata: X-Spam-Relays-External:
>>>>> 12:23:05 [10417] dbg: plugin:
>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
>>>>> implements 'extract_metadata', priority 0
>>>>> 12:23:05 [10417] dbg: metadata: X-Relay-Countries:
>>>>> 12:23:05 [10417] dbg: message: no encoding detected
>>>>> 12:23:05 [10417] dbg: plugin:
>>>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa9c3b08)
>>>>> implements 'parsed_metadata', priority 0
>>>>> 12:23:05 [10417] dbg: plugin:
>>>>> Mail::SpamAssassin::Plugin::RelayCountry=HASH(0xaa1430c)
>>>>> implements 'parsed_metadata', priority 0
>>>>> 12:23:05 [10417] dbg: dns: is Net::DNS::Resolver available? yes
>>>>> 12:23:05 [10417] dbg: dns: Net::DNS version: 0.63
>>>>> 12:23:05 [10417] dbg: dns: name server: 85.42.104.18,
>>>>> LocalAddr: 0.0.0.0
>>>>> 12:23:05 [10417] dbg: dns: resolver socket rx buffer size is
>>>>> 110592 bytes
>>>>> 12:23:05 [10417] dbg: dns: dns_available set to yes in config
>>>>> file, skipping test
>>>>> 12:23:05 [10417] dbg: uridnsbl: domains to query:
>>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>>> sa-other.bondedsender.org., set bsp-untrusted
>>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>>> plus.bondedsender.org., set ssc-firsttrusted
>>>>> 12:23:05 [10417] dbg: dns: checking RBL combined.njabl.org., set 
>>>>> njabl
>>>>> 12:23:05 [10417] dbg: dns: checking RBL bl.spamcop.net., set spamcop
>>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>>> dob.sibl.support-intelligence.net.,
>>>>> set dob
>>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
>>>>> set zen-lastexternal
>>>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set
>>>>> sorbs-lastexternal
>>>>> 12:23:05 [10417] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
>>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org.,
>>>>> set zen-lastexternal
>>>>> 12:23:05 [10417] dbg: dns: checking RBL list.dnswl.org., set
>>>>> dnswl-firsttrusted
>>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>>> sa-accredit.habeas.com., set habeas-firsttrusted
>>>>> 12:23:05 [10417] dbg: dns: checking RBL list.dsbl.org., set
>>>>> dsbl-lastexternal
>>>>> 12:23:05 [10417] dbg: dns: checking RBL
>>>>> sa-trusted.bondedsender.org., set bsp-firsttrusted
>>>>> 12:23:05 [10417] dbg: dns: checking RBL zen.spamhaus.org., set zen
>>>>> 12:23:05 [10417] dbg: dns: checking RBL iadb.isipp.com., set
>>>>> iadb-firsttrusted
>>>>> 12:23:05 [10417] dbg: check: running tests for priority: -1000
>>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>>> 12:23:05 [10417] dbg: eval: all '*From' addrs:
>>>>> ignore@compiling.spamassassin.taint.org
>>>>> 12:23:05 [10417] dbg: eval: all '*To' addrs:
>>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>>>> 12:23:05 [10417] dbg: check: running tests for priority: -950
>>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>>>> 12:23:05 [10417] dbg: check: running tests for priority: -900
>>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>>>> 12:23:05 [10417] dbg: check: running tests for priority: -400
>>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>>> 12:23:05 [10417] dbg: rules: running meta tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled meta tests
>>>>> 12:23:05 [10417] dbg: check: running tests for priority: 0
>>>>> 12:23:05 [10417] dbg: rules: running head tests; score so far=0
>>>>> 12:23:05 [10417] dbg: rules: compiled head tests
>>>>> 12:23:05 [10417] dbg: rules: ran header rule __MISSING_REF
>>>>> ======> got hit:
>>>>> "UNSET"
>>>>> 12:23:05 [10417] dbg: rules: ran header rule
>>>>> __MSOE_MID_WRONG_CASE ======> got hit: "
>>>>> 12:23:05 [10417] dbg: rules: Message-Id: "
>>>>> 12:23:05 [10417] dbg: rules: ran header rule MISSING_DATE
>>>>> ======> got hit:
>>>>> "UNSET"
>>>>> 12:23:05 [10417] dbg: rules: ran header rule __MSGID_OK_HOST
>>>>> ======> got
>>>>> hit: "@spamassassin_spamd_init>"
>>>>> 12:23:05 [10417] dbg: rules: ran header rule
>>>>> __MSGID_OK_DIGITS ======> got
>>>>> hit: "1215426184"
>>>>> 12:23:05 [10417] dbg: rules: ran header rule __HAS_MSGID
>>>>> ======> got hit:
>>>>> "<"
>>>>> 12:23:05 [10417] dbg: rules: ran header rule __SANE_MSGID
>>>>> ======> got hit:
>>>>> "<1215426184.34281@spamassassin_spamd_init>
>>>>> 12:23:05 [10417] dbg: rules: "
>>>>> 12:23:05 [10417] dbg: spf: checking to see if the message has
>>>>> a Received-SPF header that we can use
>>>>> 12:23:05 [10417] dbg: spf: using Mail::SPF for SPF checks
>>>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
>>>>> found, skipping SPF-helo check
>>>>> 12:23:05 [10417] dbg: spf: already checked for Received-SPF
>>>>> headers, proceeding with DNS based checks
>>>>> 12:23:05 [10417] dbg: spf: no suitable relay for spf use
>>>>> found, skipping SPF check
>>>>> 12:23:05 [10417] dbg: rules: ran eval rule NO_RELAYS ======>
>>>>> got hit (1)
>>>>> 12:23:05 [10417] dbg: spf: def_spf_whitelist_from: already
>>>>> checked spf and didn't get pass, skipping whitelist check
>>>>> 12:23:05 [10417] dbg: rules: ran eval rule __UNUSABLE_MSGID
>>>>> ======> got hit
>>>>> (1)
>>>>> 12:23:05 [10417] dbg: rules: ran eval rule MISSING_HEADERS
>>>>> ======> got hit
>>>>> (1)
>>>>> 12:23:05 [10417] dbg: spf: whitelist_from_spf: already
>>>>> checked spf and didn't get pass, skipping whitelist check
>>>>> 12:23:05 [10417] dbg: rules: running body tests; score so far=1.581
>>>>> 12:23:05 [10417] dbg: rules: compiled body tests
>>>>> 12:23:05 [10417] dbg: rules: ran body rule __NONEMPTY_BODY
>>>>> ======> got hit:
>>>>> "I"
>>>>> 12:23:05 [10417] dbg: rules: running uri tests; score so far=1.581
>>>>> 12:23:05 [10417] dbg: rules: compiled uri tests
>>>>> 12:23:05 [10417] dbg: eval: stock info total: 0
>>>>> 12:23:05 [10417] dbg: rules: running rawbody tests; score so 
>>>>> far=1.581
>>>>> 12:23:05 [10417] dbg: rules: compiled rawbody tests
>>>>> 12:23:05 [10417] dbg: rules: ran rawbody rule __TVD_BODY
>>>>> ======> got hit:
>>>>> "need"
>>>>> 12:23:05 [10417] dbg: rules: running full tests; score so far=1.581
>>>>> 12:23:05 [10417] dbg: rules: compiled full tests
>>>>> 12:23:05 [10417] dbg: info: entering helper-app run mode
>>>>> 12:23:06 [10417] dbg: info: leaving helper-app run mode
>>>>> 12:23:06 [10417] dbg: razor2: part=0 engine=4 contested=0 
>>>>> confidence=0
>>>>> 12:23:06 [10417] dbg: razor2: results: spam? 0
>>>>> 12:23:06 [10417] dbg: razor2: results: engine 8, highest cf score: 0
>>>>> 12:23:06 [10417] dbg: razor2: results: engine 4, highest cf score: 0
>>>>> 12:23:06 [10417] dbg: util: current PATH is:
>>>>> /sbin:/bin:/usr/sbin:/usr/bin
>>>>> 12:23:06 [10417] dbg: pyzor: pyzor is not available: no pyzor
>>>>> executable found
>>>>> 12:23:06 [10417] dbg: pyzor: no pyzor found, disabling Pyzor
>>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
>>>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>>>> 12:23:06 [10417] dbg: check: running tests for priority: 500
>>>>> 12:23:06 [10417] dbg: dns: harvest_dnsbl_queries
>>>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=1.581
>>>>> 12:23:06 [10417] dbg: rules: compiled head tests
>>>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=1.581
>>>>> 12:23:06 [10417] dbg: rules: compiled body tests
>>>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=1.581
>>>>> 12:23:06 [10417] dbg: rules: compiled uri tests
>>>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so 
>>>>> far=1.581
>>>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests
>>>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=1.581
>>>>> 12:23:06 [10417] dbg: rules: compiled full tests
>>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=1.581
>>>>> 12:23:06 [10417] dbg: rules: meta test DIGEST_MULTIPLE has
>>>>> undefined dependency 'DCC_CHECK'
>>>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>>>> 12:23:06 [10417] dbg: check: running tests for priority: 1000
>>>>> 12:23:06 [10417] dbg: rules: running head tests; score so far=2.865
>>>>> 12:23:06 [10417] dbg: rules: compiled head tests
>>>>> 12:23:06 [10417] dbg: locker: safe_lock: created
>>>>> /root/.spamassassin/auto-whitelist.mutex
>>>>> 12:23:06 [10417] dbg: locker: safe_lock: trying to get lock
>>>>> on /root/.spamassassin/auto-whitelist with 30 timeout
>>>>> 12:23:06 [10417] dbg: locker: safe_lock: link to
>>>>> /root/.spamassassin/auto-whitelist.mutex: link ok
>>>>> 12:23:06 [10417] dbg: auto-whitelist: tie-ing to DB file of
>>>>> type DB_File R/W in /root/.spamassassin/auto-whitelist
>>>>> 12:23:06 [10417] dbg: auto-whitelist: db-based
>>>>> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
>>>>> 12:23:06 [10417] dbg: auto-whitelist: AWL active, pre-score:
>>>>> 2.865, autolearn score: 2.865, mean: undef, IP: undef
>>>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: untie-ing
>>>>> and unlocking
>>>>> 12:23:06 [10417] dbg: auto-whitelist: DB addr list: file
>>>>> locked, breaking lock
>>>>> 12:23:06 [10417] dbg: locker: safe_unlock: unlocked
>>>>> /root/.spamassassin/auto-whitelist.mutex
>>>>> 12:23:06 [10417] dbg: auto-whitelist: post auto-whitelist score: 
>>>>> 2.865
>>>>> 12:23:06 [10417] dbg: rules: running body tests; score so far=2.865
>>>>> 12:23:06 [10417] dbg: rules: compiled body tests
>>>>> 12:23:06 [10417] dbg: rules: running uri tests; score so far=2.865
>>>>> 12:23:06 [10417] dbg: rules: compiled uri tests
>>>>> 12:23:06 [10417] dbg: rules: running rawbody tests; score so 
>>>>> far=2.865
>>>>> 12:23:06 [10417] dbg: rules: compiled rawbody tests
>>>>> 12:23:06 [10417] dbg: rules: running full tests; score so far=2.865
>>>>> 12:23:06 [10417] dbg: rules: compiled full tests
>>>>> 12:23:06 [10417] dbg: rules: running meta tests; score so far=2.865
>>>>> 12:23:06 [10417] dbg: rules: compiled meta tests
>>>>> 12:23:06 [10417] dbg: check: is spam? score=2.865 required=5
>>>>> 12:23:06 [10417] dbg: check:
>>>>> tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED
>>>>> ,NO_RELAYS
>>>>> 12:23:06 [10417] dbg: check:
>>>>> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_O
>>>>> K_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TV
>>>>> D_BODY,__UNUSABLE_MSGID
>>>>> 12:23:06 Building a message batch to scan...
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>>>>> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>>>> Sent: Monday, July 07, 2008 12:08 PM
>>>>> Subject: RE: MailScanner on FC8 don't pickup emails
>>>>>
>>>>>
>>>>> >
>>>>> >
>>>>> >
>>>>> >> -----Original Message-----
>>>>> >> From: mailscanner-bounces@lists.mailscanner.info
>>>>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>>>> >> Of Luciano Grego
>>>>> >> Sent: 07 July 2008 11:00
>>>>> >> To: MailScanner discussion
>>>>> >> Subject: Re: MailScanner on FC8 don't pickup emails
>>>>> >>
>>>>> >>
>>>>> >> ----- Original Message -----
>>>>> >> From: "Martin.Hepworth" <martinh@solidstatelogic.com>
>>>>> >> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
>>>>> >> Sent: Monday, July 07, 2008 11:06 AM
>>>>> >> Subject: RE: MailScanner on FC8 don't pickup emails
>>>>> >>
>>>>> >>
>>>>> >> >I would have thought you'd need to change the Lock Type to
>>>>> >> the default
>>>>> >> >(blank) as sendmail 8.14 usually uses posix (unless fedora
>>>>> >> change this)
>>>>> >> >
>>>>> >> > Also a "MailScanner --debug --debug-sa" output to a
>>>>> >> pastebin or web page
>>>>> >> > (as they can be large) would be interesting to see?
>>>>> >> >
>>>>> >> > What install instructions have you followed?
>>>>> >> >
>>>>> >> > --
>>>>> >> > Martin Hepworth
>>>>> >> > Snr Systems Administrator
>>>>> >> > Solid State Logic
>>>>> >> > Tel: +44 (0)1865 842300
>>>>> >> >
>>>>> >> >> -----Original Message-----
>>>>> >> >> From: mailscanner-bounces@lists.mailscanner.info
>>>>> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>>>>> >> >> Of Luciano Grego
>>>>> >> >> Sent: 07 July 2008 09:54
>>>>> >> >> To: mailscanner@lists.mailscanner.info
>>>>> >> >> Subject: MailScanner on FC8 don't pickup emails
>>>>> >> >>
>>>>> >> >> Hi,
>>>>> >> >> I' ve installed Fedora Core 8 and updated at latest fix, then
>>>>> >> >> i' ve installed MailScanner ( I try 4.69.9-3, 4.70.7-1 and
>>>>> >> 4.71.2-2).
>>>>> >> >> Sendmail accepts e-mails, but are not produced by Mailscanner.
>>>>> >> >> My MTA is Sendmail 8.14 ( Fedora Core 8 ).
>>>>> >> >> It' s a locking problem?
>>>>> >> >> Must reinstall with --nodeps?
>>>>> >> >>
>>>>> >> >> Here 'MailScanner --lint':
>>>>> >> >>
>>>>> >> >> Trying to setlogsock(unix)
>>>>> >> >> Read 824 hostnames from the phishing whitelist Read 3052
>>>>> >> >> hostnames from the phishing blacklist Checking version
>>>>> numbers...
>>>>> >> >> Version number in MailScanner.conf (4.71.2) is correct.
>>>>> >> >>
>>>>> >> >> Your envelope_sender_header in spam.assassin.prefs.conf
>>>>> is correct.
>>>>> >> >>
>>>>> >> >> Checking for SpamAssassin errors (if you use it)...
>>>>> >> >> SpamAssassin temporary working directory is
>>>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>>> >> >> SpamAssassin temp dir =
>>>>> >> >> /var/spool/MailScanner/incoming/SpamAssassin-Temp
>>>>> >> >> Using SpamAssassin results cache
>>>>> >> >> Connected to SpamAssassin cache database SpamAssassin
>>>>> >> >> reported no errors.
>>>>> >> >> ClamAV scanner using unrar command /usr/bin/unrar Using
>>>>> >> >> locktype = flock MailScanner.conf says "Virus Scanners = 
>>>>> clamav"
>>>>> >> >> Found these virus scanners installed: clamavmodule
>>>>> >> >> ==============================================================
>>>>> >> >> =============
>>>>> >> >> Virus and Content Scanning: Starting
>>>>> >> >> /var/spool/MailScanner/incoming/9520/./1/eicar.com:
>>>>> >> >> Eicar-Test-Signature FOUND
>>>>> >> >>
>>>>> >> >> /var/spool/MailScanner/incoming/9520/./1.message:
>>>>> >> >> Eicar-Test-Signature FOUND
>>>>> >> >>
>>>>> >> >> Virus Scanning: ClamAV found 2 infections Infected message
>>>>> >> >> 1.message came from Infected message 1 came from 10.1.1.1
>>>>> >> >> Virus Scanning: Found 2 viruses Filename Checks:  (1
>>>>> >> >> eicar.com) Filetype Checks: Allowing 1 eicar.com Other
>>>>> >> >> Checks: Found 1 problems
>>>>> >> >> ==============================================================
>>>>> >> >> =============
>>>>> >> >> Virus Scanner test reports:
>>>>> >> >> ClamAV said "eicar.com contains Eicar-Test-Signature"
>>>>> >> >>
>>>>> >> >> If any of your virus scanners (clamavmodule) are not listed
>>>>> >> >> there, you should check that they are installed correctly and
>>>>> >> >> that MailScanner is finding them correctly via its
>>>>> >> >> virus.scanners.conf.
>>>>> >> >>
>>>>> >> >>
>>>>> >> >> --
>>>>> >> >>
>>>>> >> >> Here 'MailScanner -v':
>>>>> >> >> Running on
>>>>> >> >> Linux mail 2.6.24.5-85.fc8 #1 SMP Sat Apr 19 12:39:34 EDT
>>>>> >> >> 2008 i686 i686 i386 GNU/Linux This is Fedora release 8
>>>>> >> >> (Werewolf) This is Perl version 5.008008 (5.8.8)
>>>>> >> >>
>>>>> >> >> This is MailScanner version 4.71.2
>>>>> >> >> Module versions are:
>>>>> >> >> 1.00    AnyDBM_File
>>>>> >> >> 1.20    Archive::Zip
>>>>> >> >> 0.21    bignum
>>>>> >> >> 1.04    Carp
>>>>> >> >> 2.005   Compress::Zlib
>>>>> >> >> 1.119   Convert::BinHex
>>>>> >> >> 0.17    Convert::TNEF
>>>>> >> >> 2.121_08        Data::Dumper
>>>>> >> >> 2.27    Date::Parse
>>>>> >> >> 1.00    DirHandle
>>>>> >> >> 1.05    Fcntl
>>>>> >> >> 2.74    File::Basename
>>>>> >> >> 2.09    File::Copy
>>>>> >> >> 2.01    FileHandle
>>>>> >> >> 1.08    File::Path
>>>>> >> >> 0.20    File::Temp
>>>>> >> >> 0.90    Filesys::Df
>>>>> >> >> 1.35    HTML::Entities
>>>>> >> >> 3.56    HTML::Parser
>>>>> >> >> 2.37    HTML::TokeParser
>>>>> >> >> 1.23    IO
>>>>> >> >> 1.14    IO::File
>>>>> >> >> 1.13    IO::Pipe
>>>>> >> >> 2.02    Mail::Header
>>>>> >> >> 1.86    Math::BigInt
>>>>> >> >> 0.19    Math::BigRat
>>>>> >> >> 3.07    MIME::Base64
>>>>> >> >> 5.425   MIME::Decoder
>>>>> >> >> 5.425   MIME::Decoder::UU
>>>>> >> >> 5.425   MIME::Head
>>>>> >> >> 5.425   MIME::Parser
>>>>> >> >> 3.07    MIME::QuotedPrint
>>>>> >> >> 5.425   MIME::Tools
>>>>> >> >> 0.11    Net::CIDR
>>>>> >> >> 1.25    Net::IP
>>>>> >> >> 0.16    OLE::Storage_Lite
>>>>> >> >> 1.04    Pod::Escapes
>>>>> >> >> 3.05    Pod::Simple
>>>>> >> >> 1.09    POSIX
>>>>> >> >> 1.19    Scalar::Util
>>>>> >> >> 1.78    Socket
>>>>> >> >> 2.15    Storable
>>>>> >> >> 1.4     Sys::Hostname::Long
>>>>> >> >> 0.18    Sys::Syslog
>>>>> >> >> 1.26    Test::Pod
>>>>> >> >> 0.78    Test::Simple
>>>>> >> >> 1.86    Time::HiRes
>>>>> >> >> 1.02    Time::localtime
>>>>> >> >>
>>>>> >> >> Optional module versions are:
>>>>> >> >> 1.34    Archive::Tar
>>>>> >> >> 0.21    bignum
>>>>> >> >> 1.82    Business::ISBN
>>>>> >> >> 1.10    Business::ISBN::Data
>>>>> >> >> 1.08    Data::Dump
>>>>> >> >> 1.815   DB_File
>>>>> >> >> 1.14    DBD::SQLite
>>>>> >> >> 1.58    DBI
>>>>> >> >> 1.15    Digest
>>>>> >> >> 1.01    Digest::HMAC
>>>>> >> >> 2.36    Digest::MD5
>>>>> >> >> 2.11    Digest::SHA1
>>>>> >> >> 1.00    Encode::Detect
>>>>> >> >> 0.17010 Error
>>>>> >> >> 0.18    ExtUtils::CBuilder
>>>>> >> >> 2.18    ExtUtils::ParseXS
>>>>> >> >> 2.36    Getopt::Long
>>>>> >> >> 0.44    Inline
>>>>> >> >> 1.08    IO::String
>>>>> >> >> 1.07    IO::Zlib
>>>>> >> >> 2.21    IP::Country
>>>>> >> >> 0.22    Mail::ClamAV
>>>>> >> >> 3.002005        Mail::SpamAssassin
>>>>> >> >> v2.005  Mail::SPF
>>>>> >> >> 1.999001        Mail::SPF::Query
>>>>> >> >> 0.2808  Module::Build
>>>>> >> >> 0.20    Net::CIDR::Lite
>>>>> >> >> 0.63    Net::DNS
>>>>> >> >> 0.002.2 Net::DNS::Resolver::Programmable missing Net::LDAP
>>>>> >> >>  4.004  NetAddr::IP
>>>>> >> >> 1.94    Parse::RecDescent
>>>>> >> >> missing SAVI
>>>>> >> >> 2.64    Test::Harness
>>>>> >> >> 0.95    Test::Manifest
>>>>> >> >> 1.98    Text::Balanced
>>>>> >> >> 1.35    URI
>>>>> >> >> 0.7203  version
>>>>> >> >> 0.62    YAML
>>>>> >> >>
>>>>> >> >> Thanks
>>>>> >> >>  Luciano.
>>>>> >> >>
>>>>> >
>>>>> >> > --
>>>>> >> > MailScanner mailing list
>>>>> >> > mailscanner@lists.mailscanner.info
>>>>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>> >> >
>>>>> >> > Before posting, read http://wiki.mailscanner.info/posting
>>>>> >> >
>>>>> >> > Support MailScanner development - buy the book off the website!
>>>>> >> >
>>>>> >> > --
>>>>> >> > Il messaggio e' stato analizzato alla ricerca di virus o
>>>>> >> > contenuti pericolosi da MailScanner, ed e'
>>>>> >> > risultato non infetto.
>>>>> >> >
>>>>> >> >
>>>>> >>
>>>>> >> HI Martin,
>>>>> >> Lock Type = flock
>>>>> >>  ... for test my ideas ...
>>>>> >>
>>>>> >> I've setup this Mailscanner box for my client and
>>>>> >> i' ve reboot the machine friday at 18:45 with new params.
>>>>> >> Now i'm checking logs and i see Mailscanner pickup messages
>>>>> >> from Sunday at
>>>>> >> 15:00. None first!
>>>>> >> MailScanner needs more time for starting up?
>>>>> >>
>>>>> >> I' ve put
>>>>> >> Lock Type =
>>>>> >> now and
>>>>> >> 'service MailScanner restart'.
>>>>> >> Thank you.
>>>>> >> L.
>>>>> >>
>>>>> >>
>>>>> >
>>>>> > Hi
>>>>> >
>>>>> > Anything in the maillog reguarding mailScanner???
>>>>> >
>>>>> > Should only take a few seconds to get going.
>>>>> >
>>>>> > I'd drop to debug and see if you can spot anything.
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Martin Hepworth
>>>>> > Snr Systems Administrator
>>>>> > Solid State Logic
>>>>> > Tel: +44 (0)1865 842300
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> ********************************************************************** 
>>>>>
>>>>> > Confidentiality : This e-mail and any attachments are
>>>>> intended for the
>>>>> > addressee only and may be confidential. If they come to you in 
>>>>> error
>>>>> > you must take no action based on them, nor must you copy or
>>>>> show them
>>>>> > to anyone. Please advise the sender by replying to this e-mail
>>>>> > immediately and then delete the original from your computer.
>>>>> > Opinion : Any opinions expressed in this e-mail are
>>>>> entirely those of
>>>>> > the author and unless specifically stated to the contrary, are not
>>>>> > necessarily those of the author's employer.
>>>>> > Security Warning : Internet e-mail is not necessarily a secure
>>>>> > communications medium and can be subject to data
>>>>> corruption. We advise
>>>>> > that you consider this fact when e-mailing us.
>>>>> > Viruses : We have taken steps to ensure that this e-mail and any
>>>>> > attachments are free from known viruses but in keeping with good
>>>>> > computing practice, you should ensure that they are virus free.
>>>>> >
>>>>> > Red Lion 49 Ltd T/A Solid State Logic
>>>>> > Registered as a limited company in England and Wales
>>>>> > (Company No:5362730)
>>>>> > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>>>>> > United Kingdom
>>>>> >
>>>>> ********************************************************************** 
>>>>>
>>>>> >
>>>>> > --
>>>>> > MailScanner mailing list
>>>>> > mailscanner@lists.mailscanner.info
>>>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>> >
>>>>> > Before posting, read http://wiki.mailscanner.info/posting
>>>>> >
>>>>> > Support MailScanner development - buy the book off the website!
>>>>> >
>>>>> > --
>>>>> > Il messaggio e' stato analizzato alla ricerca di virus o
>>>>> > contenuti pericolosi da MailScanner, ed e'
>>>>> > risultato non infetto.
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> Il messaggio e' stato analizzato alla ricerca di virus o
>>>>> contenuti pericolosi da MailScanner, ed e'
>>>>> risultato non infetto.
>>>>>
>>>>> -- 
>>>>> MailScanner mailing list
>>>>> mailscanner@lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>> **********************************************************************
>>>> Confidentiality : This e-mail and any attachments are intended for the
>>>> addressee only and may be confidential. If they come to you in error
>>>> you must take no action based on them, nor must you copy or show them
>>>> to anyone. Please advise the sender by replying to this e-mail
>>>> immediately and then delete the original from your computer.
>>>> Opinion : Any opinions expressed in this e-mail are entirely those of
>>>> the author and unless specifically stated to the contrary, are not
>>>> necessarily those of the author's employer.
>>>> Security Warning : Internet e-mail is not necessarily a secure
>>>> communications medium and can be subject to data corruption. We advise
>>>> that you consider this fact when e-mailing us.
>>>> Viruses : We have taken steps to ensure that this e-mail and any
>>>> attachments are free from known viruses but in keeping with good
>>>> computing practice, you should ensure that they are virus free.
>>>>
>>>> Red Lion 49 Ltd T/A Solid State Logic
>>>> Registered as a limited company in England and Wales
>>>> (Company No:5362730)
>>>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
>>>> United Kingdom
>>>> **********************************************************************
>>>>
>>>> -- 
>>>> MailScanner mailing list
>>>> mailscanner@lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>> -- 
>>>> Il messaggio e' stato analizzato alla ricerca di virus o
>>>> contenuti pericolosi da MailScanner, ed e'
>>>> risultato non infetto.
>>>>
>>>>
>>>
>>>
>>>
>>
>> Jules
>>
>> -- 
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> -- 
>> Il messaggio e' stato analizzato alla ricerca di virus o
>> contenuti pericolosi da MailScanner, ed e'
>> risultato non infetto.
>>
>
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From shuttlebox at gmail.com  Mon Jul  7 15:40:19 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Mon Jul  7 15:40:29 2008
Subject: MailScanner on FC8 don't pickup emails
In-Reply-To: <A607C7667E044457B5F7203052580ADA@LUCIANO>
References: <6ab1c460044e5441a4c21792d987f524@solidstatelogic.com>
	<EMEW-k66ENce02c9e21cf3eec8cf6e13e90e40432f0-B71CA6E291D24F2BB9712EE07A20757B@LUCIANO>
	<48721BA8.4060507@ecs.soton.ac.uk>
	<A607C7667E044457B5F7203052580ADA@LUCIANO>
Message-ID: <625385e30807070740i6003ec81lf98db7216d541dc3@mail.gmail.com>

On Mon, Jul 7, 2008 at 4:15 PM, Luciano Grego <lucianog@metline.it> wrote:
> Hi,
> Yes, i've stopped sendmail and starting mailscanner ( with chkconfig ) plus
> reboot the machine many times.
> The strange things is:
> LOCK TYPE = flock + reboot
> Mailscanner see the messages ( with errors ), here the mail log:
>
> Jul  6 15:54:39 mail sendmail[2160]: m66DsbjM002160:
> from=<tequilla99@hotmail.com>, size=581, class=0, nrcpts=1,
> msgid=<01c8df2c$c82ce680$655c7b59@tequilla99>, proto=ESMTP, daemon=Daemon0,
> relay=[89.123.92.101]
> Jul  6 15:54:40 mail sendmail[2161]: m66DsbjM002160: to=XXXXXX,
> delay=00:00:01, xdelay=00:00:01, mailer=local, pri=60768, dsn=2.0.0,
> stat=Sent
> Jul  6 15:54:40 mail MailScanner[21651]: New Batch: Scanning 1 messages,
> 1034 bytes

The "to" Sendmail line should say "stat=queued". What options are
Sendmail running with?

Please trim your posts, no need to repost thousands of lines over and over.

-- 
Simone de Beauvoir  - "To catch a husband is an art; to hold him is a job."
From Ron.Ghetti at town.barnstable.ma.us  Mon Jul  7 16:36:48 2008
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Mon Jul  7 16:47:00 2008
Subject: Run MScanner in a virtualized environment.
Message-ID: <3411CC12BB577F4FAEAC8A694780866BE9189A@ITMAIL.town.barnstable.ma.us>


Running here on vmware, it took a bit of tweaking 
To get it to keep up when we get busy.
No virus scanning as it is handled elsewhere.
Although, I'd like to re-enable it but av scanning just kills it.
The network load factor is generally all the spam attempts.
I think it's dropping about 10 - 20,000 connections a day.

Here are some numbers.

There were 2,110 Messages Sent from internal Users. 
There were 0 virus infected messages removed. 
There were 12,814 Total messages Recieved. 
There were 4,072 Messages Delivered. 
There were 6,981 messages marked as spam. 
There were 7,794 Messages rejected due to bad recipients. 
There were 323 Messages rejected due to bad Sender Addresses (Domain Not
Found)
There were 996 Messages rejected due to embedded-attached images ( image
spam )
There were 4 Attempted Message Relays. 
There were 13,379 Connections Dropped. 
There were 22,505 rejected in Total. 



-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo
Casarero
Sent: Tuesday, July 01, 2008 2:53 PM
To: MailScanner discussion
Subject: OT: Run MScanner in a virtualized environment.


Hi guys, i know that it's not recomendable to run MS on virtualized HW
because of it's high cpu/io load. However, i'm doing some research
because my boss required it.

What products do you think that will work best? VMware? Xen? The
objective is that it has to be simple and quick to deploy. Also will
be useful in case the HW dies, so you quickly can have the emails
flowing (may be with delay, but working), until HW gets repaired.

We all know that installing MS servers takes a while, so having a
pre-installed image will reduce times.

Any thoughts?

Everything will be appreciated.

Eduardo.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From martinh at solidstatelogic.com  Mon Jul  7 16:58:39 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jul  7 16:58:51 2008
Subject: Run MScanner in a virtualized environment.
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866BE9189A@ITMAIL.town.barnstable.ma.us>
Message-ID: <b5479501cc999f4095d56446bde72b9f@solidstatelogic.com>

Interesting - spamassassin tends to be heavier than virus scanning these days.

I guess the two together could be the issue.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Ghetti, Ron
> Sent: 07 July 2008 16:37
> To: MailScanner discussion
> Subject: RE: Run MScanner in a virtualized environment.
>
>
> Running here on vmware, it took a bit of tweaking To get it
> to keep up when we get busy.
> No virus scanning as it is handled elsewhere.
> Although, I'd like to re-enable it but av scanning just kills it.
> The network load factor is generally all the spam attempts.
> I think it's dropping about 10 - 20,000 connections a day.
>
> Here are some numbers.
>
> There were 2,110 Messages Sent from internal Users.
> There were 0 virus infected messages removed.
> There were 12,814 Total messages Recieved.
> There were 4,072 Messages Delivered.
> There were 6,981 messages marked as spam.
> There were 7,794 Messages rejected due to bad recipients.
> There were 323 Messages rejected due to bad Sender Addresses
> (Domain Not
> Found)
> There were 996 Messages rejected due to embedded-attached
> images ( image spam ) There were 4 Attempted Message Relays.
> There were 13,379 Connections Dropped.
> There were 22,505 rejected in Total.
>
>
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Eduardo Casarero
> Sent: Tuesday, July 01, 2008 2:53 PM
> To: MailScanner discussion
> Subject: OT: Run MScanner in a virtualized environment.
>
>
> Hi guys, i know that it's not recomendable to run MS on
> virtualized HW because of it's high cpu/io load. However, i'm
> doing some research because my boss required it.
>
> What products do you think that will work best? VMware? Xen?
> The objective is that it has to be simple and quick to
> deploy. Also will be useful in case the HW dies, so you
> quickly can have the emails flowing (may be with delay, but
> working), until HW gets repaired.
>
> We all know that installing MS servers takes a while, so
> having a pre-installed image will reduce times.
>
> Any thoughts?
>
> Everything will be appreciated.
>
> Eduardo.
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From martinh at solidstatelogic.com  Mon Jul  7 16:59:41 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jul  7 16:59:51 2008
Subject: FW: [Clamav-announce] announcing ClamAV 0.93.2
Message-ID: <3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: clamav-announce-bounces@lists.clamav.net
> [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf
> Of Luca Gibelli
> Sent: 07 July 2008 16:56
> To: ClamAV Announce
> Subject: [Clamav-announce] announcing ClamAV 0.93.2
>
>
> Dear ClamAV users,
>
> This release fixes and re-enables the Petite unpacker,
> improves database loading and solves some other minor issues.
>
>
> --
> The ClamAV team (http://www.clamav.net/team)
>
> --
> Luca Gibelli (luca _at_ clamav.net)       ClamAV, a GPL
> anti-virus toolkit
> [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM]
> nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server
> || http://www.clamav.net/gpg/luca.gpg
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From simonmjones at gmail.com  Mon Jul  7 17:13:37 2008
From: simonmjones at gmail.com (Simon Jones)
Date: Mon Jul  7 17:13:46 2008
Subject: inconsistent performance
Message-ID: <70572c510807070913j289a505wa5f62c17844a8660@mail.gmail.com>

hello chaps,

anyone have an idea why i'm seeing inconsistent performance on all 3
of my gateway servers?  Nothing shows up errors in the maillog and
MailScanner --Lint checks out ok but from time to time the machines
will choke and i'll stack 2k and rising messages up in the hold queue.

one day they'll work fine and the hold queue will be normal, then all
of a sudden they'll start backing up.

I have postfix reading from mysql for the relay_domains /
relay_recipients and transport maps as well as logging to a seperate
db on the same seperate db server for mailwatch.

the mysql db has dual oppy's with 10gb ram so it's pretty beefy and
doesn't seem to be maxed at all.

the gateways run fairly heavy but are by no means topping out.  I've
tried dropping max children and the batch processing settings but to
no avail.

any ideas would be really appreciated.

thanks

SMJ
From richard.frovarp at sendit.nodak.edu  Mon Jul  7 17:17:51 2008
From: richard.frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Mon Jul  7 17:18:02 2008
Subject: inconsistent performance
In-Reply-To: <70572c510807070913j289a505wa5f62c17844a8660@mail.gmail.com>
References: <70572c510807070913j289a505wa5f62c17844a8660@mail.gmail.com>
Message-ID: <487241AF.1060601@sendit.nodak.edu>

Simon Jones wrote:
> hello chaps,
>
> anyone have an idea why i'm seeing inconsistent performance on all 3
> of my gateway servers?  Nothing shows up errors in the maillog and
> MailScanner --Lint checks out ok but from time to time the machines
> will choke and i'll stack 2k and rising messages up in the hold queue.
>
> one day they'll work fine and the hold queue will be normal, then all
> of a sudden they'll start backing up.
>
> I have postfix reading from mysql for the relay_domains /
> relay_recipients and transport maps as well as logging to a seperate
> db on the same seperate db server for mailwatch.
>
> the mysql db has dual oppy's with 10gb ram so it's pretty beefy and
> doesn't seem to be maxed at all.
>
> the gateways run fairly heavy but are by no means topping out.  I've
> tried dropping max children and the batch processing settings but to
> no avail.
>
> any ideas would be really appreciated.
>
> thanks
>
> SMJ
>   
What about mail volume? Is it consistent across the days in question? 
Or, even if the numbers are the same, you might end up with bursty 
traffic on the days you backup, causing everything to fall behind. 
Botnets, mailing lists, all of that sort can drop traffic on you in one 
heck of a hurry at times.
From kc5goi at gmail.com  Mon Jul  7 17:20:36 2008
From: kc5goi at gmail.com (Guy Story KC5GOI)
Date: Mon Jul  7 17:20:46 2008
Subject: Run MScanner in a virtualized environment.
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866BE9189A@ITMAIL.town.barnstable.ma.us>
References: <3411CC12BB577F4FAEAC8A694780866BE9189A@ITMAIL.town.barnstable.ma.us>
Message-ID: <e27ee2750807070920m7152728dhb88bb87167a16576@mail.gmail.com>

I am running VMWare.  I have allocated off 1 gig of ram with a dual core 3
GHz Xeon, it runs Postgrey, Postfix, Mailscanner, ClamAV, and Spamassassin
for 100 employees.  I run 4 max childern and a scan interval of 10 seconds.
I do not have full stats on dropped connections.  According to AWStats for
this month so far:

51197 code 554 access denied
4210 code 450 DNS check failures, mailbox busy or other reasons
1286 code 550 relaying denied unknown users
13 code 999 unknown error

Our mail server is very responsive and solid.  The only time I see more than
the 10 second scan interval as a delay is the first time an address hits
Postgrey.  I have Postfix running rbls for me.  I prefer to deny the
connection so my load in general is reduced.

My rational for running in a vm is disaster recovery.  I back this vm up
monthly offsite.

Guy



On Mon, Jul 7, 2008 at 10:36 AM, Ghetti, Ron <
Ron.Ghetti@town.barnstable.ma.us> wrote:

>
> Running here on vmware, it took a bit of tweaking
> To get it to keep up when we get busy.
> No virus scanning as it is handled elsewhere.
> Although, I'd like to re-enable it but av scanning just kills it.
> The network load factor is generally all the spam attempts.
> I think it's dropping about 10 - 20,000 connections a day.
>
> Here are some numbers.
>
> There were 2,110 Messages Sent from internal Users.
> There were 0 virus infected messages removed.
> There were 12,814 Total messages Recieved.
> There were 4,072 Messages Delivered.
> There were 6,981 messages marked as spam.
> There were 7,794 Messages rejected due to bad recipients.
> There were 323 Messages rejected due to bad Sender Addresses (Domain Not
> Found)
> There were 996 Messages rejected due to embedded-attached images ( image
> spam )
> There were 4 Attempted Message Relays.
> There were 13,379 Connections Dropped.
> There were 22,505 rejected in Total.
>
>
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo
> Casarero
> Sent: Tuesday, July 01, 2008 2:53 PM
> To: MailScanner discussion
> Subject: OT: Run MScanner in a virtualized environment.
>
>
> Hi guys, i know that it's not recomendable to run MS on virtualized HW
> because of it's high cpu/io load. However, i'm doing some research
> because my boss required it.
>
> What products do you think that will work best? VMware? Xen? The
> objective is that it has to be simple and quick to deploy. Also will
> be useful in case the HW dies, so you quickly can have the emails
> flowing (may be with delay, but working), until HW gets repaired.
>
> We all know that installing MS servers takes a while, so having a
> pre-installed image will reduce times.
>
> Any thoughts?
>
> Everything will be appreciated.
>
> Eduardo.
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
73

Guy Story KC5GOI
kc5goi@gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/3aa5ec95/attachment.html
From Ron.Ghetti at town.barnstable.ma.us  Mon Jul  7 17:22:26 2008
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Mon Jul  7 17:21:22 2008
Subject: Run MScanner in a virtualized environment.
Message-ID: <3411CC12BB577F4FAEAC8A694780866BE9189B@ITMAIL.town.barnstable.ma.us>


Well I will say that it could be my impementation
Of clam, I've heard tell that it can be setup as a
Daemon and that will reduce overhead, however I've no idea how. 
At the time we went with the defaults.  
I think this brought the overhead up past the breaking point for us.

Again, I would like to re-enable it if I could find 
A good resource on how to set it up for my specifics.

Thanks

-Ron




-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: Monday, July 07, 2008 11:59 AM
To: MailScanner discussion
Subject: RE: Run MScanner in a virtualized environment.


Interesting - spamassassin tends to be heavier than virus scanning these
days.

I guess the two together could be the issue.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Ghetti, Ron
> Sent: 07 July 2008 16:37
> To: MailScanner discussion
> Subject: RE: Run MScanner in a virtualized environment.
>
>
> Running here on vmware, it took a bit of tweaking To get it
> to keep up when we get busy.
> No virus scanning as it is handled elsewhere.
> Although, I'd like to re-enable it but av scanning just kills it.
> The network load factor is generally all the spam attempts.
> I think it's dropping about 10 - 20,000 connections a day.
>
> Here are some numbers.
>
> There were 2,110 Messages Sent from internal Users.
> There were 0 virus infected messages removed.
> There were 12,814 Total messages Recieved.
> There were 4,072 Messages Delivered.
> There were 6,981 messages marked as spam.
> There were 7,794 Messages rejected due to bad recipients.
> There were 323 Messages rejected due to bad Sender Addresses
> (Domain Not
> Found)
> There were 996 Messages rejected due to embedded-attached
> images ( image spam ) There were 4 Attempted Message Relays.
> There were 13,379 Connections Dropped.
> There were 22,505 rejected in Total.
>
>
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Eduardo Casarero
> Sent: Tuesday, July 01, 2008 2:53 PM
> To: MailScanner discussion
> Subject: OT: Run MScanner in a virtualized environment.
>
>
> Hi guys, i know that it's not recomendable to run MS on
> virtualized HW because of it's high cpu/io load. However, i'm
> doing some research because my boss required it.
>
> What products do you think that will work best? VMware? Xen?
> The objective is that it has to be simple and quick to
> deploy. Also will be useful in case the HW dies, so you
> quickly can have the emails flowing (may be with delay, but
> working), until HW gets repaired.
>
> We all know that installing MS servers takes a while, so
> having a pre-installed image will reduce times.
>
> Any thoughts?
>
> Everything will be appreciated.
>
> Eduardo.
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From MailScanner at ecs.soton.ac.uk  Mon Jul  7 17:40:27 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon Jul  7 17:40:52 2008
Subject: FW: [Clamav-announce] announcing ClamAV 0.93.2
In-Reply-To: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>
References: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>
Message-ID: <487246FB.2060504@ecs.soton.ac.uk>

I have updated the ClamAV+SpamAssassin package on www.mailscanner.info.

Martin.Hepworth wrote:
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>   
>> -----Original Message-----
>> From: clamav-announce-bounces@lists.clamav.net
>> [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf
>> Of Luca Gibelli
>> Sent: 07 July 2008 16:56
>> To: ClamAV Announce
>> Subject: [Clamav-announce] announcing ClamAV 0.93.2
>>
>>
>> Dear ClamAV users,
>>
>> This release fixes and re-enables the Petite unpacker,
>> improves database loading and solves some other minor issues.
>>
>>
>> --
>> The ClamAV team (http://www.clamav.net/team)
>>
>> --
>> Luca Gibelli (luca _at_ clamav.net)       ClamAV, a GPL
>> anti-virus toolkit
>> [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM]
>> nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server
>> || http://www.clamav.net/gpg/luca.gpg
>> _______________________________________________
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce
>>
>>     
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
>
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From simonmjones at gmail.com  Mon Jul  7 17:46:11 2008
From: simonmjones at gmail.com (Simon Jones)
Date: Mon Jul  7 17:46:21 2008
Subject: inconsistent performance
In-Reply-To: <487241AF.1060601@sendit.nodak.edu>
References: <70572c510807070913j289a505wa5f62c17844a8660@mail.gmail.com>
	<487241AF.1060601@sendit.nodak.edu>
Message-ID: <70572c510807070946xf244323i9ae43ab49b19f64@mail.gmail.com>

Could be I guess, netstat just shows up the usual mass of smtp
connections - it's just really odd why it's ok on the most part but as
soon as somthing triggers a choke they all start backing the queue up
with messages.

I'll do some more checking around.

thanks Richard

SMJ

2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
> Simon Jones wrote:
>>
>> hello chaps,
>>
>> anyone have an idea why i'm seeing inconsistent performance on all 3
>> of my gateway servers?  Nothing shows up errors in the maillog and
>> MailScanner --Lint checks out ok but from time to time the machines
>> will choke and i'll stack 2k and rising messages up in the hold queue.
>>
>> one day they'll work fine and the hold queue will be normal, then all
>> of a sudden they'll start backing up.
>>
>> I have postfix reading from mysql for the relay_domains /
>> relay_recipients and transport maps as well as logging to a seperate
>> db on the same seperate db server for mailwatch.
>>
>> the mysql db has dual oppy's with 10gb ram so it's pretty beefy and
>> doesn't seem to be maxed at all.
>>
>> the gateways run fairly heavy but are by no means topping out.  I've
>> tried dropping max children and the batch processing settings but to
>> no avail.
>>
>> any ideas would be really appreciated.
>>
>> thanks
>>
>> SMJ
>>
>
> What about mail volume? Is it consistent across the days in question? Or,
> even if the numbers are the same, you might end up with bursty traffic on
> the days you backup, causing everything to fall behind. Botnets, mailing
> lists, all of that sort can drop traffic on you in one heck of a hurry at
> times.
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From alex at rtpty.com  Mon Jul  7 17:51:42 2008
From: alex at rtpty.com (Alex Neuman)
Date: Mon Jul  7 17:52:01 2008
Subject: [Clamav-announce] announcing ClamAV 0.93.2
In-Reply-To: <487246FB.2060504@ecs.soton.ac.uk>
References: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>
	<487246FB.2060504@ecs.soton.ac.uk>
Message-ID: <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com>

If you ever do it any sooner, you're likely to cause a temporal  
paradox!!

Cheers,

Sent from my iPhone

On Jul 7, 2008, at 11:40 AM, Julian Field  
<MailScanner@ecs.soton.ac.uk> wrote:

> I have updated the ClamAV+SpamAssassin package on  
> www.mailscanner.info.
>
> Martin.Hepworth wrote:
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>>> -----Original Message-----
>>> From: clamav-announce-bounces@lists.clamav.net
>>> [mailto:clamav-announce-bounces@lists.clamav.net] On Behalf
>>> Of Luca Gibelli
>>> Sent: 07 July 2008 16:56
>>> To: ClamAV Announce
>>> Subject: [Clamav-announce] announcing ClamAV 0.93.2
>>>
>>>
>>> Dear ClamAV users,
>>>
>>> This release fixes and re-enables the Petite unpacker,
>>> improves database loading and solves some other minor issues.
>>>
>>>
>>> --
>>> The ClamAV team (http://www.clamav.net/team)
>>>
>>> --
>>> Luca Gibelli (luca _at_ clamav.net)       ClamAV, a GPL
>>> anti-virus toolkit
>>> [Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM]
>>> nervous/jabber.linux.it PGP key id 5EFC5582 @ any key-server
>>> || http://www.clamav.net/gpg/luca.gpg
>>> _______________________________________________
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce
>>>
>>>
>>
>>
>>
>>
>> *** 
>> *******************************************************************
>> Confidentiality : This e-mail and any attachments are intended for  
>> the addressee only and may be confidential. If they come to you in  
>> error you must take no action based on them, nor must you copy or  
>> show them to anyone. Please advise the sender by replying to this e- 
>> mail immediately and then delete the original from your computer.
>> Opinion : Any opinions expressed in this e-mail are entirely those  
>> of the author and unless specifically stated to the contrary, are  
>> not necessarily those of the author's employer.
>> Security Warning : Internet e-mail is not necessarily a secure  
>> communications medium and can be subject to data corruption. We  
>> advise that you consider this fact when e-mailing us. Viruses : We  
>> have taken steps to ensure that this e-mail and any attachments are  
>> free from known viruses but in keeping with good computing  
>> practice, you should ensure that they are virus free.
>>
>> Red Lion 49 Ltd T/A Solid State Logic
>> Registered as a limited company in England and Wales (Company No: 
>> 5362730)
>> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,  
>> United Kingdom
>> *** 
>> *******************************************************************
>>
>>
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules@Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From martinh at solidstatelogic.com  Mon Jul  7 17:53:29 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon Jul  7 17:53:40 2008
Subject: inconsistent performance
In-Reply-To: <70572c510807070946xf244323i9ae43ab49b19f64@mail.gmail.com>
Message-ID: <5262c23024194c45b32351bf6bdb7ce6@solidstatelogic.com>

Simon

What RBL's you using? Could be one of them backing up - eg spamhaus tend to slow down their feed if you go over the 'free' limit.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Simon Jones
> Sent: 07 July 2008 17:46
> To: MailScanner discussion
> Subject: Re: inconsistent performance
>
> Could be I guess, netstat just shows up the usual mass of
> smtp connections - it's just really odd why it's ok on the
> most part but as soon as somthing triggers a choke they all
> start backing the queue up with messages.
>
> I'll do some more checking around.
>
> thanks Richard
>
> SMJ
>
> 2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
> > Simon Jones wrote:
> >>
> >> hello chaps,
> >>
> >> anyone have an idea why i'm seeing inconsistent
> performance on all 3
> >> of my gateway servers?  Nothing shows up errors in the maillog and
> >> MailScanner --Lint checks out ok but from time to time the
> machines
> >> will choke and i'll stack 2k and rising messages up in the
> hold queue.
> >>
> >> one day they'll work fine and the hold queue will be
> normal, then all
> >> of a sudden they'll start backing up.
> >>
> >> I have postfix reading from mysql for the relay_domains /
> >> relay_recipients and transport maps as well as logging to
> a seperate
> >> db on the same seperate db server for mailwatch.
> >>
> >> the mysql db has dual oppy's with 10gb ram so it's pretty
> beefy and
> >> doesn't seem to be maxed at all.
> >>
> >> the gateways run fairly heavy but are by no means topping
> out.  I've
> >> tried dropping max children and the batch processing
> settings but to
> >> no avail.
> >>
> >> any ideas would be really appreciated.
> >>
> >> thanks
> >>
> >> SMJ
> >>
> >
> > What about mail volume? Is it consistent across the days in
> question?
> > Or, even if the numbers are the same, you might end up with bursty
> > traffic on the days you backup, causing everything to fall behind.
> > Botnets, mailing lists, all of that sort can drop traffic on you in
> > one heck of a hurry at times.
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From hvdkooij at vanderkooij.org  Mon Jul  7 18:04:03 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Mon Jul  7 18:04:13 2008
Subject: [Clamav-announce] announcing ClamAV 0.93.2
In-Reply-To: <898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com>
References: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>	<487246FB.2060504@ecs.soton.ac.uk>
	<898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com>
Message-ID: <48724C83.9070208@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Neuman wrote:
| If you ever do it any sooner, you're likely to cause a temporal paradox!!

Next thing Jules will prove that the speed of light is just a conveniant
legal limit and you can exceed it as you please if you are ready to pay
~ the fine.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIckyBBvzDRVjxmYERAgG8AJ9isUQ7t8cAsOs94w1ide+ron5KMQCfZFJp
RP8k0of54RlIqKSRGSGquxo=
=qvoG
-----END PGP SIGNATURE-----
From gregg at mochabomb.com  Mon Jul  7 18:08:09 2008
From: gregg at mochabomb.com (Gregg Lain)
Date: Mon Jul  7 18:08:42 2008
Subject: yum update on CentOS 5.2 broke MailScanner + many other perl
	programs
Message-ID: <48724D79.3020308@mochabomb.com>

After 2 days of a half-broken mail config (where decoupled MailScanner 
from Postfix) thought I'd share what got it working again:

1. Decoupled MailScanner from Postfix - comment out header_checks in 
main.cf - now Postfix worked w/o scanning but received emails - since I 
process less than 500/day and most spam is handled at the MTA level, was 
not a signif difference..

2. Edit vi /usr/lib/perl5/site_perl/5.8.8/Errno.pm and change line to 
match my install from perl -V | grep osvers
"$Config{'archname'}-$Config{'osvers'}" eq
#"x86_64-linux-thread-multi-2.6.9-42.0.3.elsmp" or
"x86_64-linux-thread-multi-2.6.18-53.el5" or
         die "Errno architecture 
(x86_64-linux-thread-multi-2.6.9-42.0.3.elsmp) does not match executable 
architecture ($Config{'archname'}-$Config{'osvers'})";

3. From cpan:
force install Scalar::Util
install OLE::Storage_Lite
force install Test::Harness
install IO

4. Restart MailScanner - it was ok, so then undo the Postfix changes and 
back in business..
From simonmjones at gmail.com  Mon Jul  7 18:13:12 2008
From: simonmjones at gmail.com (Simon Jones)
Date: Mon Jul  7 18:13:22 2008
Subject: inconsistent performance
In-Reply-To: <5262c23024194c45b32351bf6bdb7ce6@solidstatelogic.com>
References: <70572c510807070946xf244323i9ae43ab49b19f64@mail.gmail.com>
	<5262c23024194c45b32351bf6bdb7ce6@solidstatelogic.com>
Message-ID: <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com>

here's my spam.lists.conf

# This file translates the names of the spam lists and spam domains lists
# into the real DNS domains to search.

# There is a far more comprehensive list of these at
# http://www.declude.com/JunkMail/Support/ip4r.htm
# and you can easily search them all at www.DNSstuff.com.

# If you want to search other DNSBL's you will need to define them here first,
# before referring to them by name in mailscanner.conf (or a rules file).

spamhaus.org                    sbl.spamhaus.org.
spamhaus-XBL                    xbl.spamhaus.org.
spamhaus-PBL                    pbl.spamhaus.org.
spamhaus-ZEN                    zen.spamhaus.org.
SBL+XBL                         sbl-xbl.spamhaus.org.
spamcop.net                     bl.spamcop.net.
NJABL                           dnsbl.njabl.org.

# ORDB has been shut down.
# ORDB-RBL                        relays.ordb.org.

#Infinite-Monkeys               proxies.relays.monkeys.com.
#osirusoft.com                  relays.osirusoft.com.
# These two lists are now dead and must not be used.

# MAPS now charge for their services, so you'll have to buy a contract before
# attempting to use the next 3 lines.

MAPS-RBL                        blackholes.mail-abuse.org.
MAPS-DUL                        dialups.mail-abuse.org.
MAPS-RSS                        relays.mail-abuse.org.

# This next line works for JANET UK Academic sites only

MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.

# And build a similar list for the RBL domains that work on the name
# of the domain rather than the IP address of the exact machine that
# is listed. This way the RBL controllers can blacklist entire
# domains very quickly and easily.
# These aren't used by default, as they slow down MailScanner quite a bit.

RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.
RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.
RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.
RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.
RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.
RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org.

# Easynet are closing down, so don't use these any more
Easynet-DNSBL                   blackholes.easynet.nl.
Easynet-Proxies                 proxies.blackholes.easynet.nl.
Easynet-Dynablock               dynablock.easynet.nl.

# This list is now dead and must not be used.
#OSIRUSOFT-SPEWS                        spews.relays.osirusoft.com.

# These folks are still going strong
SORBS-DNSBL                     dnsbl.sorbs.net.
SORBS-HTTP                      http.dnsbl.sorbs.net.
SORBS-SOCKS                     socks.dnsbl.sorbs.net.
SORBS-MISC                      misc.dnsbl.sorbs.net.
SORBS-SMTP                      smtp.dnsbl.sorbs.net.
SORBS-WEB                       web.dnsbl.sorbs.net.
SORBS-SPAM                      spam.dnsbl.sorbs.net.
SORBS-BLOCK                     block.dnsbl.sorbs.net.
SORBS-ZOMBIE                    zombie.dnsbl.sorbs.net.
SORBS-DUL                       dul.dnsbl.sorbs.net.
SORBS-RHSBL                     rhsbl.sorbs.net.
# These next 2 are "Spam Domain List" entries and not "Spam List"s
SORBS-BADCONF                   badconf.rhsbl.sorbs.net.
SORBS-NOMAIL                    nomail.rhsbl.sorbs.net.

# Some other good lists

CBL                             cbl.abuseat.org.
DSBL                            list.dsbl.org.

2008/7/7 Martin.Hepworth <martinh@solidstatelogic.com>:
> Simon
>
> What RBL's you using? Could be one of them backing up - eg spamhaus tend to slow down their feed if you go over the 'free' limit.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Simon Jones
>> Sent: 07 July 2008 17:46
>> To: MailScanner discussion
>> Subject: Re: inconsistent performance
>>
>> Could be I guess, netstat just shows up the usual mass of
>> smtp connections - it's just really odd why it's ok on the
>> most part but as soon as somthing triggers a choke they all
>> start backing the queue up with messages.
>>
>> I'll do some more checking around.
>>
>> thanks Richard
>>
>> SMJ
>>
>> 2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
>> > Simon Jones wrote:
>> >>
>> >> hello chaps,
>> >>
>> >> anyone have an idea why i'm seeing inconsistent
>> performance on all 3
>> >> of my gateway servers?  Nothing shows up errors in the maillog and
>> >> MailScanner --Lint checks out ok but from time to time the
>> machines
>> >> will choke and i'll stack 2k and rising messages up in the
>> hold queue.
>> >>
>> >> one day they'll work fine and the hold queue will be
>> normal, then all
>> >> of a sudden they'll start backing up.
>> >>
>> >> I have postfix reading from mysql for the relay_domains /
>> >> relay_recipients and transport maps as well as logging to
>> a seperate
>> >> db on the same seperate db server for mailwatch.
>> >>
>> >> the mysql db has dual oppy's with 10gb ram so it's pretty
>> beefy and
>> >> doesn't seem to be maxed at all.
>> >>
>> >> the gateways run fairly heavy but are by no means topping
>> out.  I've
>> >> tried dropping max children and the batch processing
>> settings but to
>> >> no avail.
>> >>
>> >> any ideas would be really appreciated.
>> >>
>> >> thanks
>> >>
>> >> SMJ
>> >>
>> >
>> > What about mail volume? Is it consistent across the days in
>> question?
>> > Or, even if the numbers are the same, you might end up with bursty
>> > traffic on the days you backup, causing everything to fall behind.
>> > Botnets, mailing lists, all of that sort can drop traffic on you in
>> > one heck of a hurry at times.
>> > --
>> > MailScanner mailing list
>> > mailscanner@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From ssilva at sgvwater.com  Mon Jul  7 18:50:53 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul  7 18:51:40 2008
Subject: Non-English testers?
In-Reply-To: <20080707122658.GB19043@cgi.jachomes.com>
References: <486D352F.1040002@ecs.soton.ac.uk>	<EMEW-k62Lij7a0222bd2aca6defd2f36c98aec5e4fe-0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com>	<486D3C1B.9090604@ecs.soton.ac.uk>
	<20080707122658.GB19043@cgi.jachomes.com>
Message-ID: <g4tl2q$igm$1@ger.gmane.org>

on 7-7-2008 5:26 AM Jay R. Ashworth spake the following:
> On Thu, Jul 03, 2008 at 09:52:43PM +0100, Julian Field wrote:
>> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword doesn't 
>> support them. If anyone has a way of managing to read them, I would be 
>> very interested to hear it. Or even just some helpful ideas.
> 
> But, but... .docx is this wonderful, open, XML based file format that's
> easy to parse.  Right?  I mean, that's what Microsoft has been telling
> us...
> 
> :-)
> 
> Cheers,
> -- jra
I think that one needed a winking smily ;-)



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/839a933f/signature.bin
From doc at maddoc.net  Mon Jul  7 18:59:27 2008
From: doc at maddoc.net (Doc Schneider)
Date: Mon Jul  7 18:59:44 2008
Subject: [Clamav-announce] announcing ClamAV 0.93.2
In-Reply-To: <48724C83.9070208@vanderkooij.org>
References: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>	<487246FB.2060504@ecs.soton.ac.uk>	<898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com>
	<48724C83.9070208@vanderkooij.org>
Message-ID: <4872597F.8010807@maddoc.net>

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Alex Neuman wrote:
> | If you ever do it any sooner, you're likely to cause a temporal paradox!!
> 
> Next thing Jules will prove that the speed of light is just a conveniant
> legal limit and you can exceed it as you please if you are ready to pay
> ~ the fine.
> 
> Hugo.

This just in:


Folks,

A problem has been found in 0.93.2 and it has to be withdrawn. Please do
not use it. We are working on a fix as a top priority.

Sorry for the inconvenience.

-Nigel Horne




-- 
-Doc
Lincoln, NE.
http://www.fsl.com/
http://www.genealogyforyou.com/
http://www.cairnproductions.com/

From dominian at slackadelic.com  Mon Jul  7 19:04:09 2008
From: dominian at slackadelic.com (Matt Hayes)
Date: Mon Jul  7 19:04:23 2008
Subject: [Clamav-announce] announcing ClamAV 0.93.2
In-Reply-To: <4872597F.8010807@maddoc.net>
References: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>	<487246FB.2060504@ecs.soton.ac.uk>	<898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com>	<48724C83.9070208@vanderkooij.org>
	<4872597F.8010807@maddoc.net>
Message-ID: <48725A99.3070003@slackadelic.com>

Doc Schneider wrote:
> Hugo van der Kooij wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Alex Neuman wrote:
>> | If you ever do it any sooner, you're likely to cause a temporal 
>> paradox!!
>>
>> Next thing Jules will prove that the speed of light is just a conveniant
>> legal limit and you can exceed it as you please if you are ready to pay
>> ~ the fine.
>>
>> Hugo.
> 
> This just in:
> 
> 
> Folks,
> 
> A problem has been found in 0.93.2 and it has to be withdrawn. Please do
> not use it. We are working on a fix as a top priority.
> 
> Sorry for the inconvenience.
> 
> -Nigel Horne
> 
> 
> 
> 

What is the issue?

-Matt
From alex at rtpty.com  Mon Jul  7 19:04:34 2008
From: alex at rtpty.com (Alex Neuman)
Date: Mon Jul  7 19:04:54 2008
Subject: Non-English testers?
In-Reply-To: <g4tl2q$igm$1@ger.gmane.org>
References: <486D352F.1040002@ecs.soton.ac.uk>
	<EMEW-k62Lij7a0222bd2aca6defd2f36c98aec5e4fe-0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com>
	<486D3C1B.9090604@ecs.soton.ac.uk>
	<20080707122658.GB19043@cgi.jachomes.com>
	<g4tl2q$igm$1@ger.gmane.org>
Message-ID: <D8081CED-DAA7-4A7A-9722-7E2663AF5485@rtpty.com>

More like a smiley that's laughing his toches off, if you'll pardon  
the Yiddish... Like X-D

Sent from my iPhone

On Jul 7, 2008, at 12:50 PM, Scott Silva <ssilva@sgvwater.com> wrote:

> on 7-7-2008 5:26 AM Jay R. Ashworth spake the following:
>> On Thu, Jul 03, 2008 at 09:52:43PM +0100, Julian Field wrote:
>>> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword  
>>> doesn't support them. If anyone has a way of managing to read  
>>> them, I would be very interested to hear it. Or even just some  
>>> helpful ideas.
>> But, but... .docx is this wonderful, open, XML based file format  
>> that's
>> easy to parse.  Right?  I mean, that's what Microsoft has been  
>> telling
>> us...
>> :-)
>> Cheers,
>> -- jra
> I think that one needed a winking smily ;-)
>
>
>
> -- 
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From lars+lister.mailscanner at adventuras.no  Mon Jul  7 19:04:58 2008
From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen)
Date: Mon Jul  7 19:05:12 2008
Subject: HEADS UP: [Fwd: [Clamav-users] 0.93.2]
Message-ID: <48725ACA.5070403@adventuras.no>


FYI

-------- Opprinnelig melding --------
Emne: 	[Clamav-users] 0.93.2
Dato: 	Mon, 07 Jul 2008 18:48:25 +0100
Fra: 	Nigel Horne <njh@bandsman.co.uk>
Svar-Til: 	ClamAV users ML <clamav-users@lists.clamav.net>
Organisasjon: 	NJH Music
Til: 	ClamAV users ML <clamav-users@lists.clamav.net>



Folks,

A problem has been found in 0.93.2 and it has to be withdrawn. Please do 
not use it. We are working on a fix as a top priority.

Sorry for the inconvenience.

-Nigel Horne

-- 
Come to Las Vegas to see the latest in Sourcefire and open source 
innovation.
Register at www.bossconference.com by September 30th to save $200!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/e695afec/attachment.html
From Kevin_Miller at ci.juneau.ak.us  Mon Jul  7 19:09:08 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon Jul  7 19:09:18 2008
Subject: Whitelists Still Not Working?
In-Reply-To: <486EDC9F.3040504@openenterprise.ca>
References: <486D681C.4080104@openenterprise.ca>
	<D1587DCF6294524BAFA2C9944312FCC8C7D566@city-exch-w3e.cbj.local>
	<486EDC9F.3040504@openenterprise.ca>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D569@city-exch-w3e.cbj.local>

On the MTA it's a milter - I use sendmail.  Since Postfix does milters
now too, I expect there's a way to add it in there also.  I'm running
smfspf but there are other versions available as well.  See
http://www.openspf.org/

I believe it's tied into spamassassin, so you'd turn it on/off in there.
I think you'd just set the scores to 0 in the spam.assassin.prefs.conf.
I found the ruleset in /var/lib/spamassassin/3.002004/25_spf.cf but
don't edit it there as it will be lost after an update.

If you're not publishing spf records in your dns, think about adding
them.

HTH...

...Kevin

Johnny Stork wrote:
> I dont think I have SPF running and had been planning to look into it
> at some time in the future. Where should/could I check to be sure?
> 
> Kevin Miller wrote:
>> Johnny Stork wrote:
>> 
>>> X-Assp-Received-SPF: pass - Please see
>>> 
>>> 
>>
http://www.openspf.org/why.html?sender=v-cbilj_bgckiebc_fekkao_fekkao_a%
>> 40bounce.mkt1336.com&ip=208.85.55.19&receiver=ASSP.nospam:
>> 
>>>      208.85.55.19 contains 208.85.55.19 - client-ip=208.85.55.19;
>>> 
>> 
>> I'm not sure that it's MailScanner/Spamassassin/MailWatch that's
>> doing the neferious deed Johnny.  Following the link in the headers
>> it looks like SPF is scrunching the message, but can't explain why. 
>> It knows it shouldn't. 
>> 
>> Do you have the luxury of running SPF on your MTA and turning it off
>> in mailscanner/spamassassin and seeing how that goes?
>> 
>> ...Kevin



...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From doc at maddoc.net  Mon Jul  7 19:10:30 2008
From: doc at maddoc.net (Doc Schneider)
Date: Mon Jul  7 19:10:47 2008
Subject: [Clamav-announce] announcing ClamAV 0.93.2
In-Reply-To: <48725A99.3070003@slackadelic.com>
References: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>	<487246FB.2060504@ecs.soton.ac.uk>	<898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com>	<48724C83.9070208@vanderkooij.org>	<4872597F.8010807@maddoc.net>
	<48725A99.3070003@slackadelic.com>
Message-ID: <48725C16.9040209@maddoc.net>

Matt Hayes wrote:
> Doc Schneider wrote:
>> Hugo van der Kooij wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Alex Neuman wrote:
>>> | If you ever do it any sooner, you're likely to cause a temporal 
>>> paradox!!
>>>
>>> Next thing Jules will prove that the speed of light is just a conveniant
>>> legal limit and you can exceed it as you please if you are ready to pay
>>> ~ the fine.
>>>
>>> Hugo.
>>
>> This just in:
>>
>>
>> Folks,
>>
>> A problem has been found in 0.93.2 and it has to be withdrawn. Please do
>> not use it. We are working on a fix as a top priority.
>>
>> Sorry for the inconvenience.
>>
>> -Nigel Horne
>>
>>
>>
>>
> 
> What is the issue?
> 
> -Matt

I was just passing along the message from the clamav list.

Guess Jules now needs to exceed the speed of dark redoing his package! HAR!


-- 
-Doc
Lincoln, NE.
http://www.fsl.com/
http://www.genealogyforyou.com/
http://www.cairnproductions.com/

From ssilva at sgvwater.com  Mon Jul  7 19:11:01 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul  7 19:12:00 2008
Subject: inconsistent performance
In-Reply-To: <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com>
References: <70572c510807070946xf244323i9ae43ab49b19f64@mail.gmail.com>	<5262c23024194c45b32351bf6bdb7ce6@solidstatelogic.com>
	<70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com>
Message-ID: <g4tm8m$no8$1@ger.gmane.org>

on 7-7-2008 10:13 AM Simon Jones spake the following:
> here's my spam.lists.conf
> 
Every body gets that file. What spam lists have you enabled?


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/6d9bddc8/signature.bin
From Kevin_Miller at ci.juneau.ak.us  Mon Jul  7 19:44:29 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Mon Jul  7 19:44:39 2008
Subject: Non-English testers?
In-Reply-To: <20080707122658.GB19043@cgi.jachomes.com>
References: <486D352F.1040002@ecs.soton.ac.uk><EMEW-k62Lij7a0222bd2aca6defd2f36c98aec5e4fe-0595EE01-19AD-4A3E-98AB-6DBE3526BC94@rtpty.com><486D3C1B.9090604@ecs.soton.ac.uk>
	<20080707122658.GB19043@cgi.jachomes.com>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D56D@city-exch-w3e.cbj.local>

Jay R. Ashworth wrote:
> On Thu, Jul 03, 2008 at 09:52:43PM +0100, Julian Field wrote:
>> The "Add Text Of Doc" won't work on .docx files, sorry. Antiword
>> doesn't support them. If anyone has a way of managing to read them,
>> I would be very interested to hear it. Or even just some helpful
>> ideas. 
> 
> But, but... .docx is this wonderful, open, XML based file format
> that's 
> easy to parse.  Right?  I mean, that's what Microsoft has been telling
> us...

Yeah.  And I have a nice bridge in Brooklyn that I'll sell you real
cheap! <g>



...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From ssilva at sgvwater.com  Mon Jul  7 20:20:43 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul  7 20:21:02 2008
Subject: [Clamav-announce] announcing ClamAV 0.93.2
In-Reply-To: <48725C16.9040209@maddoc.net>
References: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>	<487246FB.2060504@ecs.soton.ac.uk>	<898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com>	<48724C83.9070208@vanderkooij.org>	<4872597F.8010807@maddoc.net>	<48725A99.3070003@slackadelic.com>
	<48725C16.9040209@maddoc.net>
Message-ID: <g4tqab$8m0$1@ger.gmane.org>

on 7-7-2008 11:10 AM Doc Schneider spake the following:
> Matt Hayes wrote:
>> Doc Schneider wrote:
>>> Hugo van der Kooij wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Alex Neuman wrote:
>>>> | If you ever do it any sooner, you're likely to cause a temporal 
>>>> paradox!!
>>>>
>>>> Next thing Jules will prove that the speed of light is just a 
>>>> conveniant
>>>> legal limit and you can exceed it as you please if you are ready to pay
>>>> ~ the fine.
>>>>
>>>> Hugo.
>>>
>>> This just in:
>>>
>>>
>>> Folks,
>>>
>>> A problem has been found in 0.93.2 and it has to be withdrawn. Please do
>>> not use it. We are working on a fix as a top priority.
>>>
>>> Sorry for the inconvenience.
>>>
>>> -Nigel Horne
>>>
>>>
>>>
>>>
>>
>> What is the issue?
>>
>> -Matt
> 
> I was just passing along the message from the clamav list.
> 
> Guess Jules now needs to exceed the speed of dark redoing his package! HAR!
> 
> 
The old package is still there, you just have to be creative with the url ;-)


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/caba7256/signature.bin
From ssilva at sgvwater.com  Mon Jul  7 20:22:24 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon Jul  7 20:25:11 2008
Subject: HEADS UP: [Fwd: [Clamav-users] 0.93.2]
In-Reply-To: <48725ACA.5070403@adventuras.no>
References: <48725ACA.5070403@adventuras.no>
Message-ID: <g4tqdf$8lo$1@ger.gmane.org>


> 
> 
> 
> Folks,
> 
> A problem has been found in 0.93.2 and it has to be withdrawn. Please do 
> not use it. We are working on a fix as a top priority.
> 
> Sorry for the inconvenience.
> 
> -Nigel Horne
  Another good example for not jumping to a new release on the first day.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/25795b83/signature.bin
From lars+lister.mailscanner at adventuras.no  Mon Jul  7 21:16:33 2008
From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen)
Date: Mon Jul  7 21:16:54 2008
Subject: [Fwd: [Clamav-announce] announcing ClamAV 0.93.3]
Message-ID: <487279A1.3000003@adventuras.no>

FYI

-------- Opprinnelig melding --------
Emne: [Clamav-announce] announcing ClamAV 0.93.3
Dato: Mon, 7 Jul 2008 21:42:35 +0200
Fra: Luca Gibelli <luca@clamav.net>
Svar-Til: noreply@clamav.net
Til: ClamAV Announce <clamav-announce@lists.clamav.net>
Referanser: <20080707155612.GA28395@adsl.nervous.it>


Dear ClamAV users,

This release fixes a problem in handling of .cld files introduced in
0.93.2.

--
The ClamAV team (http://www.clamav.net/team)


Best regards
From davejones70 at gmail.com  Mon Jul  7 21:28:40 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Mon Jul  7 21:28:50 2008
Subject: inconsistent performance
Message-ID: <67a55ed50807071328j465e965bwaf182a07ce4604f1@mail.gmail.com>

>Could be I guess, netstat just shows up the usual mass of smtp
>connections - it's just really odd why it's ok on the most part but as
>soon as somthing triggers a choke they all start backing the queue up
>with messages.
>
>I'll do some more checking around.
>
>thanks Richard
>
>SMJ
>
>2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
>> Simon Jones wrote:
>>>
>>> hello chaps,
>>>
>>> anyone have an idea why i'm seeing inconsistent performance on all 3
>>> of my gateway servers?  Nothing shows up errors in the maillog and
>>> MailScanner --Lint checks out ok but from time to time the machines
>>> will choke and i'll stack 2k and rising messages up in the hold queue.
>>>
>>> one day they'll work fine and the hold queue will be normal, then all
>>> of a sudden they'll start backing up.
>>>
>>> I have postfix reading from mysql for the relay_domains /
>>> relay_recipients and transport maps as well as logging to a seperate
>>> db on the same seperate db server for mailwatch.
>>>
>>> the mysql db has dual oppy's with 10gb ram so it's pretty beefy and
>>> doesn't seem to be maxed at all.
>>>
>>> the gateways run fairly heavy but are by no means topping out.  I've
>>> tried dropping max children and the batch processing settings but to
>>> no avail.
>>>
>>> any ideas would be really appreciated.
>>>
>>> thanks
>>>
>>> SMJ
>>>
>>
>> What about mail volume? Is it consistent across the days in question? Or,
>> even if the numbers are the same, you might end up with bursty traffic on
>> the days you backup, causing everything to fall behind. Botnets, mailing
>> lists, all of that sort can drop traffic on you in one heck of a hurry at
>> times.
> --

You might want to put Munin on the boxes to quickly get some high-level
charts across all 3 boxes to see trending over time.  We have Munin local to
each box so we can check general performance info when something like this
comes up.

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080707/7084843d/attachment.html
From Rich.West at wesmo.com  Tue Jul  8 00:51:27 2008
From: Rich.West at wesmo.com (Rich West)
Date: Tue Jul  8 00:51:37 2008
Subject: OT: Run MScanner in a virtualized environment.
In-Reply-To: <g4mkef$snr$1@ger.gmane.org>
References: <7d9b3cf20807011153w3af6d451gd782ba3cf5a295c@mail.gmail.com>	<op.udmsf9df53oa6f@ajc5.lan>	<486B2EEB.8020502@anymore.nl>
	<g4mkef$snr$1@ger.gmane.org>
Message-ID: <4872ABFF.1040600@wesmo.com>



Ugo Bellavance wrote:
> Arjan Schrijver wrote:
>> Anthony Cartmell wrote:
>>>> Hi guys, i know that it's not recomendable to run MS on virtualized HW
>>>> because of it's high cpu/io load. However, i'm doing some research
>>>> because my boss required it.
>>>
>>> I have it running on a high-powered Xen VPS (with 2G RAM available 
>>> and eight processor cores shared between the VPS instances) and it 
>>> works fine. Only processing ~800 messages per day so probably not a 
>>> very useful test though. I'll be moving more mail through it soon, 
>>> so might get to see how well it works then. My other server, non VPS 
>>> but with the same memory but only twin processors, manages 10,000 
>>> messages per day without much problem.
>>>
>> Running OpenVZ here (no performance impact), on 4 virtual MailScanner 
>> servers. They each process about 40.000 messages a day, through both 
>> SpamAssassin and ClamAV. The hardware consists of four servers with 
>> 4x2GHz cores and 2GB RAM. Each server runs one container. The 
>> performance is exactly the same as when the same servers were running 
>> MailScanner natively (not virtualized).
>> But this is of course only possible with OpenVZ or Virtuozzo, because 
>> it doesn't virtualize the complete hardware but only the kernel.
>
> I also use OpenVZ, about 40 000 emails/day on that gateway, about 800 
> 000 smtp connects/day (using BarricadeMX).
>
> The server is a quad core xeon, and runs this MailScanner system and 
> an asterisk PBX.
>
> Ugo

We're running MailScanner + Spamassassin + Clamd + milter-greylist under 
VMware ESX on an IBM BladeCenter.  We're only averaging about 4-6k 
messages per day, and the CPU / memory utilization never creeps up too 
high.  I'd say it's averaged around 1.3GB of memory and minimal CPU usage.

And it runs just fine. :)

-Rich

From nwp at nz.lemon-computing.com  Tue Jul  8 00:58:47 2008
From: nwp at nz.lemon-computing.com (Nick Phillips)
Date: Tue Jul  8 00:59:03 2008
Subject: Phishing Links
In-Reply-To: <20080707122437.GA19043@cgi.jachomes.com>
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
	<g4isc7$iq6$2@ger.gmane.org>
	<20080707122437.GA19043@cgi.jachomes.com>
Message-ID: <A9C08832-CEBB-4E92-B6CE-258C96527EC4@nz.lemon-computing.com>

On 8/07/2008, at 12:24 AM, Jay R. Ashworth wrote:
>
> Indeed; this is a topic the RISKS Digest covers fairly often: lots of
> legitimate organizations sub out their emailing, to companies that
> aren't smart enough to not make legit emails *look* like phishes.

Or indeed who *are* smart enough to realise that we care about this  
more than they do, which allows them to shit all over their own  
doorstep and have us clean up the mess :-(

In other words, block the buggers and they might think about stopping.


Cheers,


Nick
From rcooper at dwford.com  Tue Jul  8 01:34:48 2008
From: rcooper at dwford.com (Rick Cooper)
Date: Tue Jul  8 01:35:03 2008
Subject: [Clamav-announce] announcing ClamAV 0.93.2
In-Reply-To: <48725A99.3070003@slackadelic.com>
References: <EMEW-k66H76bbfe3534db7240dc98fb8e36af1eb94e-3ae831185e54ef4f9a7fc5eb6be4d9db@solidstatelogic.com>	<487246FB.2060504@ecs.soton.ac.uk>	<898A7AC8-58A8-4C61-B566-77BF0D658C53@rtpty.com>	<48724C83.9070208@vanderkooij.org><4872597F.8010807@maddoc.net>
	<48725A99.3070003@slackadelic.com>
Message-ID: <8852E8728FE94E88A4E169B6712588E6@SAHOMELT>

 

 > -----Original Message-----
 > From: mailscanner-bounces@lists.mailscanner.info 
 > [mailto:mailscanner-bounces@lists.mailscanner.info] On 
 > Behalf Of Matt Hayes
 > Sent: Monday, July 07, 2008 2:04 PM
 > To: MailScanner discussion
 > Subject: Re: [Clamav-announce] announcing ClamAV 0.93.2
 > 
 > Doc Schneider wrote:
 > > Hugo van der Kooij wrote:
 > >> -----BEGIN PGP SIGNED MESSAGE-----
 > >> Hash: SHA1
 > >>
 > >> Alex Neuman wrote:
 > >> | If you ever do it any sooner, you're likely to cause a temporal 
 > >> paradox!!
 > >>
 > >> Next thing Jules will prove that the speed of light is 
 > just a conveniant
 > >> legal limit and you can exceed it as you please if you 
 > are ready to pay
 > >> ~ the fine.
 > >>
 > >> Hugo.
 > > 
 > > This just in:
 > > 
 > > 
 > > Folks,
 > > 
 > > A problem has been found in 0.93.2 and it has to be 
 > withdrawn. Please do
 > > not use it. We are working on a fix as a top priority.
 > > 
 > > Sorry for the inconvenience.
 > > 
 > > -Nigel Horne
 > > 
 > > 
 > > 
 > > 
 > 
 > What is the issue?
 > 

The daily db crashed clamd shortly after uploading. You could delete it,
rerun freshclam and clamd would reload the new db and be fine for a few min
and then crash and not restart.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From ismail at ismailozatay.net  Tue Jul  8 07:32:16 2008
From: ismail at ismailozatay.net (Ismail OZATAY)
Date: Tue Jul  8 07:32:31 2008
Subject: About spam attack
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com><g4isc7$iq6$2@ger.gmane.org><20080707122437.GA19043@cgi.jachomes.com>
	<A9C08832-CEBB-4E92-B6CE-258C96527EC4@nz.lemon-computing.com>
Message-ID: <8F928109DCEB4E4984F8EF3B3CD84019@pc>

Hi there;

I use MailScanner 4.68.8 with SA 3.24. Sometimes spammers attack my 
mailserver with lots of bad mails that include these subjects:

Delivery failure.
Undeliverable mail.
failure notice.

And also these e-mails have no sender.

How can i block them ?

Thanks


From craig at csfs.co.za  Tue Jul  8 07:48:58 2008
From: craig at csfs.co.za (Craig Retief)
Date: Tue Jul  8 07:59:21 2008
Subject: About spam attack
In-Reply-To: <8F928109DCEB4E4984F8EF3B3CD84019@pc>
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
	<g4isc7$iq6$2@ger.gmane.org><20080707122437.GA19043@cgi.jachomes.com>
	<A9C08832-CEBB-4E92-B6CE-258C96527EC4@nz.lemon-computing.com>
	<8F928109DCEB4E4984F8EF3B3CD84019@pc>
Message-ID: <1215499738.9506.1.camel@cX>

On Tue, 2008-07-08 at 09:32 +0300, Ismail OZATAY wrote:

> Hi there;
> 
> I use MailScanner 4.68.8 with SA 3.24. Sometimes spammers attack my 
> mailserver with lots of bad mails that include these subjects:
> 
> Delivery failure.
> Undeliverable mail.
> failure notice.
> 
> And also these e-mails have no sender.
> 
> How can i block them ?

Take a look at Jule's watermark feature that is included in the newest
MailScanner for Download....

Cheers

Craig

> 
> Thanks
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/f9224d6f/attachment.html
From ismail at ismailozatay.net  Tue Jul  8 08:10:07 2008
From: ismail at ismailozatay.net (Ismail OZATAY)
Date: Tue Jul  8 08:10:22 2008
Subject: About spam attack
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com><g4isc7$iq6$2@ger.gmane.org><20080707122437.GA19043@cgi.jachomes.com><A9C08832-CEBB-4E92-B6CE-258C96527EC4@nz.lemon-computing.com><8F928109DCEB4E4984F8EF3B3CD84019@pc>
	<1215499738.9506.1.camel@cX>
Message-ID: <7ADC5C5F17A64174941F6F76C0A84EC5@pc>

Hi Craig;

I know Watermark but my mail server and mailscanner gateway are running on different servers. My domain's mx records point mailscanner gateway then it sends mails to mail server. mail server sends outgoing mails itself. so mailscanner can not put watermark tag in outgoing mails. so if i enable watermak for this topology it do not work , is not it ?

Thanks
  ----- Original Message ----- 
  From: Craig Retief 
  To: MailScanner discussion 
  Sent: Tuesday, July 08, 2008 9:48 AM
  Subject: Re: About spam attack


  On Tue, 2008-07-08 at 09:32 +0300, Ismail OZATAY wrote: 
Hi there;

I use MailScanner 4.68.8 with SA 3.24. Sometimes spammers attack my 
mailserver with lots of bad mails that include these subjects:

Delivery failure.
Undeliverable mail.
failure notice.

And also these e-mails have no sender.

How can i block them ?
Take a look at Jule's watermark feature that is included in the newest MailScanner for Download....

  Cheers

  Craig 

Thanks




------------------------------------------------------------------------------


  -- 
  MailScanner mailing list
  mailscanner@lists.mailscanner.info
  http://lists.mailscanner.info/mailman/listinfo/mailscanner

  Before posting, read http://wiki.mailscanner.info/posting

  Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/779f46ce/attachment.html
From martinh at solidstatelogic.com  Tue Jul  8 09:14:35 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 09:14:57 2008
Subject: About spam attack
In-Reply-To: <7ADC5C5F17A64174941F6F76C0A84EC5@pc>
Message-ID: <e850166768a7f44995de44ed91b25c34@solidstatelogic.com>

Correct

I suggest you pass you're outgoing via the mailscanner then the watermarking will mark.

You can put a rule against the spam scanning etc to not scan email from the mailserver, but at least you'll get the watermarks in there.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Ismail OZATAY
> Sent: 08 July 2008 08:10
> To: MailScanner discussion
> Subject: Re: About spam attack
>
> Hi Craig;
>
> I know Watermark but my mail server and mailscanner gateway
> are running on different servers. My domain's mx records
> point mailscanner gateway then it sends mails to mail server.
> mail server sends outgoing mails itself. so mailscanner can
> not put watermark tag in outgoing mails. so if i enable
> watermak for this topology it do not work , is not it ?
>
> Thanks
>
> 	----- Original Message -----
> 	From: Craig Retief <mailto:craig@csfs.co.za>
> 	To: MailScanner discussion
> <mailto:mailscanner@lists.mailscanner.info>
> 	Sent: Tuesday, July 08, 2008 9:48 AM
> 	Subject: Re: About spam attack
>
> 	On Tue, 2008-07-08 at 09:32 +0300, Ismail OZATAY wrote:
>
> 		Hi there;
>
> 		I use MailScanner 4.68.8 with SA 3.24.
> Sometimes spammers attack my
> 		mailserver with lots of bad mails that include
> these subjects:
>
> 		Delivery failure.
> 		Undeliverable mail.
> 		failure notice.
>
> 		And also these e-mails have no sender.
>
> 		How can i block them ?
>
> 	Take a look at Jule's watermark feature that is
> included in the newest MailScanner for Download....
>
> 	Cheers
>
> 	Craig
>
>
> 		Thanks
>
>
>
>
> ________________________________
>
>
>
>
> 	--
> 	MailScanner mailing list
> 	mailscanner@lists.mailscanner.info
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> 	Before posting, read http://wiki.mailscanner.info/posting
>
> 	Support MailScanner development - buy the book off the website!
>
>
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From martinh at solidstatelogic.com  Tue Jul  8 09:15:43 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 09:15:58 2008
Subject: inconsistent performance
In-Reply-To: <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com>
Message-ID: <12760a890b23b24b9293255f03dc3b32@solidstatelogic.com>

Simon

Not only this but what are you running in MailScanner.conf and also spamassassin.

If you haven't turned any RBL's off in SA you're more than like running them all which could well account for odd performance issues.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Simon Jones
> Sent: 07 July 2008 18:13
> To: MailScanner discussion
> Subject: Re: inconsistent performance
>
> here's my spam.lists.conf
>
> # This file translates the names of the spam lists and spam
> domains lists # into the real DNS domains to search.
>
> # There is a far more comprehensive list of these at #
> http://www.declude.com/JunkMail/Support/ip4r.htm
> # and you can easily search them all at www.DNSstuff.com.
>
> # If you want to search other DNSBL's you will need to define
> them here first, # before referring to them by name in
> mailscanner.conf (or a rules file).
>
> spamhaus.org                    sbl.spamhaus.org.
> spamhaus-XBL                    xbl.spamhaus.org.
> spamhaus-PBL                    pbl.spamhaus.org.
> spamhaus-ZEN                    zen.spamhaus.org.
> SBL+XBL                         sbl-xbl.spamhaus.org.
> spamcop.net                     bl.spamcop.net.
> NJABL                           dnsbl.njabl.org.
>
> # ORDB has been shut down.
> # ORDB-RBL                        relays.ordb.org.
>
> #Infinite-Monkeys               proxies.relays.monkeys.com.
> #osirusoft.com                  relays.osirusoft.com.
> # These two lists are now dead and must not be used.
>
> # MAPS now charge for their services, so you'll have to buy a
> contract before # attempting to use the next 3 lines.
>
> MAPS-RBL                        blackholes.mail-abuse.org.
> MAPS-DUL                        dialups.mail-abuse.org.
> MAPS-RSS                        relays.mail-abuse.org.
>
> # This next line works for JANET UK Academic sites only
>
> MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.
>
> # And build a similar list for the RBL domains that work on
> the name # of the domain rather than the IP address of the
> exact machine that # is listed. This way the RBL controllers
> can blacklist entire # domains very quickly and easily.
> # These aren't used by default, as they slow down MailScanner
> quite a bit.
>
> RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.
> RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.
> RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.
> RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.
> RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.
> RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org.
>
> # Easynet are closing down, so don't use these any more
> Easynet-DNSBL                   blackholes.easynet.nl.
> Easynet-Proxies                 proxies.blackholes.easynet.nl.
> Easynet-Dynablock               dynablock.easynet.nl.
>
> # This list is now dead and must not be used.
> #OSIRUSOFT-SPEWS                        spews.relays.osirusoft.com.
>
> # These folks are still going strong
> SORBS-DNSBL                     dnsbl.sorbs.net.
> SORBS-HTTP                      http.dnsbl.sorbs.net.
> SORBS-SOCKS                     socks.dnsbl.sorbs.net.
> SORBS-MISC                      misc.dnsbl.sorbs.net.
> SORBS-SMTP                      smtp.dnsbl.sorbs.net.
> SORBS-WEB                       web.dnsbl.sorbs.net.
> SORBS-SPAM                      spam.dnsbl.sorbs.net.
> SORBS-BLOCK                     block.dnsbl.sorbs.net.
> SORBS-ZOMBIE                    zombie.dnsbl.sorbs.net.
> SORBS-DUL                       dul.dnsbl.sorbs.net.
> SORBS-RHSBL                     rhsbl.sorbs.net.
> # These next 2 are "Spam Domain List" entries and not "Spam List"s
> SORBS-BADCONF                   badconf.rhsbl.sorbs.net.
> SORBS-NOMAIL                    nomail.rhsbl.sorbs.net.
>
> # Some other good lists
>
> CBL                             cbl.abuseat.org.
> DSBL                            list.dsbl.org.
>
> 2008/7/7 Martin.Hepworth <martinh@solidstatelogic.com>:
> > Simon
> >
> > What RBL's you using? Could be one of them backing up - eg
> spamhaus tend to slow down their feed if you go over the 'free' limit.
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> >> Simon Jones
> >> Sent: 07 July 2008 17:46
> >> To: MailScanner discussion
> >> Subject: Re: inconsistent performance
> >>
> >> Could be I guess, netstat just shows up the usual mass of smtp
> >> connections - it's just really odd why it's ok on the most
> part but
> >> as soon as somthing triggers a choke they all start
> backing the queue
> >> up with messages.
> >>
> >> I'll do some more checking around.
> >>
> >> thanks Richard
> >>
> >> SMJ
> >>
> >> 2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
> >> > Simon Jones wrote:
> >> >>
> >> >> hello chaps,
> >> >>
> >> >> anyone have an idea why i'm seeing inconsistent
> >> performance on all 3
> >> >> of my gateway servers?  Nothing shows up errors in the
> maillog and
> >> >> MailScanner --Lint checks out ok but from time to time the
> >> machines
> >> >> will choke and i'll stack 2k and rising messages up in the
> >> hold queue.
> >> >>
> >> >> one day they'll work fine and the hold queue will be
> >> normal, then all
> >> >> of a sudden they'll start backing up.
> >> >>
> >> >> I have postfix reading from mysql for the relay_domains /
> >> >> relay_recipients and transport maps as well as logging to
> >> a seperate
> >> >> db on the same seperate db server for mailwatch.
> >> >>
> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty
> >> beefy and
> >> >> doesn't seem to be maxed at all.
> >> >>
> >> >> the gateways run fairly heavy but are by no means topping
> >> out.  I've
> >> >> tried dropping max children and the batch processing
> >> settings but to
> >> >> no avail.
> >> >>
> >> >> any ideas would be really appreciated.
> >> >>
> >> >> thanks
> >> >>
> >> >> SMJ
> >> >>
> >> >
> >> > What about mail volume? Is it consistent across the days in
> >> question?
> >> > Or, even if the numbers are the same, you might end up
> with bursty
> >> > traffic on the days you backup, causing everything to
> fall behind.
> >> > Botnets, mailing lists, all of that sort can drop
> traffic on you in
> >> > one heck of a hurry at times.
> >> > --
> >> > MailScanner mailing list
> >> > mailscanner@lists.mailscanner.info
> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >
> >> > Before posting, read http://wiki.mailscanner.info/posting
> >> >
> >> > Support MailScanner development - buy the book off the website!
> >> >
> >> --
> >> MailScanner mailing list
> >> mailscanner@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >
> >
> >
> >
> >
> **********************************************************************
> > Confidentiality : This e-mail and any attachments are
> intended for the
> > addressee only and may be confidential. If they come to you
> in error
> > you must take no action based on them, nor must you copy or
> show them
> > to anyone. Please advise the sender by replying to this e-mail
> > immediately and then delete the original from your computer.
> > Opinion : Any opinions expressed in this e-mail are
> entirely those of
> > the author and unless specifically stated to the contrary, are not
> > necessarily those of the author's employer.
> > Security Warning : Internet e-mail is not necessarily a secure
> > communications medium and can be subject to data
> corruption. We advise
> > that you consider this fact when e-mailing us.
> > Viruses : We have taken steps to ensure that this e-mail and any
> > attachments are free from known viruses but in keeping with good
> > computing practice, you should ensure that they are virus free.
> >
> > Red Lion 49 Ltd T/A Solid State Logic
> > Registered as a limited company in England and Wales (Company
> > No:5362730) Registered Office: 25 Spring Hill Road,
> Begbroke, Oxford
> > OX5 1RU, United Kingdom
> >
> **********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From simonmjones at gmail.com  Tue Jul  8 09:29:52 2008
From: simonmjones at gmail.com (Simon Jones)
Date: Tue Jul  8 09:30:03 2008
Subject: inconsistent performance
In-Reply-To: <12760a890b23b24b9293255f03dc3b32@solidstatelogic.com>
References: <70572c510807071013y23c200a4r175e010e36a4eae8@mail.gmail.com>
	<12760a890b23b24b9293255f03dc3b32@solidstatelogic.com>
Message-ID: <70572c510807080129s186ee8b9t69eff1866ae6adc1@mail.gmail.com>

mate, where do i find what rbl's spamassassin is checking?  I thought
they were in spam.lists.conf only

Simon

2008/7/8 Martin.Hepworth <martinh@solidstatelogic.com>:
> Simon
>
> Not only this but what are you running in MailScanner.conf and also spamassassin.
>
> If you haven't turned any RBL's off in SA you're more than like running them all which could well account for odd performance issues.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Simon Jones
>> Sent: 07 July 2008 18:13
>> To: MailScanner discussion
>> Subject: Re: inconsistent performance
>>
>> here's my spam.lists.conf
>>
>> # This file translates the names of the spam lists and spam
>> domains lists # into the real DNS domains to search.
>>
>> # There is a far more comprehensive list of these at #
>> http://www.declude.com/JunkMail/Support/ip4r.htm
>> # and you can easily search them all at www.DNSstuff.com.
>>
>> # If you want to search other DNSBL's you will need to define
>> them here first, # before referring to them by name in
>> mailscanner.conf (or a rules file).
>>
>> spamhaus.org                    sbl.spamhaus.org.
>> spamhaus-XBL                    xbl.spamhaus.org.
>> spamhaus-PBL                    pbl.spamhaus.org.
>> spamhaus-ZEN                    zen.spamhaus.org.
>> SBL+XBL                         sbl-xbl.spamhaus.org.
>> spamcop.net                     bl.spamcop.net.
>> NJABL                           dnsbl.njabl.org.
>>
>> # ORDB has been shut down.
>> # ORDB-RBL                        relays.ordb.org.
>>
>> #Infinite-Monkeys               proxies.relays.monkeys.com.
>> #osirusoft.com                  relays.osirusoft.com.
>> # These two lists are now dead and must not be used.
>>
>> # MAPS now charge for their services, so you'll have to buy a
>> contract before # attempting to use the next 3 lines.
>>
>> MAPS-RBL                        blackholes.mail-abuse.org.
>> MAPS-DUL                        dialups.mail-abuse.org.
>> MAPS-RSS                        relays.mail-abuse.org.
>>
>> # This next line works for JANET UK Academic sites only
>>
>> MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.
>>
>> # And build a similar list for the RBL domains that work on
>> the name # of the domain rather than the IP address of the
>> exact machine that # is listed. This way the RBL controllers
>> can blacklist entire # domains very quickly and easily.
>> # These aren't used by default, as they slow down MailScanner
>> quite a bit.
>>
>> RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.
>> RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.
>> RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.
>> RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.
>> RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.
>> RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org.
>>
>> # Easynet are closing down, so don't use these any more
>> Easynet-DNSBL                   blackholes.easynet.nl.
>> Easynet-Proxies                 proxies.blackholes.easynet.nl.
>> Easynet-Dynablock               dynablock.easynet.nl.
>>
>> # This list is now dead and must not be used.
>> #OSIRUSOFT-SPEWS                        spews.relays.osirusoft.com.
>>
>> # These folks are still going strong
>> SORBS-DNSBL                     dnsbl.sorbs.net.
>> SORBS-HTTP                      http.dnsbl.sorbs.net.
>> SORBS-SOCKS                     socks.dnsbl.sorbs.net.
>> SORBS-MISC                      misc.dnsbl.sorbs.net.
>> SORBS-SMTP                      smtp.dnsbl.sorbs.net.
>> SORBS-WEB                       web.dnsbl.sorbs.net.
>> SORBS-SPAM                      spam.dnsbl.sorbs.net.
>> SORBS-BLOCK                     block.dnsbl.sorbs.net.
>> SORBS-ZOMBIE                    zombie.dnsbl.sorbs.net.
>> SORBS-DUL                       dul.dnsbl.sorbs.net.
>> SORBS-RHSBL                     rhsbl.sorbs.net.
>> # These next 2 are "Spam Domain List" entries and not "Spam List"s
>> SORBS-BADCONF                   badconf.rhsbl.sorbs.net.
>> SORBS-NOMAIL                    nomail.rhsbl.sorbs.net.
>>
>> # Some other good lists
>>
>> CBL                             cbl.abuseat.org.
>> DSBL                            list.dsbl.org.
>>
>> 2008/7/7 Martin.Hepworth <martinh@solidstatelogic.com>:
>> > Simon
>> >
>> > What RBL's you using? Could be one of them backing up - eg
>> spamhaus tend to slow down their feed if you go over the 'free' limit.
>> >
>> > --
>> > Martin Hepworth
>> > Snr Systems Administrator
>> > Solid State Logic
>> > Tel: +44 (0)1865 842300
>> >
>> >> -----Original Message-----
>> >> From: mailscanner-bounces@lists.mailscanner.info
>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
>> >> Simon Jones
>> >> Sent: 07 July 2008 17:46
>> >> To: MailScanner discussion
>> >> Subject: Re: inconsistent performance
>> >>
>> >> Could be I guess, netstat just shows up the usual mass of smtp
>> >> connections - it's just really odd why it's ok on the most
>> part but
>> >> as soon as somthing triggers a choke they all start
>> backing the queue
>> >> up with messages.
>> >>
>> >> I'll do some more checking around.
>> >>
>> >> thanks Richard
>> >>
>> >> SMJ
>> >>
>> >> 2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
>> >> > Simon Jones wrote:
>> >> >>
>> >> >> hello chaps,
>> >> >>
>> >> >> anyone have an idea why i'm seeing inconsistent
>> >> performance on all 3
>> >> >> of my gateway servers?  Nothing shows up errors in the
>> maillog and
>> >> >> MailScanner --Lint checks out ok but from time to time the
>> >> machines
>> >> >> will choke and i'll stack 2k and rising messages up in the
>> >> hold queue.
>> >> >>
>> >> >> one day they'll work fine and the hold queue will be
>> >> normal, then all
>> >> >> of a sudden they'll start backing up.
>> >> >>
>> >> >> I have postfix reading from mysql for the relay_domains /
>> >> >> relay_recipients and transport maps as well as logging to
>> >> a seperate
>> >> >> db on the same seperate db server for mailwatch.
>> >> >>
>> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty
>> >> beefy and
>> >> >> doesn't seem to be maxed at all.
>> >> >>
>> >> >> the gateways run fairly heavy but are by no means topping
>> >> out.  I've
>> >> >> tried dropping max children and the batch processing
>> >> settings but to
>> >> >> no avail.
>> >> >>
>> >> >> any ideas would be really appreciated.
>> >> >>
>> >> >> thanks
>> >> >>
>> >> >> SMJ
>> >> >>
>> >> >
>> >> > What about mail volume? Is it consistent across the days in
>> >> question?
>> >> > Or, even if the numbers are the same, you might end up
>> with bursty
>> >> > traffic on the days you backup, causing everything to
>> fall behind.
>> >> > Botnets, mailing lists, all of that sort can drop
>> traffic on you in
>> >> > one heck of a hurry at times.
>> >> > --
>> >> > MailScanner mailing list
>> >> > mailscanner@lists.mailscanner.info
>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >
>> >> > Before posting, read http://wiki.mailscanner.info/posting
>> >> >
>> >> > Support MailScanner development - buy the book off the website!
>> >> >
>> >> --
>> >> MailScanner mailing list
>> >> mailscanner@lists.mailscanner.info
>> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >>
>> >> Before posting, read http://wiki.mailscanner.info/posting
>> >>
>> >> Support MailScanner development - buy the book off the website!
>> >>
>> >
>> >
>> >
>> >
>> >
>> **********************************************************************
>> > Confidentiality : This e-mail and any attachments are
>> intended for the
>> > addressee only and may be confidential. If they come to you
>> in error
>> > you must take no action based on them, nor must you copy or
>> show them
>> > to anyone. Please advise the sender by replying to this e-mail
>> > immediately and then delete the original from your computer.
>> > Opinion : Any opinions expressed in this e-mail are
>> entirely those of
>> > the author and unless specifically stated to the contrary, are not
>> > necessarily those of the author's employer.
>> > Security Warning : Internet e-mail is not necessarily a secure
>> > communications medium and can be subject to data
>> corruption. We advise
>> > that you consider this fact when e-mailing us.
>> > Viruses : We have taken steps to ensure that this e-mail and any
>> > attachments are free from known viruses but in keeping with good
>> > computing practice, you should ensure that they are virus free.
>> >
>> > Red Lion 49 Ltd T/A Solid State Logic
>> > Registered as a limited company in England and Wales (Company
>> > No:5362730) Registered Office: 25 Spring Hill Road,
>> Begbroke, Oxford
>> > OX5 1RU, United Kingdom
>> >
>> **********************************************************************
>> >
>> > --
>> > MailScanner mailing list
>> > mailscanner@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From martinh at solidstatelogic.com  Tue Jul  8 09:41:13 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 09:41:32 2008
Subject: inconsistent performance
In-Reply-To: <70572c510807080129s186ee8b9t69eff1866ae6adc1@mail.gmail.com>
Message-ID: <b2ba24fbec0d98488de74e99c20ed7a5@solidstatelogic.com>

Simon

Like I said - if you've not disabled them in /etc/mail/spamassassin/mailscanner.cf ( skip_rbl_checks 1) then you're running them all.

You need to add lines like

score __RCVD_IN_NJABL 0.0

To the above file to turn each one off individually for the ones you don't want

Also in MailScanner.conf check which one's you're running there as well

Spam List =

And

Spam Domain List =



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Simon Jones
> Sent: 08 July 2008 09:30
> To: MailScanner discussion
> Subject: Re: inconsistent performance
>
> mate, where do i find what rbl's spamassassin is checking?  I
> thought they were in spam.lists.conf only
>
> Simon
>
> 2008/7/8 Martin.Hepworth <martinh@solidstatelogic.com>:
> > Simon
> >
> > Not only this but what are you running in MailScanner.conf
> and also spamassassin.
> >
> > If you haven't turned any RBL's off in SA you're more than
> like running them all which could well account for odd
> performance issues.
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> >> Simon Jones
> >> Sent: 07 July 2008 18:13
> >> To: MailScanner discussion
> >> Subject: Re: inconsistent performance
> >>
> >> here's my spam.lists.conf
> >>
> >> # This file translates the names of the spam lists and
> spam domains
> >> lists # into the real DNS domains to search.
> >>
> >> # There is a far more comprehensive list of these at #
> >> http://www.declude.com/JunkMail/Support/ip4r.htm
> >> # and you can easily search them all at www.DNSstuff.com.
> >>
> >> # If you want to search other DNSBL's you will need to define them
> >> here first, # before referring to them by name in mailscanner.conf
> >> (or a rules file).
> >>
> >> spamhaus.org                    sbl.spamhaus.org.
> >> spamhaus-XBL                    xbl.spamhaus.org.
> >> spamhaus-PBL                    pbl.spamhaus.org.
> >> spamhaus-ZEN                    zen.spamhaus.org.
> >> SBL+XBL                         sbl-xbl.spamhaus.org.
> >> spamcop.net                     bl.spamcop.net.
> >> NJABL                           dnsbl.njabl.org.
> >>
> >> # ORDB has been shut down.
> >> # ORDB-RBL                        relays.ordb.org.
> >>
> >> #Infinite-Monkeys               proxies.relays.monkeys.com.
> >> #osirusoft.com                  relays.osirusoft.com.
> >> # These two lists are now dead and must not be used.
> >>
> >> # MAPS now charge for their services, so you'll have to buy a
> >> contract before # attempting to use the next 3 lines.
> >>
> >> MAPS-RBL                        blackholes.mail-abuse.org.
> >> MAPS-DUL                        dialups.mail-abuse.org.
> >> MAPS-RSS                        relays.mail-abuse.org.
> >>
> >> # This next line works for JANET UK Academic sites only
> >>
> >> MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.
> >>
> >> # And build a similar list for the RBL domains that work
> on the name
> >> # of the domain rather than the IP address of the exact
> machine that
> >> # is listed. This way the RBL controllers can blacklist entire #
> >> domains very quickly and easily.
> >> # These aren't used by default, as they slow down
> MailScanner quite a
> >> bit.
> >>
> >> RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.
> >> RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.
> >> RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.
> >> RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.
> >> RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.
> >> RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org.
> >>
> >> # Easynet are closing down, so don't use these any more
> >> Easynet-DNSBL                   blackholes.easynet.nl.
> >> Easynet-Proxies                 proxies.blackholes.easynet.nl.
> >> Easynet-Dynablock               dynablock.easynet.nl.
> >>
> >> # This list is now dead and must not be used.
> >> #OSIRUSOFT-SPEWS                        spews.relays.osirusoft.com.
> >>
> >> # These folks are still going strong
> >> SORBS-DNSBL                     dnsbl.sorbs.net.
> >> SORBS-HTTP                      http.dnsbl.sorbs.net.
> >> SORBS-SOCKS                     socks.dnsbl.sorbs.net.
> >> SORBS-MISC                      misc.dnsbl.sorbs.net.
> >> SORBS-SMTP                      smtp.dnsbl.sorbs.net.
> >> SORBS-WEB                       web.dnsbl.sorbs.net.
> >> SORBS-SPAM                      spam.dnsbl.sorbs.net.
> >> SORBS-BLOCK                     block.dnsbl.sorbs.net.
> >> SORBS-ZOMBIE                    zombie.dnsbl.sorbs.net.
> >> SORBS-DUL                       dul.dnsbl.sorbs.net.
> >> SORBS-RHSBL                     rhsbl.sorbs.net.
> >> # These next 2 are "Spam Domain List" entries and not "Spam List"s
> >> SORBS-BADCONF                   badconf.rhsbl.sorbs.net.
> >> SORBS-NOMAIL                    nomail.rhsbl.sorbs.net.
> >>
> >> # Some other good lists
> >>
> >> CBL                             cbl.abuseat.org.
> >> DSBL                            list.dsbl.org.
> >>
> >> 2008/7/7 Martin.Hepworth <martinh@solidstatelogic.com>:
> >> > Simon
> >> >
> >> > What RBL's you using? Could be one of them backing up - eg
> >> spamhaus tend to slow down their feed if you go over the
> 'free' limit.
> >> >
> >> > --
> >> > Martin Hepworth
> >> > Snr Systems Administrator
> >> > Solid State Logic
> >> > Tel: +44 (0)1865 842300
> >> >
> >> >> -----Original Message-----
> >> >> From: mailscanner-bounces@lists.mailscanner.info
> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On
> Behalf Of
> >> >> Simon Jones
> >> >> Sent: 07 July 2008 17:46
> >> >> To: MailScanner discussion
> >> >> Subject: Re: inconsistent performance
> >> >>
> >> >> Could be I guess, netstat just shows up the usual mass of smtp
> >> >> connections - it's just really odd why it's ok on the most
> >> part but
> >> >> as soon as somthing triggers a choke they all start
> >> backing the queue
> >> >> up with messages.
> >> >>
> >> >> I'll do some more checking around.
> >> >>
> >> >> thanks Richard
> >> >>
> >> >> SMJ
> >> >>
> >> >> 2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
> >> >> > Simon Jones wrote:
> >> >> >>
> >> >> >> hello chaps,
> >> >> >>
> >> >> >> anyone have an idea why i'm seeing inconsistent
> >> >> performance on all 3
> >> >> >> of my gateway servers?  Nothing shows up errors in the
> >> maillog and
> >> >> >> MailScanner --Lint checks out ok but from time to time the
> >> >> machines
> >> >> >> will choke and i'll stack 2k and rising messages up in the
> >> >> hold queue.
> >> >> >>
> >> >> >> one day they'll work fine and the hold queue will be
> >> >> normal, then all
> >> >> >> of a sudden they'll start backing up.
> >> >> >>
> >> >> >> I have postfix reading from mysql for the relay_domains /
> >> >> >> relay_recipients and transport maps as well as logging to
> >> >> a seperate
> >> >> >> db on the same seperate db server for mailwatch.
> >> >> >>
> >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty
> >> >> beefy and
> >> >> >> doesn't seem to be maxed at all.
> >> >> >>
> >> >> >> the gateways run fairly heavy but are by no means topping
> >> >> out.  I've
> >> >> >> tried dropping max children and the batch processing
> >> >> settings but to
> >> >> >> no avail.
> >> >> >>
> >> >> >> any ideas would be really appreciated.
> >> >> >>
> >> >> >> thanks
> >> >> >>
> >> >> >> SMJ
> >> >> >>
> >> >> >
> >> >> > What about mail volume? Is it consistent across the days in
> >> >> question?
> >> >> > Or, even if the numbers are the same, you might end up
> >> with bursty
> >> >> > traffic on the days you backup, causing everything to
> >> fall behind.
> >> >> > Botnets, mailing lists, all of that sort can drop
> >> traffic on you in
> >> >> > one heck of a hurry at times.
> >> >> > --
> >> >> > MailScanner mailing list
> >> >> > mailscanner@lists.mailscanner.info
> >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >> >
> >> >> > Before posting, read http://wiki.mailscanner.info/posting
> >> >> >
> >> >> > Support MailScanner development - buy the book off
> the website!
> >> >> >
> >> >> --
> >> >> MailScanner mailing list
> >> >> mailscanner@lists.mailscanner.info
> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >>
> >> >> Before posting, read http://wiki.mailscanner.info/posting
> >> >>
> >> >> Support MailScanner development - buy the book off the website!
> >> >>
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
> *********************************************************************
> >> *
> >> > Confidentiality : This e-mail and any attachments are
> >> intended for the
> >> > addressee only and may be confidential. If they come to you
> >> in error
> >> > you must take no action based on them, nor must you copy or
> >> show them
> >> > to anyone. Please advise the sender by replying to this e-mail
> >> > immediately and then delete the original from your computer.
> >> > Opinion : Any opinions expressed in this e-mail are
> >> entirely those of
> >> > the author and unless specifically stated to the
> contrary, are not
> >> > necessarily those of the author's employer.
> >> > Security Warning : Internet e-mail is not necessarily a secure
> >> > communications medium and can be subject to data
> >> corruption. We advise
> >> > that you consider this fact when e-mailing us.
> >> > Viruses : We have taken steps to ensure that this e-mail and any
> >> > attachments are free from known viruses but in keeping with good
> >> > computing practice, you should ensure that they are virus free.
> >> >
> >> > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited
> >> > company in England and Wales (Company
> >> > No:5362730) Registered Office: 25 Spring Hill Road,
> >> Begbroke, Oxford
> >> > OX5 1RU, United Kingdom
> >> >
> >>
> *********************************************************************
> >> *
> >> >
> >> > --
> >> > MailScanner mailing list
> >> > mailscanner@lists.mailscanner.info
> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >
> >> > Before posting, read http://wiki.mailscanner.info/posting
> >> >
> >> > Support MailScanner development - buy the book off the website!
> >> >
> >> --
> >> MailScanner mailing list
> >> mailscanner@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >
> >
> >
> >
> >
> **********************************************************************
> > Confidentiality : This e-mail and any attachments are
> intended for the
> > addressee only and may be confidential. If they come to you
> in error
> > you must take no action based on them, nor must you copy or
> show them
> > to anyone. Please advise the sender by replying to this e-mail
> > immediately and then delete the original from your computer.
> > Opinion : Any opinions expressed in this e-mail are
> entirely those of
> > the author and unless specifically stated to the contrary, are not
> > necessarily those of the author's employer.
> > Security Warning : Internet e-mail is not necessarily a secure
> > communications medium and can be subject to data
> corruption. We advise
> > that you consider this fact when e-mailing us.
> > Viruses : We have taken steps to ensure that this e-mail and any
> > attachments are free from known viruses but in keeping with good
> > computing practice, you should ensure that they are virus free.
> >
> > Red Lion 49 Ltd T/A Solid State Logic
> > Registered as a limited company in England and Wales (Company
> > No:5362730) Registered Office: 25 Spring Hill Road,
> Begbroke, Oxford
> > OX5 1RU, United Kingdom
> >
> **********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From list-mailscanner at linguaphone.com  Tue Jul  8 09:26:23 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Tue Jul  8 09:54:24 2008
Subject: Feature request: logical AND in rulesets
Message-ID: <1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>

My setup:
I have MailScanner running on a machine and fetchmail pulls mail down
from a pop3 server and delivers it to postfix and then MailScanner picks
it up and processes it.
I have fetchmail deliver the mail to the servers real IP address and not
the loopback address.

So I can create a ruleset to bypass scannig for mail from 127.0.0.1 and
this enables me to release mesages from quarantine and stops logwatch
reports from being detected as spam or viruses. The problem however is
that if people use webmail it bypasses all checks since webmail calls
sendmail directly and cannot be configured to send to the real IP
address.

What would be perfect would be if I could do something like :-
From:    127.0.0.1 AND root@myserver.mydomain.com    no




From craig at csfs.co.za  Tue Jul  8 09:45:32 2008
From: craig at csfs.co.za (Craig Retief)
Date: Tue Jul  8 10:01:04 2008
Subject: About spam attack
In-Reply-To: <e850166768a7f44995de44ed91b25c34@solidstatelogic.com>
References: <e850166768a7f44995de44ed91b25c34@solidstatelogic.com>
Message-ID: <1215506732.9713.6.camel@cX>


On Tue, 2008-07-08 at 09:14 +0100, Martin.Hepworth wrote:

> Correct
> 
> I suggest you pass you're outgoing via the mailscanner then the watermarking will mark.

I agree with Martin.

I think this will be the best and easiest way to stop the back scatter
emails.

Cheers

Craig

> 
> You can put a rule against the spam scanning etc to not scan email from the mailserver, but at least you'll get the watermarks in there.
> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/e79ea2d7/attachment.html
From fabien.garziano at caliseo.com  Tue Jul  8 10:04:18 2008
From: fabien.garziano at caliseo.com (Fabien GARZIANO)
Date: Tue Jul  8 10:04:49 2008
Subject: Mailscanner / postfix Timeout in the SMTP dialog
Message-ID: <A2E2DF4BA44A5948A3E18F3ACF43797C3E0817@srv01.Caliseo.local>


Hi people !

I think this might not be the right place to ask for this, as it seems
more like a postfix issue. But that's driving me mad.
I got this mail relay : 
Running on
Linux califw3.caliseo.fr 2.6.16-1.2108_FC4 #1 Thu May 4 23:52:01 EDT
2006 i686 i686 i386 GNU/Linux
This is Fedora Core release 4 (Stentz)
This is Perl version 5.008006 (5.8.6)

This is MailScanner version 4.53.8

And postfix 2.2.2

Some time ago, I found that some of the incoming SMTP connections were
interrupted with this kind of message : 
postfix/smtpd[12529]: timeout after DATA from host.domain.ext[x.x.x.x]

And this seems more and more frequent. Some googling drove me to some
MTU or network troubleshoot which didn't solve anything (I've tried to
lower MTU or even to raise it, the server is in a DMZ behind a FW and
next is the ISP router).
I've checked everything outside the mail server (Firewall, network) but
I came to the conclusion that the problem was coming for the server.

Once again, I know this might not be the right place for what I guess is
a pure Postfix issue (as it happens during SMTP exchange), but if anyone
here have experienced the same behaviour, I would be happy to hear about
it.

I also guess I'll have to update the whole server cause it's now quite
old (postfix, MailScanner, etc...).

Thanks.
From J.Ede at birchenallhowden.co.uk  Tue Jul  8 09:59:16 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue Jul  8 10:05:24 2008
Subject: inconsistent performance
In-Reply-To: <b2ba24fbec0d98488de74e99c20ed7a5@solidstatelogic.com>
References: <70572c510807080129s186ee8b9t69eff1866ae6adc1@mail.gmail.com>,
	<b2ba24fbec0d98488de74e99c20ed7a5@solidstatelogic.com>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717B85A0@server02.bhl.local>

Is there an easy way of finding out all the lists that spamassassin uses? I've got most of them still turned on.

The most variation I had across MailScanner servers was before I started using a common bayes in MySQL. I know there are plenty of arguments for and against having a common bayes list, but it seems for me to work best on a common list.

Jason
________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin.Hepworth [martinh@solidstatelogic.com]
Sent: 08 July 2008 09:41
To: MailScanner discussion
Subject: RE: inconsistent performance

Simon

Like I said - if you've not disabled them in /etc/mail/spamassassin/mailscanner.cf ( skip_rbl_checks 1) then you're running them all.

You need to add lines like

score __RCVD_IN_NJABL 0.0

To the above file to turn each one off individually for the ones you don't want

Also in MailScanner.conf check which one's you're running there as well

Spam List =

And

Spam Domain List =



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Simon Jones
> Sent: 08 July 2008 09:30
> To: MailScanner discussion
> Subject: Re: inconsistent performance
>
> mate, where do i find what rbl's spamassassin is checking?  I
> thought they were in spam.lists.conf only
>
> Simon
>
> 2008/7/8 Martin.Hepworth <martinh@solidstatelogic.com>:
> > Simon
> >
> > Not only this but what are you running in MailScanner.conf
> and also spamassassin.
> >
> > If you haven't turned any RBL's off in SA you're more than
> like running them all which could well account for odd
> performance issues.
> >
> > --
> > Martin Hepworth
> > Snr Systems Administrator
> > Solid State Logic
> > Tel: +44 (0)1865 842300
> >
> >> -----Original Message-----
> >> From: mailscanner-bounces@lists.mailscanner.info
> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> >> Simon Jones
> >> Sent: 07 July 2008 18:13
> >> To: MailScanner discussion
> >> Subject: Re: inconsistent performance
> >>
> >> here's my spam.lists.conf
> >>
> >> # This file translates the names of the spam lists and
> spam domains
> >> lists # into the real DNS domains to search.
> >>
> >> # There is a far more comprehensive list of these at #
> >> http://www.declude.com/JunkMail/Support/ip4r.htm
> >> # and you can easily search them all at www.DNSstuff.com.
> >>
> >> # If you want to search other DNSBL's you will need to define them
> >> here first, # before referring to them by name in mailscanner.conf
> >> (or a rules file).
> >>
> >> spamhaus.org                    sbl.spamhaus.org.
> >> spamhaus-XBL                    xbl.spamhaus.org.
> >> spamhaus-PBL                    pbl.spamhaus.org.
> >> spamhaus-ZEN                    zen.spamhaus.org.
> >> SBL+XBL                         sbl-xbl.spamhaus.org.
> >> spamcop.net                     bl.spamcop.net.
> >> NJABL                           dnsbl.njabl.org.
> >>
> >> # ORDB has been shut down.
> >> # ORDB-RBL                        relays.ordb.org.
> >>
> >> #Infinite-Monkeys               proxies.relays.monkeys.com.
> >> #osirusoft.com                  relays.osirusoft.com.
> >> # These two lists are now dead and must not be used.
> >>
> >> # MAPS now charge for their services, so you'll have to buy a
> >> contract before # attempting to use the next 3 lines.
> >>
> >> MAPS-RBL                        blackholes.mail-abuse.org.
> >> MAPS-DUL                        dialups.mail-abuse.org.
> >> MAPS-RSS                        relays.mail-abuse.org.
> >>
> >> # This next line works for JANET UK Academic sites only
> >>
> >> MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.
> >>
> >> # And build a similar list for the RBL domains that work
> on the name
> >> # of the domain rather than the IP address of the exact
> machine that
> >> # is listed. This way the RBL controllers can blacklist entire #
> >> domains very quickly and easily.
> >> # These aren't used by default, as they slow down
> MailScanner quite a
> >> bit.
> >>
> >> RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.
> >> RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.
> >> RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.
> >> RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.
> >> RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.
> >> RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org.
> >>
> >> # Easynet are closing down, so don't use these any more
> >> Easynet-DNSBL                   blackholes.easynet.nl.
> >> Easynet-Proxies                 proxies.blackholes.easynet.nl.
> >> Easynet-Dynablock               dynablock.easynet.nl.
> >>
> >> # This list is now dead and must not be used.
> >> #OSIRUSOFT-SPEWS                        spews.relays.osirusoft.com.
> >>
> >> # These folks are still going strong
> >> SORBS-DNSBL                     dnsbl.sorbs.net.
> >> SORBS-HTTP                      http.dnsbl.sorbs.net.
> >> SORBS-SOCKS                     socks.dnsbl.sorbs.net.
> >> SORBS-MISC                      misc.dnsbl.sorbs.net.
> >> SORBS-SMTP                      smtp.dnsbl.sorbs.net.
> >> SORBS-WEB                       web.dnsbl.sorbs.net.
> >> SORBS-SPAM                      spam.dnsbl.sorbs.net.
> >> SORBS-BLOCK                     block.dnsbl.sorbs.net.
> >> SORBS-ZOMBIE                    zombie.dnsbl.sorbs.net.
> >> SORBS-DUL                       dul.dnsbl.sorbs.net.
> >> SORBS-RHSBL                     rhsbl.sorbs.net.
> >> # These next 2 are "Spam Domain List" entries and not "Spam List"s
> >> SORBS-BADCONF                   badconf.rhsbl.sorbs.net.
> >> SORBS-NOMAIL                    nomail.rhsbl.sorbs.net.
> >>
> >> # Some other good lists
> >>
> >> CBL                             cbl.abuseat.org.
> >> DSBL                            list.dsbl.org.
> >>
> >> 2008/7/7 Martin.Hepworth <martinh@solidstatelogic.com>:
> >> > Simon
> >> >
> >> > What RBL's you using? Could be one of them backing up - eg
> >> spamhaus tend to slow down their feed if you go over the
> 'free' limit.
> >> >
> >> > --
> >> > Martin Hepworth
> >> > Snr Systems Administrator
> >> > Solid State Logic
> >> > Tel: +44 (0)1865 842300
> >> >
> >> >> -----Original Message-----
> >> >> From: mailscanner-bounces@lists.mailscanner.info
> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On
> Behalf Of
> >> >> Simon Jones
> >> >> Sent: 07 July 2008 17:46
> >> >> To: MailScanner discussion
> >> >> Subject: Re: inconsistent performance
> >> >>
> >> >> Could be I guess, netstat just shows up the usual mass of smtp
> >> >> connections - it's just really odd why it's ok on the most
> >> part but
> >> >> as soon as somthing triggers a choke they all start
> >> backing the queue
> >> >> up with messages.
> >> >>
> >> >> I'll do some more checking around.
> >> >>
> >> >> thanks Richard
> >> >>
> >> >> SMJ
> >> >>
> >> >> 2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
> >> >> > Simon Jones wrote:
> >> >> >>
> >> >> >> hello chaps,
> >> >> >>
> >> >> >> anyone have an idea why i'm seeing inconsistent
> >> >> performance on all 3
> >> >> >> of my gateway servers?  Nothing shows up errors in the
> >> maillog and
> >> >> >> MailScanner --Lint checks out ok but from time to time the
> >> >> machines
> >> >> >> will choke and i'll stack 2k and rising messages up in the
> >> >> hold queue.
> >> >> >>
> >> >> >> one day they'll work fine and the hold queue will be
> >> >> normal, then all
> >> >> >> of a sudden they'll start backing up.
> >> >> >>
> >> >> >> I have postfix reading from mysql for the relay_domains /
> >> >> >> relay_recipients and transport maps as well as logging to
> >> >> a seperate
> >> >> >> db on the same seperate db server for mailwatch.
> >> >> >>
> >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty
> >> >> beefy and
> >> >> >> doesn't seem to be maxed at all.
> >> >> >>
> >> >> >> the gateways run fairly heavy but are by no means topping
> >> >> out.  I've
> >> >> >> tried dropping max children and the batch processing
> >> >> settings but to
> >> >> >> no avail.
> >> >> >>
> >> >> >> any ideas would be really appreciated.
> >> >> >>
> >> >> >> thanks
> >> >> >>
> >> >> >> SMJ
> >> >> >>
> >> >> >
> >> >> > What about mail volume? Is it consistent across the days in
> >> >> question?
> >> >> > Or, even if the numbers are the same, you might end up
> >> with bursty
> >> >> > traffic on the days you backup, causing everything to
> >> fall behind.
> >> >> > Botnets, mailing lists, all of that sort can drop
> >> traffic on you in
> >> >> > one heck of a hurry at times.
> >> >> > --
> >> >> > MailScanner mailing list
> >> >> > mailscanner@lists.mailscanner.info
> >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >> >
> >> >> > Before posting, read http://wiki.mailscanner.info/posting
> >> >> >
> >> >> > Support MailScanner development - buy the book off
> the website!
> >> >> >
> >> >> --
> >> >> MailScanner mailing list
> >> >> mailscanner@lists.mailscanner.info
> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >>
> >> >> Before posting, read http://wiki.mailscanner.info/posting
> >> >>
> >> >> Support MailScanner development - buy the book off the website!
> >> >>
> >> >
> >> >
> >> >
> >> >
> >> >
> >>
> *********************************************************************
> >> *
> >> > Confidentiality : This e-mail and any attachments are
> >> intended for the
> >> > addressee only and may be confidential. If they come to you
> >> in error
> >> > you must take no action based on them, nor must you copy or
> >> show them
> >> > to anyone. Please advise the sender by replying to this e-mail
> >> > immediately and then delete the original from your computer.
> >> > Opinion : Any opinions expressed in this e-mail are
> >> entirely those of
> >> > the author and unless specifically stated to the
> contrary, are not
> >> > necessarily those of the author's employer.
> >> > Security Warning : Internet e-mail is not necessarily a secure
> >> > communications medium and can be subject to data
> >> corruption. We advise
> >> > that you consider this fact when e-mailing us.
> >> > Viruses : We have taken steps to ensure that this e-mail and any
> >> > attachments are free from known viruses but in keeping with good
> >> > computing practice, you should ensure that they are virus free.
> >> >
> >> > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited
> >> > company in England and Wales (Company
> >> > No:5362730) Registered Office: 25 Spring Hill Road,
> >> Begbroke, Oxford
> >> > OX5 1RU, United Kingdom
> >> >
> >>
> *********************************************************************
> >> *
> >> >
> >> > --
> >> > MailScanner mailing list
> >> > mailscanner@lists.mailscanner.info
> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >
> >> > Before posting, read http://wiki.mailscanner.info/posting
> >> >
> >> > Support MailScanner development - buy the book off the website!
> >> >
> >> --
> >> MailScanner mailing list
> >> mailscanner@lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >
> >
> >
> >
> >
> **********************************************************************
> > Confidentiality : This e-mail and any attachments are
> intended for the
> > addressee only and may be confidential. If they come to you
> in error
> > you must take no action based on them, nor must you copy or
> show them
> > to anyone. Please advise the sender by replying to this e-mail
> > immediately and then delete the original from your computer.
> > Opinion : Any opinions expressed in this e-mail are
> entirely those of
> > the author and unless specifically stated to the contrary, are not
> > necessarily those of the author's employer.
> > Security Warning : Internet e-mail is not necessarily a secure
> > communications medium and can be subject to data
> corruption. We advise
> > that you consider this fact when e-mailing us.
> > Viruses : We have taken steps to ensure that this e-mail and any
> > attachments are free from known viruses but in keeping with good
> > computing practice, you should ensure that they are virus free.
> >
> > Red Lion 49 Ltd T/A Solid State Logic
> > Registered as a limited company in England and Wales (Company
> > No:5362730) Registered Office: 25 Spring Hill Road,
> Begbroke, Oxford
> > OX5 1RU, United Kingdom
> >
> **********************************************************************
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From martinh at solidstatelogic.com  Tue Jul  8 11:48:34 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 11:48:46 2008
Subject: inconsistent performance
In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717B85A0@server02.bhl.local>
Message-ID: <de97ad3d45474343ad475ca2e456f04e@solidstatelogic.com>

Jason

Yeah have a look in the 20_dnsbl_tests.cf file in /var/lib/spamassassin/<version>/updates_spamassassin_org



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Jason Ede
> Sent: 08 July 2008 09:59
> To: MailScanner discussion
> Subject: RE: inconsistent performance
>
> Is there an easy way of finding out all the lists that
> spamassassin uses? I've got most of them still turned on.
>
> The most variation I had across MailScanner servers was
> before I started using a common bayes in MySQL. I know there
> are plenty of arguments for and against having a common bayes
> list, but it seems for me to work best on a common list.
>
> Jason
> ________________________________________
> From: mailscanner-bounces@lists.mailscanner.info
> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> Martin.Hepworth [martinh@solidstatelogic.com]
> Sent: 08 July 2008 09:41
> To: MailScanner discussion
> Subject: RE: inconsistent performance
>
> Simon
>
> Like I said - if you've not disabled them in
> /etc/mail/spamassassin/mailscanner.cf ( skip_rbl_checks 1)
> then you're running them all.
>
> You need to add lines like
>
> score __RCVD_IN_NJABL 0.0
>
> To the above file to turn each one off individually for the
> ones you don't want
>
> Also in MailScanner.conf check which one's you're running
> there as well
>
> Spam List =
>
> And
>
> Spam Domain List =
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info
> > [mailto:mailscanner-bounces@lists.mailscanner.info] On
> Behalf Of Simon
> > Jones
> > Sent: 08 July 2008 09:30
> > To: MailScanner discussion
> > Subject: Re: inconsistent performance
> >
> > mate, where do i find what rbl's spamassassin is checking?
> I thought
> > they were in spam.lists.conf only
> >
> > Simon
> >
> > 2008/7/8 Martin.Hepworth <martinh@solidstatelogic.com>:
> > > Simon
> > >
> > > Not only this but what are you running in MailScanner.conf
> > and also spamassassin.
> > >
> > > If you haven't turned any RBL's off in SA you're more than
> > like running them all which could well account for odd performance
> > issues.
> > >
> > > --
> > > Martin Hepworth
> > > Snr Systems Administrator
> > > Solid State Logic
> > > Tel: +44 (0)1865 842300
> > >
> > >> -----Original Message-----
> > >> From: mailscanner-bounces@lists.mailscanner.info
> > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
> > >> Simon Jones
> > >> Sent: 07 July 2008 18:13
> > >> To: MailScanner discussion
> > >> Subject: Re: inconsistent performance
> > >>
> > >> here's my spam.lists.conf
> > >>
> > >> # This file translates the names of the spam lists and
> > spam domains
> > >> lists # into the real DNS domains to search.
> > >>
> > >> # There is a far more comprehensive list of these at #
> > >> http://www.declude.com/JunkMail/Support/ip4r.htm
> > >> # and you can easily search them all at www.DNSstuff.com.
> > >>
> > >> # If you want to search other DNSBL's you will need to
> define them
> > >> here first, # before referring to them by name in
> mailscanner.conf
> > >> (or a rules file).
> > >>
> > >> spamhaus.org                    sbl.spamhaus.org.
> > >> spamhaus-XBL                    xbl.spamhaus.org.
> > >> spamhaus-PBL                    pbl.spamhaus.org.
> > >> spamhaus-ZEN                    zen.spamhaus.org.
> > >> SBL+XBL                         sbl-xbl.spamhaus.org.
> > >> spamcop.net                     bl.spamcop.net.
> > >> NJABL                           dnsbl.njabl.org.
> > >>
> > >> # ORDB has been shut down.
> > >> # ORDB-RBL                        relays.ordb.org.
> > >>
> > >> #Infinite-Monkeys               proxies.relays.monkeys.com.
> > >> #osirusoft.com                  relays.osirusoft.com.
> > >> # These two lists are now dead and must not be used.
> > >>
> > >> # MAPS now charge for their services, so you'll have to buy a
> > >> contract before # attempting to use the next 3 lines.
> > >>
> > >> MAPS-RBL                        blackholes.mail-abuse.org.
> > >> MAPS-DUL                        dialups.mail-abuse.org.
> > >> MAPS-RSS                        relays.mail-abuse.org.
> > >>
> > >> # This next line works for JANET UK Academic sites only
> > >>
> > >> MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.
> > >>
> > >> # And build a similar list for the RBL domains that work
> > on the name
> > >> # of the domain rather than the IP address of the exact
> > machine that
> > >> # is listed. This way the RBL controllers can blacklist entire #
> > >> domains very quickly and easily.
> > >> # These aren't used by default, as they slow down
> > MailScanner quite a
> > >> bit.
> > >>
> > >> RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.
> > >> RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.
> > >> RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.
> > >> RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.
> > >> RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.
> > >> RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org.
> > >>
> > >> # Easynet are closing down, so don't use these any more
> > >> Easynet-DNSBL                   blackholes.easynet.nl.
> > >> Easynet-Proxies                 proxies.blackholes.easynet.nl.
> > >> Easynet-Dynablock               dynablock.easynet.nl.
> > >>
> > >> # This list is now dead and must not be used.
> > >> #OSIRUSOFT-SPEWS
> spews.relays.osirusoft.com.
> > >>
> > >> # These folks are still going strong
> > >> SORBS-DNSBL                     dnsbl.sorbs.net.
> > >> SORBS-HTTP                      http.dnsbl.sorbs.net.
> > >> SORBS-SOCKS                     socks.dnsbl.sorbs.net.
> > >> SORBS-MISC                      misc.dnsbl.sorbs.net.
> > >> SORBS-SMTP                      smtp.dnsbl.sorbs.net.
> > >> SORBS-WEB                       web.dnsbl.sorbs.net.
> > >> SORBS-SPAM                      spam.dnsbl.sorbs.net.
> > >> SORBS-BLOCK                     block.dnsbl.sorbs.net.
> > >> SORBS-ZOMBIE                    zombie.dnsbl.sorbs.net.
> > >> SORBS-DUL                       dul.dnsbl.sorbs.net.
> > >> SORBS-RHSBL                     rhsbl.sorbs.net.
> > >> # These next 2 are "Spam Domain List" entries and not
> "Spam List"s
> > >> SORBS-BADCONF                   badconf.rhsbl.sorbs.net.
> > >> SORBS-NOMAIL                    nomail.rhsbl.sorbs.net.
> > >>
> > >> # Some other good lists
> > >>
> > >> CBL                             cbl.abuseat.org.
> > >> DSBL                            list.dsbl.org.
> > >>
> > >> 2008/7/7 Martin.Hepworth <martinh@solidstatelogic.com>:
> > >> > Simon
> > >> >
> > >> > What RBL's you using? Could be one of them backing up - eg
> > >> spamhaus tend to slow down their feed if you go over the
> > 'free' limit.
> > >> >
> > >> > --
> > >> > Martin Hepworth
> > >> > Snr Systems Administrator
> > >> > Solid State Logic
> > >> > Tel: +44 (0)1865 842300
> > >> >
> > >> >> -----Original Message-----
> > >> >> From: mailscanner-bounces@lists.mailscanner.info
> > >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On
> > Behalf Of
> > >> >> Simon Jones
> > >> >> Sent: 07 July 2008 17:46
> > >> >> To: MailScanner discussion
> > >> >> Subject: Re: inconsistent performance
> > >> >>
> > >> >> Could be I guess, netstat just shows up the usual
> mass of smtp
> > >> >> connections - it's just really odd why it's ok on the most
> > >> part but
> > >> >> as soon as somthing triggers a choke they all start
> > >> backing the queue
> > >> >> up with messages.
> > >> >>
> > >> >> I'll do some more checking around.
> > >> >>
> > >> >> thanks Richard
> > >> >>
> > >> >> SMJ
> > >> >>
> > >> >> 2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
> > >> >> > Simon Jones wrote:
> > >> >> >>
> > >> >> >> hello chaps,
> > >> >> >>
> > >> >> >> anyone have an idea why i'm seeing inconsistent
> > >> >> performance on all 3
> > >> >> >> of my gateway servers?  Nothing shows up errors in the
> > >> maillog and
> > >> >> >> MailScanner --Lint checks out ok but from time to time the
> > >> >> machines
> > >> >> >> will choke and i'll stack 2k and rising messages up in the
> > >> >> hold queue.
> > >> >> >>
> > >> >> >> one day they'll work fine and the hold queue will be
> > >> >> normal, then all
> > >> >> >> of a sudden they'll start backing up.
> > >> >> >>
> > >> >> >> I have postfix reading from mysql for the relay_domains /
> > >> >> >> relay_recipients and transport maps as well as logging to
> > >> >> a seperate
> > >> >> >> db on the same seperate db server for mailwatch.
> > >> >> >>
> > >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty
> > >> >> beefy and
> > >> >> >> doesn't seem to be maxed at all.
> > >> >> >>
> > >> >> >> the gateways run fairly heavy but are by no means topping
> > >> >> out.  I've
> > >> >> >> tried dropping max children and the batch processing
> > >> >> settings but to
> > >> >> >> no avail.
> > >> >> >>
> > >> >> >> any ideas would be really appreciated.
> > >> >> >>
> > >> >> >> thanks
> > >> >> >>
> > >> >> >> SMJ
> > >> >> >>
> > >> >> >
> > >> >> > What about mail volume? Is it consistent across the days in
> > >> >> question?
> > >> >> > Or, even if the numbers are the same, you might end up
> > >> with bursty
> > >> >> > traffic on the days you backup, causing everything to
> > >> fall behind.
> > >> >> > Botnets, mailing lists, all of that sort can drop
> > >> traffic on you in
> > >> >> > one heck of a hurry at times.
> > >> >> > --
> > >> >> > MailScanner mailing list
> > >> >> > mailscanner@lists.mailscanner.info
> > >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >> >> >
> > >> >> > Before posting, read http://wiki.mailscanner.info/posting
> > >> >> >
> > >> >> > Support MailScanner development - buy the book off
> > the website!
> > >> >> >
> > >> >> --
> > >> >> MailScanner mailing list
> > >> >> mailscanner@lists.mailscanner.info
> > >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >> >>
> > >> >> Before posting, read http://wiki.mailscanner.info/posting
> > >> >>
> > >> >> Support MailScanner development - buy the book off
> the website!
> > >> >>
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >>
> >
> *********************************************************************
> > >> *
> > >> > Confidentiality : This e-mail and any attachments are
> > >> intended for the
> > >> > addressee only and may be confidential. If they come to you
> > >> in error
> > >> > you must take no action based on them, nor must you copy or
> > >> show them
> > >> > to anyone. Please advise the sender by replying to this e-mail
> > >> > immediately and then delete the original from your computer.
> > >> > Opinion : Any opinions expressed in this e-mail are
> > >> entirely those of
> > >> > the author and unless specifically stated to the
> > contrary, are not
> > >> > necessarily those of the author's employer.
> > >> > Security Warning : Internet e-mail is not necessarily a secure
> > >> > communications medium and can be subject to data
> > >> corruption. We advise
> > >> > that you consider this fact when e-mailing us.
> > >> > Viruses : We have taken steps to ensure that this
> e-mail and any
> > >> > attachments are free from known viruses but in keeping
> with good
> > >> > computing practice, you should ensure that they are virus free.
> > >> >
> > >> > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited
> > >> > company in England and Wales (Company
> > >> > No:5362730) Registered Office: 25 Spring Hill Road,
> > >> Begbroke, Oxford
> > >> > OX5 1RU, United Kingdom
> > >> >
> > >>
> >
> *********************************************************************
> > >> *
> > >> >
> > >> > --
> > >> > MailScanner mailing list
> > >> > mailscanner@lists.mailscanner.info
> > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >> >
> > >> > Before posting, read http://wiki.mailscanner.info/posting
> > >> >
> > >> > Support MailScanner development - buy the book off the website!
> > >> >
> > >> --
> > >> MailScanner mailing list
> > >> mailscanner@lists.mailscanner.info
> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >>
> > >> Before posting, read http://wiki.mailscanner.info/posting
> > >>
> > >> Support MailScanner development - buy the book off the website!
> > >>
> > >
> > >
> > >
> > >
> > >
> >
> **********************************************************************
> > > Confidentiality : This e-mail and any attachments are
> > intended for the
> > > addressee only and may be confidential. If they come to you
> > in error
> > > you must take no action based on them, nor must you copy or
> > show them
> > > to anyone. Please advise the sender by replying to this e-mail
> > > immediately and then delete the original from your computer.
> > > Opinion : Any opinions expressed in this e-mail are
> > entirely those of
> > > the author and unless specifically stated to the
> contrary, are not
> > > necessarily those of the author's employer.
> > > Security Warning : Internet e-mail is not necessarily a secure
> > > communications medium and can be subject to data
> > corruption. We advise
> > > that you consider this fact when e-mailing us.
> > > Viruses : We have taken steps to ensure that this e-mail and any
> > > attachments are free from known viruses but in keeping with good
> > > computing practice, you should ensure that they are virus free.
> > >
> > > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited
> > > company in England and Wales (Company
> > > No:5362730) Registered Office: 25 Spring Hill Road,
> > Begbroke, Oxford
> > > OX5 1RU, United Kingdom
> > >
> >
> **********************************************************************
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner@lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are
> intended for the addressee only and may be confidential. If
> they come to you in error you must take no action based on
> them, nor must you copy or show them to anyone. Please advise
> the sender by replying to this e-mail immediately and then
> delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely
> those of the author and unless specifically stated to the
> contrary, are not necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a
> secure communications medium and can be subject to data
> corruption. We advise that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and
> any attachments are free from known viruses but in keeping
> with good computing practice, you should ensure that they are
> virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales (Company
> No:5362730) Registered Office: 25 Spring Hill Road, Begbroke,
> Oxford OX5 1RU, United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From MailScanner at ecs.soton.ac.uk  Tue Jul  8 12:21:18 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  8 12:22:37 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
Message-ID: <48734DAE.4060209@ecs.soton.ac.uk>



Gareth wrote:
> My setup:
> I have MailScanner running on a machine and fetchmail pulls mail down
> from a pop3 server and delivers it to postfix and then MailScanner picks
> it up and processes it.
> I have fetchmail deliver the mail to the servers real IP address and not
> the loopback address.
>
> So I can create a ruleset to bypass scannig for mail from 127.0.0.1 and
> this enables me to release mesages from quarantine and stops logwatch
> reports from being detected as spam or viruses. The problem however is
> that if people use webmail it bypasses all checks since webmail calls
> sendmail directly and cannot be configured to send to the real IP
> address.
>
> What would be perfect would be if I could do something like :-
> From:    127.0.0.1 AND root@myserver.mydomain.com    no
>   
You just missed a "From" after the "AND". But otherwise you got it right.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue Jul  8 12:26:04 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  8 12:26:40 2008
Subject: [Fwd: [Clamav-announce] announcing ClamAV 0.93.3]
In-Reply-To: <EMEW-k66LN225d23c4ed5e365818bc038e93be81d1c-487279A1.3000003@adventuras.no>
References: <EMEW-k66LN225d23c4ed5e365818bc038e93be81d1c-487279A1.3000003@adventuras.no>
Message-ID: <48734ECC.6090502@ecs.soton.ac.uk>

I have just uploaded a new ClamAV+SpamAssassin package incorporating 0.93.3.

Lars Kristiansen wrote:
> FYI
>
> -------- Opprinnelig melding --------
> Emne: [Clamav-announce] announcing ClamAV 0.93.3
> Dato: Mon, 7 Jul 2008 21:42:35 +0200
> Fra: Luca Gibelli <luca@clamav.net>
> Svar-Til: noreply@clamav.net
> Til: ClamAV Announce <clamav-announce@lists.clamav.net>
> Referanser: <20080707155612.GA28395@adsl.nervous.it>
>
>
> Dear ClamAV users,
>
> This release fixes a problem in handling of .cld files introduced in
> 0.93.2.
>
> -- 
> The ClamAV team (http://www.clamav.net/team)
>
>
> Best regards

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From spamlists at coders.co.uk  Tue Jul  8 13:14:55 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Tue Jul  8 13:15:55 2008
Subject: Run MScanner in a virtualized environment.
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866BE9189B@ITMAIL.town.barnstable.ma.us>
References: <3411CC12BB577F4FAEAC8A694780866BE9189B@ITMAIL.town.barnstable.ma.us>
Message-ID: <48735A3F.7040308@coders.co.uk>

Ghetti, Ron wrote:
> Well I will say that it could be my impementation
> Of clam, I've heard tell that it can be setup as a
> Daemon and that will reduce overhead, however I've no idea how. 
> At the time we went with the defaults.  
> I think this brought the overhead up past the breaking point for us.
>
> Again, I would like to re-enable it if I could find 
> A good resource on how to set it up for my specifics.
>   
Assuming that your are running a RedHat esque linux......

http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:switch_to_rpm_clamd


From weinhold+mailscanner at rccsoftware.de  Tue Jul  8 14:03:26 2008
From: weinhold+mailscanner at rccsoftware.de (Norbert Weinhold)
Date: Tue Jul  8 14:03:50 2008
Subject: Problems using Archiv Mail
Message-ID: <4873659E.3000803@rccsoftware.de>

Hi,

We are using the Archive Mail option with a rules file. The problem is
that emails using CC recipients which are not in this rules file the
email is not processed how we want.

We want as soon as an archive rule matches the TO or CC the specified
action is taken.

Is this a bug? If not how can I make Mailscanner work like we want.


norbert

--
RCC Software GmbH HR: B-104357
Steuernummer: 37/167/21214 USt-ID: DE814784953
Geschaeftsfuehrer: Rene Otto, Mario Scheliga
Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929
Schoenhauser Allee 51, 10437 Berlin

From shuttlebox at gmail.com  Tue Jul  8 14:17:48 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Tue Jul  8 14:17:59 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <48734DAE.4060209@ecs.soton.ac.uk>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
	<48734DAE.4060209@ecs.soton.ac.uk>
Message-ID: <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>

On Tue, Jul 8, 2008 at 1:21 PM, Julian Field
<MailScanner@ecs.soton.ac.uk> wrote:
>> What would be perfect would be if I could do something like :-
>> From:    127.0.0.1 AND root@myserver.mydomain.com    no
>>
>
> You just missed a "From" after the "AND". But otherwise you got it right.

So "from AND  from" is legal? I have never tried it, I have just used
"from AND to".

-- 
EB White  - "Be obscure clearly."
From martinh at solidstatelogic.com  Tue Jul  8 14:20:28 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 14:20:41 2008
Subject: Problems using Archiv Mail
In-Reply-To: <4873659E.3000803@rccsoftware.de>
Message-ID: <bd268adf4a935546a9b03ac866771a77@solidstatelogic.com>

Norbert

Only way you can do this is to split the email into individual recipients otherwise as you can see, mailscanner has no idea what rule to obey.

There's ways to do this in the wiki for exim, sendmail and postfix.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Norbert Weinhold
> Sent: 08 July 2008 14:03
> To: mailscanner@lists.mailscanner.info
> Subject: Problems using Archiv Mail
>
> Hi,
>
> We are using the Archive Mail option with a rules file. The
> problem is that emails using CC recipients which are not in
> this rules file the email is not processed how we want.
>
> We want as soon as an archive rule matches the TO or CC the
> specified action is taken.
>
> Is this a bug? If not how can I make Mailscanner work like we want.
>
>
> norbert
>
> --
> RCC Software GmbH HR: B-104357
> Steuernummer: 37/167/21214 USt-ID: DE814784953
> Geschaeftsfuehrer: Rene Otto, Mario Scheliga
> Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929 Schoenhauser
> Allee 51, 10437 Berlin
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From alex at rtpty.com  Tue Jul  8 14:33:27 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  8 14:33:49 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
	<48734DAE.4060209@ecs.soton.ac.uk>
	<625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
Message-ID: <D75F1E3F-A181-4CD9-8248-A62B393C5352@rtpty.com>

I believe you can go deeper than that, using from and from and from,  
for example.

Sent from my iPhone

On Jul 8, 2008, at 8:17 AM, shuttlebox <shuttlebox@gmail.com> wrote:

> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field
> <MailScanner@ecs.soton.ac.uk> wrote:
>>> What would be perfect would be if I could do something like :-
>>> From:    127.0.0.1 AND root@myserver.mydomain.com    no
>>>
>>
>> You just missed a "From" after the "AND". But otherwise you got it  
>> right.
>
> So "from AND  from" is legal? I have never tried it, I have just used
> "from AND to".
>
> -- 
> EB White  - "Be obscure clearly."
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk  Tue Jul  8 14:37:03 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  8 14:37:46 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <EMEW-k67EN6104aa88aa8e894ec2fa216131b4fe1a4-625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>	<48734DAE.4060209@ecs.soton.ac.uk>
	<EMEW-k67EN6104aa88aa8e894ec2fa216131b4fe1a4-625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
Message-ID: <48736D7F.5060504@ecs.soton.ac.uk>



shuttlebox wrote:
> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field
> <MailScanner@ecs.soton.ac.uk> wrote:
>   
>>> What would be perfect would be if I could do something like :-
>>> From:    127.0.0.1 AND root@myserver.mydomain.com    no
>>>
>>>       
>> You just missed a "From" after the "AND". But otherwise you got it right.
>>     
>
> So "from AND  from" is legal? I have never tried it, I have just used
> "from AND to".
>   
Yes, from and from is quite legal, as they are testing for different 
things (the IP address and the sender's email address).

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From marco.mangione at gmail.com  Tue Jul  8 14:53:26 2008
From: marco.mangione at gmail.com (Marco mangione)
Date: Tue Jul  8 14:53:35 2008
Subject: [M] how can i delete footer?
Message-ID: <beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>

Hello,

how can i delete footer text:

This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean

thanks

Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/1ed3073c/attachment.html
From Ron.Ghetti at town.barnstable.ma.us  Tue Jul  8 14:58:39 2008
From: Ron.Ghetti at town.barnstable.ma.us (Ghetti, Ron)
Date: Tue Jul  8 14:57:47 2008
Subject: Run MScanner in a virtualized environment.
Message-ID: <3411CC12BB577F4FAEAC8A694780866BE9189D@ITMAIL.town.barnstable.ma.us>


Thanks for that Matt,

running postfix & MailScanner on ubuntu  w/400+ users.
I'm not even sure how I ended up with this version,
I think it was based on an article I'd read somewhere...

-Ron


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt
Hampton
Sent: Tuesday, July 08, 2008 8:15 AM
To: MailScanner discussion
Subject: Re: Run MScanner in a virtualized environment.


Ghetti, Ron wrote:
> Well I will say that it could be my impementation
> Of clam, I've heard tell that it can be setup as a
> Daemon and that will reduce overhead, however I've no idea how. 
> At the time we went with the defaults.  
> I think this brought the overhead up past the breaking point for us.
>
> Again, I would like to re-enable it if I could find 
> A good resource on how to set it up for my specifics.
>   
Assuming that your are running a RedHat esque linux......

http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav
:switch_to_rpm_clamd


-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From shuttlebox at gmail.com  Tue Jul  8 15:01:33 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Tue Jul  8 15:01:46 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <D75F1E3F-A181-4CD9-8248-A62B393C5352@rtpty.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
	<48734DAE.4060209@ecs.soton.ac.uk>
	<625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
	<D75F1E3F-A181-4CD9-8248-A62B393C5352@rtpty.com>
Message-ID: <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com>

On Tue, Jul 8, 2008 at 3:33 PM, Alex Neuman <alex@rtpty.com> wrote:
> I believe you can go deeper than that, using from and from and from, for
> example.

No, "and" can only occur once per line according to the docs and it
makes sense since a mail can only come from one server and from one
address. What would the third "from" match?

-- 
George Burns  - "Don't stay in bed, unless you can make money in bed."
From shuttlebox at gmail.com  Tue Jul  8 15:05:37 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Tue Jul  8 15:05:46 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <48736D7F.5060504@ecs.soton.ac.uk>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
	<48734DAE.4060209@ecs.soton.ac.uk>
	<EMEW-k67EN6104aa88aa8e894ec2fa216131b4fe1a4-625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
	<48736D7F.5060504@ecs.soton.ac.uk>
Message-ID: <625385e30807080705n454496dfi54f6684e895acb74@mail.gmail.com>

On Tue, Jul 8, 2008 at 3:37 PM, Julian Field
<MailScanner@ecs.soton.ac.uk> wrote:
> shuttlebox wrote:
>>
>> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field
>> <MailScanner@ecs.soton.ac.uk> wrote:
>>
>>>>
>>>> What would be perfect would be if I could do something like :-
>>>> From:    127.0.0.1 AND root@myserver.mydomain.com    no
>>>>
>>>>
>>>
>>> You just missed a "From" after the "AND". But otherwise you got it right.
>>>
>>
>> So "from AND  from" is legal? I have never tried it, I have just used
>> "from AND to".
>>
>
> Yes, from and from is quite legal, as they are testing for different things
> (the IP address and the sender's email address).

Excellent! I have use for it where I had to exclude mail from an
internal (Microsoft) server from all scanning since its MIME can't be
unpacked. It felt risky to exclude an address from scanning since it
can be faked so easily but now I can add the relay it should come
from. :-)

-- 
Paul Lynde  - "I sang in the choir for years, even though my family
belonged to another church."
From jra at baylink.com  Tue Jul  8 15:06:33 2008
From: jra at baylink.com (Jay R. Ashworth)
Date: Tue Jul  8 15:06:47 2008
Subject: Non-English testers?
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC8C7D56D@city-exch-w3e.cbj.local>
References: <20080707122658.GB19043@cgi.jachomes.com>
	<D1587DCF6294524BAFA2C9944312FCC8C7D56D@city-exch-w3e.cbj.local>
Message-ID: <20080708140633.GB24418@cgi.jachomes.com>

On Mon, Jul 07, 2008 at 10:44:29AM -0800, Kevin Miller wrote:
> > easy to parse.  Right?  I mean, that's what Microsoft has been telling
> > us...
> 
> Yeah.  And I have a nice bridge in Brooklyn that I'll sell you real
> cheap! <g>

Worked for Lake Havasu City, AZ...

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)
From alex at rtpty.com  Tue Jul  8 15:06:46 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  8 15:07:18 2008
Subject: [M] how can i delete footer?
In-Reply-To: <beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>
References: <beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>
Message-ID: <3B204024-B9B2-4D8C-8E73-4207182E73B3@rtpty.com>

Don't add it! ;-)

Look for "sign clean messages" in MailScanner.conf and take it from  
there...

On Jul 8, 2008, at 8:53 AM, Marco mangione wrote:

> Hello,
>
> how can i delete footer text:
>
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean
>
> thanks
>
> Marco
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

From martinh at solidstatelogic.com  Tue Jul  8 15:10:47 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 15:11:00 2008
Subject: [M] how can i delete footer?
In-Reply-To: <beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>
Message-ID: <9391e70b20835b429dc0ceda323fb5c0@solidstatelogic.com>

Marko

This is the "Signature" so in MailScanner.conf

Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt

Change those files or set the two setting to blank - eg

Inline HTML Signature =
Inline Text Signature =
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Marco mangione
> Sent: 08 July 2008 14:53
> To: mailscanner@lists.mailscanner.info
> Subject: [M] how can i delete footer?
>
> Hello,
>
> how can i delete footer text:
>
> This message has been scanned for viruses and dangerous
> content by MailScanner <http://www.mailscanner.info/> , and
> is believed to be clean
>
> thanks
>
> Marco
>
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From ecasarero at gmail.com  Tue Jul  8 15:10:40 2008
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Tue Jul  8 15:11:04 2008
Subject: About spam attack
In-Reply-To: <1215506732.9713.6.camel@cX>
References: <e850166768a7f44995de44ed91b25c34@solidstatelogic.com>
	<1215506732.9713.6.camel@cX>
Message-ID: <7d9b3cf20807080710l71d03355y3e6c3740fccdbba6@mail.gmail.com>

2008/7/8 Craig Retief <craig@csfs.co.za>:
>
> On Tue, 2008-07-08 at 09:14 +0100, Martin.Hepworth wrote:
>
> Correct
>
> I suggest you pass you're outgoing via the mailscanner then the watermarking
> will mark.
>
> I agree with Martin.
>
> I think this will be the best and easiest way to stop the back scatter
> emails.

Or you could use milter-null if youre using sendmail. Use less resources.

>
> Cheers
>
> Craig
>
> You can put a rule against the spam scanning etc to not scan email from the
> mailserver, but at least you'll get the watermarks in there.
>
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
From martinh at solidstatelogic.com  Tue Jul  8 15:11:37 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 15:11:56 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <625385e30807080705n454496dfi54f6684e895acb74@mail.gmail.com>
Message-ID: <6a57f26d3c9b8443bdb38122f6557380@solidstatelogic.com>

Paul

Or use the ip-address for the From part.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of shuttlebox
> Sent: 08 July 2008 15:06
> To: MailScanner discussion
> Subject: Re: Feature request: logical AND in rulesets
>
> On Tue, Jul 8, 2008 at 3:37 PM, Julian Field
> <MailScanner@ecs.soton.ac.uk> wrote:
> > shuttlebox wrote:
> >>
> >> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field
> >> <MailScanner@ecs.soton.ac.uk> wrote:
> >>
> >>>>
> >>>> What would be perfect would be if I could do something like :-
> >>>> From:    127.0.0.1 AND root@myserver.mydomain.com    no
> >>>>
> >>>>
> >>>
> >>> You just missed a "From" after the "AND". But otherwise
> you got it right.
> >>>
> >>
> >> So "from AND  from" is legal? I have never tried it, I
> have just used
> >> "from AND to".
> >>
> >
> > Yes, from and from is quite legal, as they are testing for
> different
> > things (the IP address and the sender's email address).
>
> Excellent! I have use for it where I had to exclude mail from
> an internal (Microsoft) server from all scanning since its
> MIME can't be unpacked. It felt risky to exclude an address
> from scanning since it can be faked so easily but now I can
> add the relay it should come from. :-)
>
> --
> Paul Lynde  - "I sang in the choir for years, even though my
> family belonged to another church."
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From spamlists at coders.co.uk  Tue Jul  8 15:12:01 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Tue Jul  8 15:13:23 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>	<48734DAE.4060209@ecs.soton.ac.uk>	<625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>	<D75F1E3F-A181-4CD9-8248-A62B393C5352@rtpty.com>
	<625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com>
Message-ID: <487375B1.2060500@coders.co.uk>

shuttlebox wrote:
> On Tue, Jul 8, 2008 at 3:33 PM, Alex Neuman <alex@rtpty.com> wrote:
>   
>> I believe you can go deeper than that, using from and from and from, for
>> example.
>>     
>
> No, "and" can only occur once per line according to the docs and it
> makes sense since a mail can only come from one server and from one
> address. What would the third "from" match?
>
>   
 From and from and from makes no sense but

 From <ip> and from <email@address> and to <email@address> does

matt
From MailScanner at ecs.soton.ac.uk  Tue Jul  8 15:12:54 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  8 15:13:25 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <EMEW-k67EbXc3a8ab65786d868a5320f584bdbc1a55-D75F1E3F-A181-4CD9-8248-A62B393C5352@rtpty.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>	<48734DAE.4060209@ecs.soton.ac.uk>	<625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
	<EMEW-k67EbXc3a8ab65786d868a5320f584bdbc1a55-D75F1E3F-A181-4CD9-8248-A62B393C5352@rtpty.com>
Message-ID: <487375E6.9080008@ecs.soton.ac.uk>

I don't :-)

Alex Neuman wrote:
> I believe you can go deeper than that, using from and from and from, 
> for example.
>
> Sent from my iPhone
>
> On Jul 8, 2008, at 8:17 AM, shuttlebox <shuttlebox@gmail.com> wrote:
>
>> On Tue, Jul 8, 2008 at 1:21 PM, Julian Field
>> <MailScanner@ecs.soton.ac.uk> wrote:
>>>> What would be perfect would be if I could do something like :-
>>>> From:    127.0.0.1 AND root@myserver.mydomain.com    no
>>>>
>>>
>>> You just missed a "From" after the "AND". But otherwise you got it 
>>> right.
>>
>> So "from AND  from" is legal? I have never tried it, I have just used
>> "from AND to".
>>
>> -- 
>> EB White  - "Be obscure clearly."
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue Jul  8 15:13:23 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  8 15:14:04 2008
Subject: [M] how can i delete footer?
In-Reply-To: <EMEW-k67Evc8bea844ad4aa0895818780c767b52b14-beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>
References: <EMEW-k67Evc8bea844ad4aa0895818780c767b52b14-beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>
Message-ID: <48737603.6010007@ecs.soton.ac.uk>

Check out the "Sign Clean Messages" configuration setting in 
MailScanner.conf.

Marco mangione wrote:
> Hello,
>
> how can i delete footer text:
>
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean
>
> thanks
>
> Marco

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From marco.mangione at gmail.com  Tue Jul  8 15:15:27 2008
From: marco.mangione at gmail.com (Marco mangione)
Date: Tue Jul  8 15:15:37 2008
Subject: [M] how can i delete footer?
In-Reply-To: <3B204024-B9B2-4D8C-8E73-4207182E73B3@rtpty.com>
References: <beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>
	<3B204024-B9B2-4D8C-8E73-4207182E73B3@rtpty.com>
Message-ID: <beefb8bf0807080715m52c6d54dub75b2838b2c4853a@mail.gmail.com>

ehm yes :) but in standard configuration i have it.. probably i can disable
in mailscanner.conf ?

2008/7/8 Alex Neuman <alex@rtpty.com>:

> Don't add it! ;-)
>
> Look for "sign clean messages" in MailScanner.conf and take it from
> there...
>
>
> On Jul 8, 2008, at 8:53 AM, Marco mangione wrote:
>
>  Hello,
>>
>> how can i delete footer text:
>>
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean
>>
>> thanks
>>
>> Marco
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/cdda49ef/attachment.html
From gmatt at nerc.ac.uk  Tue Jul  8 15:17:35 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Tue Jul  8 15:17:59 2008
Subject: ClamAV 0.93 released
In-Reply-To: <Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk>	<1208464860.2962.75.camel@morticia.pert.com.ar>	<48160C77.5070602@USherbrooke.ca>
	<Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
Message-ID: <487376FF.4050107@nerc.ac.uk>

sorry to revive such an old thread, but...

David Lee wrote:
> Scott Beck has released version 0.22 of Mail::ClamAV in the last few days.
> 
> Could I suggest that some of us with test facilities and with a little
> technical experience try the various combinations of the older and newer
> versions of ClamAV and Mail::ClamAV and verify which combinations work and
> fail?

was this ever confirmed? I think Jules still uses clamavmodule so I'm 
guessing its probably ok, just not seen it confirmed on the list.

thanks

GREG


> 
>  1. Old+old:  We know that the combined earlier versions work.
> 
>  2. New ClamAV + old Mail::ClamAV:  It has been reported that the new
>     ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21).  Could
>     someone provide details of what this breakage is?  Is there a quick
>     recipe to reproduce the problem that ClamAV 0.93 had introduced?
> 
>  3. New + new: Julian's Clam+SA package would ultimately be new+new.  Can
>     we verify that this fixes any previously verified breakage?  Also that
>     it does not seem to introduce any new problems.
> 
>  4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use
>     other sources (not Julian's package).  Can we check what happens with
>     if someone were to upgrade their Mail::ClamAV module but leave the
>     main ClamAV software back on 0.92?  (Probably not too important, but
>     it would be a nice data point to complete the set...)
> 
> Given Julian's sadly enforced absence from work, I'm sure he would
> appreciate it if we can do this tabulation for him.
> 
> 


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From alex at rtpty.com  Tue Jul  8 15:19:35 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  8 15:19:49 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
	<48734DAE.4060209@ecs.soton.ac.uk>
	<625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
	<D75F1E3F-A181-4CD9-8248-A62B393C5352@rtpty.com>
	<625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com>
Message-ID: <CA9963AD-64C0-491F-BF00-BF604AABE17C@rtpty.com>

Destination? Then it would be From and From and To, right? Just  
playing with the notion, that's all...

On Jul 8, 2008, at 9:01 AM, shuttlebox wrote:

> On Tue, Jul 8, 2008 at 3:33 PM, Alex Neuman <alex@rtpty.com> wrote:
>> I believe you can go deeper than that, using from and from and  
>> from, for
>> example.
>
> No, "and" can only occur once per line according to the docs and it
> makes sense since a mail can only come from one server and from one
> address. What would the third "from" match?
>
> -- 
> George Burns  - "Don't stay in bed, unless you can make money in bed."
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

From marco.mangione at gmail.com  Tue Jul  8 15:21:29 2008
From: marco.mangione at gmail.com (Marco mangione)
Date: Tue Jul  8 15:21:38 2008
Subject: [M] how can i delete footer?
In-Reply-To: <9391e70b20835b429dc0ceda323fb5c0@solidstatelogic.com>
References: <beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>
	<9391e70b20835b429dc0ceda323fb5c0@solidstatelogic.com>
Message-ID: <beefb8bf0807080721w52232a81ue0c6c8e711cbf782@mail.gmail.com>

i done that! but after mailscanner restart:

root@filtro1:/# /etc/init.d/mailscanner restart
 * Restarting mail spam/virus scanner
MailScanner
Syntax error(s) in configuration file: at
/usr/share/MailScanner//MailScanner/Config.pm line 1918
Unrecognised keyword "inlinehtmlsignature" at line 1163 at
/usr/share/MailScanner//MailScanner/Config.pm line 1921
Unrecognised keyword "inlinetextsignature" at line 1164 at
/usr/share/MailScanner//MailScanner/Config.pm line 1921
Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at
/usr/share/MailScanner//MailScanner/Config.pm line 1926

[ OK ]




2008/7/8 Martin.Hepworth <martinh@solidstatelogic.com>:

> Marko
>
> This is the "Signature" so in MailScanner.conf
>
> Inline HTML Signature = %report-dir%/inline.sig.html
> Inline Text Signature = %report-dir%/inline.sig.txt
>
> Change those files or set the two setting to blank - eg
>
> Inline HTML Signature =
> Inline Text Signature =
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info
> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> > Of Marco mangione
> > Sent: 08 July 2008 14:53
> > To: mailscanner@lists.mailscanner.info
> > Subject: [M] how can i delete footer?
> >
> > Hello,
> >
> > how can i delete footer text:
> >
> > This message has been scanned for viruses and dangerous
> > content by MailScanner <http://www.mailscanner.info/> , and
> > is believed to be clean
> >
> > thanks
> >
> > Marco
> >
> >
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/1610f69d/attachment.html
From weinhold+mailscanner at rccsoftware.de  Tue Jul  8 15:21:56 2008
From: weinhold+mailscanner at rccsoftware.de (Norbert Weinhold)
Date: Tue Jul  8 15:22:16 2008
Subject: Problems using Archiv Mail
In-Reply-To: <bd268adf4a935546a9b03ac866771a77@solidstatelogic.com>
References: <bd268adf4a935546a9b03ac866771a77@solidstatelogic.com>
Message-ID: <48737804.3050003@rccsoftware.de>

Martin.Hepworth schrieb:
> Norbert
> 
> Only way you can do this is to split the email into individual recipients otherwise as you can see, mailscanner has no idea what rule to obey.
> 
> There's ways to do this in the wiki for exim, sendmail and postfix.

Ok I found it. But I wondering if there is a simpler solution? Because
if an email ist sent to several recipients of the same domain (we have
domain-based rules) mailscanner will just do as designated.


Norbert


--
RCC Software GmbH HR: B-104357
Steuernummer: 37/167/21214 USt-ID: DE814784953
Geschaeftsfuehrer: Rene Otto, Mario Scheliga
Bank: Deutsche Bank, BLZ: 10070024, KTO: 0810929
Schoenhauser Allee 51, 10437 Berlin

From list-mailscanner at linguaphone.com  Tue Jul  8 15:22:29 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Tue Jul  8 15:22:41 2008
Subject: About spam attack
In-Reply-To: <7ADC5C5F17A64174941F6F76C0A84EC5@pc>
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
	<g4isc7$iq6$2@ger.gmane.org><20080707122437.GA19043@cgi.jachomes.com>
	<A9C08832-CEBB-4E92-B6CE-258C96527EC4@nz.lemon-computing.com>
	<8F928109DCEB4E4984F8EF3B3CD84019@pc> <1215499738.9506.1.camel@cX>
	<7ADC5C5F17A64174941F6F76C0A84EC5@pc>
Message-ID: <1215526949.28805.76.camel@gblades-suse.linguaphone-intranet.co.uk>

You could always use the spamassassin VBounce ruleset:-
http://wiki.apache.org/spamassassin/VBounceRuleset

On Tue, 2008-07-08 at 08:10, Ismail OZATAY wrote:
> ? 
> Hi Craig;
>  
> I know Watermark but my mail server and mailscanner gateway are
> running on different servers. My domain's mx records point mailscanner
> gateway then it sends mails to mail server. mail server sends outgoing
> mails itself. so mailscanner can not put watermark tag in outgoing
> mails. so if i enable watermak for this topology it do not work , is
> not it ?
>  
> Thanks
>         ----- Original Message ----- 
>         From: Craig Retief
>         To: MailScanner discussion
>         Sent: Tuesday, July 08, 2008 9:48 AM
>         Subject: Re: About spam attack
>         
>         On Tue, 2008-07-08 at 09:32 +0300, Ismail OZATAY wrote: 
>         > Hi there;
>         > 
>         > I use MailScanner 4.68.8 with SA 3.24. Sometimes spammers attack my 
>         > mailserver with lots of bad mails that include these subjects:
>         > 
>         > Delivery failure.
>         > Undeliverable mail.
>         > failure notice.
>         > 
>         > And also these e-mails have no sender.
>         > 
>         > How can i block them ?
>         Take a look at Jule's watermark feature that is included in
>         the newest MailScanner for Download....
>         
>         Cheers
>         
>         Craig 
>         > Thanks
>         > 
>         > 
>         
>         ______________________________________________________________
>         
>         -- 
>         MailScanner mailing list
>         mailscanner@lists.mailscanner.info
>         http://lists.mailscanner.info/mailman/listinfo/mailscanner
>         
>         Before posting, read http://wiki.mailscanner.info/posting
>         
>         Support MailScanner development - buy the book off the
>         website! 
> 
> 
> ______________________________________________________________________
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From jra at baylink.com  Tue Jul  8 15:24:57 2008
From: jra at baylink.com (Jay R. Ashworth)
Date: Tue Jul  8 15:25:06 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
	<48734DAE.4060209@ecs.soton.ac.uk>
	<625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
Message-ID: <20080708142457.GC24418@cgi.jachomes.com>

On Tue, Jul 08, 2008 at 03:17:48PM +0200, shuttlebox wrote:
> > You just missed a "From" after the "AND". But otherwise you got it right.
> 
> So "from AND  from" is legal? I have never tried it, I have just used
> "from AND to".

It would seem to be contradictory, but if the "From" parser can
independently recognize the different forms of address each time it's
called, then yeah, I can see how it would work.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)
From sandrews at andrewscompanies.com  Tue Jul  8 15:35:16 2008
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Tue Jul  8 15:35:29 2008
Subject: About spam attack
In-Reply-To: <7d9b3cf20807080710l71d03355y3e6c3740fccdbba6@mail.gmail.com>
References: <e850166768a7f44995de44ed91b25c34@solidstatelogic.com><1215506732.9713.6.camel@cX>
	<7d9b3cf20807080710l71d03355y3e6c3740fccdbba6@mail.gmail.com>
Message-ID: <1964AAFBC212F742958F9275BF63DBB07613D6@winchester.andrewscompanies.com>

You would also need to have your outbound mail pass through the
mailscanner box for milter-null, correct?

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo
Casarero
Sent: Tuesday, July 08, 2008 10:11 AM
To: MailScanner discussion
Subject: Re: About spam attack

2008/7/8 Craig Retief <craig@csfs.co.za>:
>
> On Tue, 2008-07-08 at 09:14 +0100, Martin.Hepworth wrote:
>
> Correct
>
> I suggest you pass you're outgoing via the mailscanner then the
watermarking
> will mark.
>
> I agree with Martin.
>
> I think this will be the best and easiest way to stop the back scatter
> emails.

Or you could use milter-null if youre using sendmail. Use less
resources.

>
> Cheers
>
> Craig
>
> You can put a rule against the spam scanning etc to not scan email
from the
> mailserver, but at least you'll get the watermarks in there.
>
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From marco.mangione at gmail.com  Tue Jul  8 15:41:03 2008
From: marco.mangione at gmail.com (Marco mangione)
Date: Tue Jul  8 15:41:12 2008
Subject: [M] how can i delete footer?
In-Reply-To: <48737603.6010007@ecs.soton.ac.uk>
References: <EMEW-k67Evc8bea844ad4aa0895818780c767b52b14-beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>
	<48737603.6010007@ecs.soton.ac.uk>
Message-ID: <beefb8bf0807080741u4ab82c28u583c7605dd8e319@mail.gmail.com>

ok i commented and now it is OK but..

commit ineffective with AutoCommit enabled at
/etc/MailScanner/CustomFunctions/MailWatch.pm line 93

and if i try to receive email the signature are always here.


2008/7/8 Julian Field <MailScanner@ecs.soton.ac.uk>:

> Check out the "Sign Clean Messages" configuration setting in
> MailScanner.conf.
>
> Marco mangione wrote:
>
>> Hello,
>>
>> how can i delete footer text:
>>
>> This message has been scanned for viruses and
>> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
>> believed to be clean
>>
>> thanks
>>
>> Marco
>>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/9c83e86c/attachment.html
From shuttlebox at gmail.com  Tue Jul  8 15:43:50 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Tue Jul  8 15:44:00 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <6a57f26d3c9b8443bdb38122f6557380@solidstatelogic.com>
References: <625385e30807080705n454496dfi54f6684e895acb74@mail.gmail.com>
	<6a57f26d3c9b8443bdb38122f6557380@solidstatelogic.com>
Message-ID: <625385e30807080743k6c00d230h674904addc7e4ab6@mail.gmail.com>

On Tue, Jul 8, 2008 at 4:11 PM, Martin.Hepworth
<martinh@solidstatelogic.com> wrote:
> Paul
>
> Or use the ip-address for the From part.

Paul is the guy who was randomly quoted, my name is Peter. :-)

Since all internal mail from a variety of poorly configured
(Microsoft) systems pass through that relay I can't exclude based on
ip-address. Now that I know that I can use "from and from" I'm good.

-- 
Emo Philips  - "I got some new underwear the other day. Well, new to me."
From john at tradoc.fr  Tue Jul  8 15:48:35 2008
From: john at tradoc.fr (John Wilcock)
Date: Tue Jul  8 15:48:47 2008
Subject: ClamAV 0.93 released
In-Reply-To: <487376FF.4050107@nerc.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk>	<1208464860.2962.75.camel@morticia.pert.com.ar>	<48160C77.5070602@USherbrooke.ca>	<Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
	<487376FF.4050107@nerc.ac.uk>
Message-ID: <48737E43.9010307@tradoc.fr>

Greg Matthews a ?crit :
> sorry to revive such an old thread, but...
> 
> David Lee wrote:
>> Scott Beck has released version 0.22 of Mail::ClamAV in the last few 
>> days.
>>
>> Could I suggest that some of us with test facilities and with a little
>> technical experience try the various combinations of the older and newer
>> versions of ClamAV and Mail::ClamAV and verify which combinations work 
>> and
>> fail?
> 
> was this ever confirmed? I think Jules still uses clamavmodule so I'm 
> guessing its probably ok, just not seen it confirmed on the list.

Mail::ClamAV 0.22 certainly works fine with ClamAV 0.93.x and current 
versions of MailScanner. I'm not sure if anyone ever confirmed whether 
it worked with 0.92, but then again I don't see why you would want to 
run it with an older version.

John.

-- 
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk  Tue Jul  8 16:01:03 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  8 16:01:48 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <EMEW-k67Fgwf4546cdfb80f5a01eaee0acbf0351492-CA9963AD-64C0-491F-BF00-BF604AABE17C@rtpty.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>	<48734DAE.4060209@ecs.soton.ac.uk>	<625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>	<D75F1E3F-A181-4CD9-8248-A62B393C5352@rtpty.com>	<625385e30807080701o3d653344q6b33c169b9d54cec@mail.gmail.com>
	<EMEW-k67Fgwf4546cdfb80f5a01eaee0acbf0351492-CA9963AD-64C0-491F-BF00-BF604AABE17C@rtpty.com>
Message-ID: <4873812F.2010400@ecs.soton.ac.uk>

Just in case you didn't see my earlier post, you can only have 2 
conditions in a rule.

Alex Neuman wrote:
> Destination? Then it would be From and From and To, right? Just 
> playing with the notion, that's all...
>
> On Jul 8, 2008, at 9:01 AM, shuttlebox wrote:
>
>> On Tue, Jul 8, 2008 at 3:33 PM, Alex Neuman <alex@rtpty.com> wrote:
>>> I believe you can go deeper than that, using from and from and from, 
>>> for
>>> example.
>>
>> No, "and" can only occur once per line according to the docs and it
>> makes sense since a mail can only come from one server and from one
>> address. What would the third "from" match?
>>
>> -- 
>> George Burns  - "Don't stay in bed, unless you can make money in bed."
>> -- 
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue Jul  8 16:02:19 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue Jul  8 16:02:58 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <EMEW-k67FuGe7b70020ae09c783377ca59723b9585e-20080708142457.GC24418@cgi.jachomes.com>
References: <EMEW-k679vH02a75e50d96984d5072e6aa0c306e70b-1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>	<48734DAE.4060209@ecs.soton.ac.uk>	<625385e30807080617w481ec1ffhb868ed166269d4ef@mail.gmail.com>
	<EMEW-k67FuGe7b70020ae09c783377ca59723b9585e-20080708142457.GC24418@cgi.jachomes.com>
Message-ID: <4873817B.7040403@ecs.soton.ac.uk>



Jay R. Ashworth wrote:
> On Tue, Jul 08, 2008 at 03:17:48PM +0200, shuttlebox wrote:
>   
>>> You just missed a "From" after the "AND". But otherwise you got it right.
>>>       
>> So "from AND  from" is legal? I have never tried it, I have just used
>> "from AND to".
>>     
>
> It would seem to be contradictory, but if the "From" parser can
> independently recognize the different forms of address each time it's
> called,
Which it can :-)
>  then yeah, I can see how it would work.
>   
So it does :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From martinh at solidstatelogic.com  Tue Jul  8 16:03:15 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 16:03:26 2008
Subject: [M] how can i delete footer?
In-Reply-To: <beefb8bf0807080721w52232a81ue0c6c8e711cbf782@mail.gmail.com>
Message-ID: <bc7038b33911a148b009dd66078ac7ac@solidstatelogic.com>

Marko

Hmm interesting..

What version of MailScanner?

Also what happens if you put the mailScanner.conf back as it was and then just have empty files for the signatures. This should work.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Marco mangione
> Sent: 08 July 2008 15:21
> To: MailScanner discussion
> Subject: Re: [M] how can i delete footer?
>
> i done that! but after mailscanner restart:
>
> root@filtro1:/# /etc/init.d/mailscanner restart
>  * Restarting mail spam/virus scanner MailScanner
>
>
>            Syntax error(s) in configuration file: at
> /usr/share/MailScanner//MailScanner/Config.pm line 1918
> Unrecognised keyword "inlinehtmlsignature" at line 1163 at
> /usr/share/MailScanner//MailScanner/Config.pm line 1921
> Unrecognised keyword "inlinetextsignature" at line 1164 at
> /usr/share/MailScanner//MailScanner/Config.pm line 1921
> Warning: syntax errors in /etc/MailScanner/MailScanner.conf.
> at /usr/share/MailScanner//MailScanner/Config.pm line 1926
>
>
>
>     [ OK ]
>
>
>
>
>
> 2008/7/8 Martin.Hepworth <martinh@solidstatelogic.com>:
>
>
> 	Marko
>
> 	This is the "Signature" so in MailScanner.conf
>
> 	Inline HTML Signature = %report-dir%/inline.sig.html
> 	Inline Text Signature = %report-dir%/inline.sig.txt
>
> 	Change those files or set the two setting to blank - eg
>
> 	Inline HTML Signature =
> 	Inline Text Signature =
> 	--
> 	Martin Hepworth
> 	Snr Systems Administrator
> 	Solid State Logic
> 	Tel: +44 (0)1865 842300
>
>
> 	> -----Original Message-----
> 	> From: mailscanner-bounces@lists.mailscanner.info
> 	> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> 	> Of Marco mangione
> 	> Sent: 08 July 2008 14:53
> 	> To: mailscanner@lists.mailscanner.info
> 	> Subject: [M] how can i delete footer?
> 	>
> 	> Hello,
> 	>
> 	> how can i delete footer text:
> 	>
> 	> This message has been scanned for viruses and dangerous
>
> 	> content by MailScanner <http://www.mailscanner.info/> , and
>
> 	> is believed to be clean
> 	>
> 	> thanks
> 	>
> 	> Marco
> 	>
> 	>
>
>
>
>
>
>
> **********************************************************************
> 	Confidentiality : This e-mail and any attachments are
> intended for the
> 	addressee only and may be confidential. If they come to
> you in error
> 	you must take no action based on them, nor must you
> copy or show them
> 	to anyone. Please advise the sender by replying to this e-mail
> 	immediately and then delete the original from your computer.
> 	Opinion : Any opinions expressed in this e-mail are
> entirely those of
> 	the author and unless specifically stated to the
> contrary, are not
> 	necessarily those of the author's employer.
> 	Security Warning : Internet e-mail is not necessarily a secure
> 	communications medium and can be subject to data
> corruption. We advise
> 	that you consider this fact when e-mailing us.
> 	Viruses : We have taken steps to ensure that this e-mail and any
> 	attachments are free from known viruses but in keeping with good
> 	computing practice, you should ensure that they are virus free.
>
> 	Red Lion 49 Ltd T/A Solid State Logic
> 	Registered as a limited company in England and Wales
> 	(Company No:5362730)
> 	Registered Office: 25 Spring Hill Road, Begbroke,
> Oxford OX5 1RU,
> 	United Kingdom
>
> **********************************************************************
>
>
> 	--
> 	MailScanner mailing list
> 	mailscanner@lists.mailscanner.info
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> 	Before posting, read http://wiki.mailscanner.info/posting
>
> 	Support MailScanner development - buy the book off the website!
>
>
>
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From jonas at vrt.dk  Tue Jul  8 16:03:16 2008
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Tue Jul  8 16:03:30 2008
Subject: ClamAV 0.93 released
In-Reply-To: <487376FF.4050107@nerc.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk>	<1208464860.2962.75.camel@morticia.pert.com.ar>	<48160C77.5070602@USherbrooke.ca>	<Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
	<487376FF.4050107@nerc.ac.uk>
Message-ID: <00b401c8e10b$c02bb980$40832c80$@dk>

I can confirm the module works with the 0.93.1 version of clam and newer
Mailscanner's.

Best regards
Jonas

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Greg
Matthews
Sent: 8. juli 2008 16:18
To: MailScanner discussion
Subject: Re: ClamAV 0.93 released

sorry to revive such an old thread, but...

David Lee wrote:
> Scott Beck has released version 0.22 of Mail::ClamAV in the last few days.
> 
> Could I suggest that some of us with test facilities and with a little
> technical experience try the various combinations of the older and newer
> versions of ClamAV and Mail::ClamAV and verify which combinations work and
> fail?

was this ever confirmed? I think Jules still uses clamavmodule so I'm 
guessing its probably ok, just not seen it confirmed on the list.

thanks
 

From martinh at solidstatelogic.com  Tue Jul  8 16:03:58 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue Jul  8 16:04:09 2008
Subject: [M] how can i delete footer?
In-Reply-To: <beefb8bf0807080741u4ab82c28u583c7605dd8e319@mail.gmail.com>
Message-ID: <857630f34c051945a235e670ff7fa278@solidstatelogic.com>

Marko

Commenting out will just go defaults in another file..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Marco mangione
> Sent: 08 July 2008 15:41
> To: MailScanner discussion
> Subject: Re: [M] how can i delete footer?
>
> ok i commented and now it is OK but..
>
> commit ineffective with AutoCommit enabled at
> /etc/MailScanner/CustomFunctions/MailWatch.pm line 93
>
> and if i try to receive email the signature are always here.
>
>
>
> 2008/7/8 Julian Field <MailScanner@ecs.soton.ac.uk>:
>
>
> 	Check out the "Sign Clean Messages" configuration
> setting in MailScanner.conf.
>
>
> 	Marco mangione wrote:
>
>
> 		Hello,
>
> 		how can i delete footer text:
>
> 		This message has been scanned for viruses and
> 		dangerous content by *MailScanner*
> <http://www.mailscanner.info/>, and is
> 		believed to be clean
>
> 		thanks
>
> 		Marco
>
>
>
> 	Jules
>
> 	--
> 	Julian Field MEng CITP CEng
> 	www.MailScanner.info
> 	Buy the MailScanner book at www.MailScanner.info/store
>
> 	Need help customising MailScanner?
> 	Contact me!
> 	Need help fixing or optimising your systems?
> 	Contact me!
> 	Need help getting you started solving new requirements
> from your boss?
> 	Contact me!
>
> 	PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> 	--
>
> 	This message has been scanned for viruses and
>
> 	dangerous content by MailScanner, and is
> 	believed to be clean.
>
> 	--
>
> 	MailScanner mailing list
> 	mailscanner@lists.mailscanner.info
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> 	Before posting, read http://wiki.mailscanner.info/posting
>
> 	Support MailScanner development - buy the book off the website!
>
>
>
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From Carl.Andrews at crackerbarrel.com  Tue Jul  8 16:16:48 2008
From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455)
Date: Tue Jul  8 16:17:04 2008
Subject: OT: Sendmail(?) Help
Message-ID: <D695CB42A59ABB428898D9FCDDE59132039A06ED@exchange03.CBOCS.com>

I realize this is not MS related but if someone can help or point me in
right direction .... THANKS
 
I have a smtp proxy in the DMZ which passes email to my MS box
(mdaemon2). USERNAME@DOMAIN.com is an external address sending to my
domain. I have been trying to find what defines the "Policy Rejection-
274 -- Sender Quota Exceeded" but without any luck. I found one result
on experts exchange which oddly enough concluded that the message was
not accepted because of a quota policy. Not a great deal of help there.
I have checked my sendmail.cf(mc) and do not see where I have defined
any quotas, but then I honestly do not know what option I am looking for
either.
 
Log extract:
 
Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097:
to=<USERNAME@DOMAIN.com>, delay=00:00:09, xdelay=00:00:01, mailer=esmtp,
pri=120991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0,
stat=Deferred: 450 <USERNAME@DOMAIN.com>: Recipient address rejected:
Policy Rejection- 274 -- Sender Quota Exceeded.
 
Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097:
to=<USERNAME@DOMAIN.com>, delay=00:08:52, xdelay=00:00:01, mailer=esmtp,
pri=210991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0,
stat=Deferred: 450 <USERNAME@DOMAIN.com>: Recipient address rejected:
Policy Rejection- 274 -- Sender Quota Exceeded.

 
 
Thanks!
Carl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/64d88fc0/attachment.html
From Denis.Beauchemin at USherbrooke.ca  Tue Jul  8 16:38:55 2008
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Tue Jul  8 16:39:34 2008
Subject: Mailscanner / postfix Timeout in the SMTP dialog
In-Reply-To: <A2E2DF4BA44A5948A3E18F3ACF43797C3E0817@srv01.Caliseo.local>
References: <A2E2DF4BA44A5948A3E18F3ACF43797C3E0817@srv01.Caliseo.local>
Message-ID: <48738A0F.1040702@USherbrooke.ca>

Fabien GARZIANO a ?crit :
> Hi people !
>
> I think this might not be the right place to ask for this, as it seems
> more like a postfix issue. But that's driving me mad.
> I got this mail relay : 
> Running on
> Linux califw3.caliseo.fr 2.6.16-1.2108_FC4 #1 Thu May 4 23:52:01 EDT
> 2006 i686 i686 i386 GNU/Linux
> This is Fedora Core release 4 (Stentz)
> This is Perl version 5.008006 (5.8.6)
>
> This is MailScanner version 4.53.8
>
> And postfix 2.2.2
>
> Some time ago, I found that some of the incoming SMTP connections were
> interrupted with this kind of message : 
> postfix/smtpd[12529]: timeout after DATA from host.domain.ext[x.x.x.x]
>
> And this seems more and more frequent. Some googling drove me to some
> MTU or network troubleshoot which didn't solve anything (I've tried to
> lower MTU or even to raise it, the server is in a DMZ behind a FW and
> next is the ISP router).
> I've checked everything outside the mail server (Firewall, network) but
> I came to the conclusion that the problem was coming for the server.
>
> Once again, I know this might not be the right place for what I guess is
> a pure Postfix issue (as it happens during SMTP exchange), but if anyone
> here have experienced the same behaviour, I would be happy to hear about
> it.
>
> I also guess I'll have to update the whole server cause it's now quite
> old (postfix, MailScanner, etc...).
>
> Thanks.
>   
Fabien,

I don't know it this applies to you but I had to apply the following 
patch to my kernel setup on RHEL 5 to stop that knid of problems:
tail /etc/sysctl.conf
# Fix for tcp window scaling issue related to broken Internet routers
net.ipv4.tcp_wmem = 4096 16384 131072
net.ipv4.tcp_rmem = 4096 87380 174760

# From S. Freegard fsl.com
# increase Linux autotuning TCP buffer limits
# min, default, and max number of bytes to use
#net.ipv4.tcp_rmem = 4096 87380 16777216
#net.ipv4.tcp_wmem = 4096 65536 16777216

I also included the values Steeve Freegard is using.  You will have to 
restart your server after modifying your sysctl.conf file (or you could 
use the sysctl command to make the changes dynamically).

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


From alex at rtpty.com  Tue Jul  8 16:16:34 2008
From: alex at rtpty.com (Alex Neuman)
Date: Tue Jul  8 16:48:14 2008
Subject: Problems using Archiv Mail
In-Reply-To: <48737804.3050003@rccsoftware.de>
References: <bd268adf4a935546a9b03ac866771a77@solidstatelogic.com>
	<48737804.3050003@rccsoftware.de>
Message-ID: <465B8F0F-757D-48ED-8B7F-90494326C064@rtpty.com>

Not because of the logic involved. If you run it in your head you'll  
see how it's not possible to do it besides splitting every message  
into individual components within the MTA. If what you understood was  
that you need to split them "at the sender", then no, that's not it.  
The idea is that if you configure your MTA in a certain fashion, you  
can have it receive messages that are addressed to multiple people and  
"split them" into individual messages that look just like the original  
but are addressed individually instead of collectively.

On Jul 8, 2008, at 9:21 AM, Norbert Weinhold wrote:

> Ok I found it. But I wondering if there is a simpler solution?

From simonmjones at gmail.com  Tue Jul  8 17:27:35 2008
From: simonmjones at gmail.com (Simon Jones)
Date: Tue Jul  8 17:27:46 2008
Subject: inconsistent performance
In-Reply-To: <b2ba24fbec0d98488de74e99c20ed7a5@solidstatelogic.com>
References: <70572c510807080129s186ee8b9t69eff1866ae6adc1@mail.gmail.com>
	<b2ba24fbec0d98488de74e99c20ed7a5@solidstatelogic.com>
Message-ID: <70572c510807080927m16480382y4e5e5ebf4ab3a9c2@mail.gmail.com>

Hello chaps, thanks to all who offered assistance.

I noticed trouble with DNS lookups with spamassassin 3.2.3 as
documented on ttp://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips
so I upgraded to 3.2.5 which seems to have stopped the lag on the hold
queue.

SMJ

2008/7/8 Martin.Hepworth <martinh@solidstatelogic.com>:
> Simon
>
> Like I said - if you've not disabled them in /etc/mail/spamassassin/mailscanner.cf ( skip_rbl_checks 1) then you're running them all.
>
> You need to add lines like
>
> score __RCVD_IN_NJABL 0.0
>
> To the above file to turn each one off individually for the ones you don't want
>
> Also in MailScanner.conf check which one's you're running there as well
>
> Spam List =
>
> And
>
> Spam Domain List =
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info
>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>> Of Simon Jones
>> Sent: 08 July 2008 09:30
>> To: MailScanner discussion
>> Subject: Re: inconsistent performance
>>
>> mate, where do i find what rbl's spamassassin is checking?  I
>> thought they were in spam.lists.conf only
>>
>> Simon
>>
>> 2008/7/8 Martin.Hepworth <martinh@solidstatelogic.com>:
>> > Simon
>> >
>> > Not only this but what are you running in MailScanner.conf
>> and also spamassassin.
>> >
>> > If you haven't turned any RBL's off in SA you're more than
>> like running them all which could well account for odd
>> performance issues.
>> >
>> > --
>> > Martin Hepworth
>> > Snr Systems Administrator
>> > Solid State Logic
>> > Tel: +44 (0)1865 842300
>> >
>> >> -----Original Message-----
>> >> From: mailscanner-bounces@lists.mailscanner.info
>> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
>> >> Simon Jones
>> >> Sent: 07 July 2008 18:13
>> >> To: MailScanner discussion
>> >> Subject: Re: inconsistent performance
>> >>
>> >> here's my spam.lists.conf
>> >>
>> >> # This file translates the names of the spam lists and
>> spam domains
>> >> lists # into the real DNS domains to search.
>> >>
>> >> # There is a far more comprehensive list of these at #
>> >> http://www.declude.com/JunkMail/Support/ip4r.htm
>> >> # and you can easily search them all at www.DNSstuff.com.
>> >>
>> >> # If you want to search other DNSBL's you will need to define them
>> >> here first, # before referring to them by name in mailscanner.conf
>> >> (or a rules file).
>> >>
>> >> spamhaus.org                    sbl.spamhaus.org.
>> >> spamhaus-XBL                    xbl.spamhaus.org.
>> >> spamhaus-PBL                    pbl.spamhaus.org.
>> >> spamhaus-ZEN                    zen.spamhaus.org.
>> >> SBL+XBL                         sbl-xbl.spamhaus.org.
>> >> spamcop.net                     bl.spamcop.net.
>> >> NJABL                           dnsbl.njabl.org.
>> >>
>> >> # ORDB has been shut down.
>> >> # ORDB-RBL                        relays.ordb.org.
>> >>
>> >> #Infinite-Monkeys               proxies.relays.monkeys.com.
>> >> #osirusoft.com                  relays.osirusoft.com.
>> >> # These two lists are now dead and must not be used.
>> >>
>> >> # MAPS now charge for their services, so you'll have to buy a
>> >> contract before # attempting to use the next 3 lines.
>> >>
>> >> MAPS-RBL                        blackholes.mail-abuse.org.
>> >> MAPS-DUL                        dialups.mail-abuse.org.
>> >> MAPS-RSS                        relays.mail-abuse.org.
>> >>
>> >> # This next line works for JANET UK Academic sites only
>> >>
>> >> MAPS-RBL+                       rbl-plus.mail-abuse.ja.net.
>> >>
>> >> # And build a similar list for the RBL domains that work
>> on the name
>> >> # of the domain rather than the IP address of the exact
>> machine that
>> >> # is listed. This way the RBL controllers can blacklist entire #
>> >> domains very quickly and easily.
>> >> # These aren't used by default, as they slow down
>> MailScanner quite a
>> >> bit.
>> >>
>> >> RFC-IGNORANT-DSN                dsn.rfc-ignorant.org.
>> >> RFC-IGNORANT-POSTMASTER         postmaster.rfc-ignorant.org.
>> >> RFC-IGNORANT-ABUSE              abuse.rfc-ignorant.org.
>> >> RFC-IGNORANT-WHOIS              whois.rfc-ignorant.org.
>> >> RFC-IGNORANT-IPWHOIS            ipwhois.rfc-ignorant.org.
>> >> RFC-IGNORANT-BOGUSMX            bogusmx.rfc-ignorant.org.
>> >>
>> >> # Easynet are closing down, so don't use these any more
>> >> Easynet-DNSBL                   blackholes.easynet.nl.
>> >> Easynet-Proxies                 proxies.blackholes.easynet.nl.
>> >> Easynet-Dynablock               dynablock.easynet.nl.
>> >>
>> >> # This list is now dead and must not be used.
>> >> #OSIRUSOFT-SPEWS                        spews.relays.osirusoft.com.
>> >>
>> >> # These folks are still going strong
>> >> SORBS-DNSBL                     dnsbl.sorbs.net.
>> >> SORBS-HTTP                      http.dnsbl.sorbs.net.
>> >> SORBS-SOCKS                     socks.dnsbl.sorbs.net.
>> >> SORBS-MISC                      misc.dnsbl.sorbs.net.
>> >> SORBS-SMTP                      smtp.dnsbl.sorbs.net.
>> >> SORBS-WEB                       web.dnsbl.sorbs.net.
>> >> SORBS-SPAM                      spam.dnsbl.sorbs.net.
>> >> SORBS-BLOCK                     block.dnsbl.sorbs.net.
>> >> SORBS-ZOMBIE                    zombie.dnsbl.sorbs.net.
>> >> SORBS-DUL                       dul.dnsbl.sorbs.net.
>> >> SORBS-RHSBL                     rhsbl.sorbs.net.
>> >> # These next 2 are "Spam Domain List" entries and not "Spam List"s
>> >> SORBS-BADCONF                   badconf.rhsbl.sorbs.net.
>> >> SORBS-NOMAIL                    nomail.rhsbl.sorbs.net.
>> >>
>> >> # Some other good lists
>> >>
>> >> CBL                             cbl.abuseat.org.
>> >> DSBL                            list.dsbl.org.
>> >>
>> >> 2008/7/7 Martin.Hepworth <martinh@solidstatelogic.com>:
>> >> > Simon
>> >> >
>> >> > What RBL's you using? Could be one of them backing up - eg
>> >> spamhaus tend to slow down their feed if you go over the
>> 'free' limit.
>> >> >
>> >> > --
>> >> > Martin Hepworth
>> >> > Snr Systems Administrator
>> >> > Solid State Logic
>> >> > Tel: +44 (0)1865 842300
>> >> >
>> >> >> -----Original Message-----
>> >> >> From: mailscanner-bounces@lists.mailscanner.info
>> >> >> [mailto:mailscanner-bounces@lists.mailscanner.info] On
>> Behalf Of
>> >> >> Simon Jones
>> >> >> Sent: 07 July 2008 17:46
>> >> >> To: MailScanner discussion
>> >> >> Subject: Re: inconsistent performance
>> >> >>
>> >> >> Could be I guess, netstat just shows up the usual mass of smtp
>> >> >> connections - it's just really odd why it's ok on the most
>> >> part but
>> >> >> as soon as somthing triggers a choke they all start
>> >> backing the queue
>> >> >> up with messages.
>> >> >>
>> >> >> I'll do some more checking around.
>> >> >>
>> >> >> thanks Richard
>> >> >>
>> >> >> SMJ
>> >> >>
>> >> >> 2008/7/7 Richard Frovarp <richard.frovarp@sendit.nodak.edu>:
>> >> >> > Simon Jones wrote:
>> >> >> >>
>> >> >> >> hello chaps,
>> >> >> >>
>> >> >> >> anyone have an idea why i'm seeing inconsistent
>> >> >> performance on all 3
>> >> >> >> of my gateway servers?  Nothing shows up errors in the
>> >> maillog and
>> >> >> >> MailScanner --Lint checks out ok but from time to time the
>> >> >> machines
>> >> >> >> will choke and i'll stack 2k and rising messages up in the
>> >> >> hold queue.
>> >> >> >>
>> >> >> >> one day they'll work fine and the hold queue will be
>> >> >> normal, then all
>> >> >> >> of a sudden they'll start backing up.
>> >> >> >>
>> >> >> >> I have postfix reading from mysql for the relay_domains /
>> >> >> >> relay_recipients and transport maps as well as logging to
>> >> >> a seperate
>> >> >> >> db on the same seperate db server for mailwatch.
>> >> >> >>
>> >> >> >> the mysql db has dual oppy's with 10gb ram so it's pretty
>> >> >> beefy and
>> >> >> >> doesn't seem to be maxed at all.
>> >> >> >>
>> >> >> >> the gateways run fairly heavy but are by no means topping
>> >> >> out.  I've
>> >> >> >> tried dropping max children and the batch processing
>> >> >> settings but to
>> >> >> >> no avail.
>> >> >> >>
>> >> >> >> any ideas would be really appreciated.
>> >> >> >>
>> >> >> >> thanks
>> >> >> >>
>> >> >> >> SMJ
>> >> >> >>
>> >> >> >
>> >> >> > What about mail volume? Is it consistent across the days in
>> >> >> question?
>> >> >> > Or, even if the numbers are the same, you might end up
>> >> with bursty
>> >> >> > traffic on the days you backup, causing everything to
>> >> fall behind.
>> >> >> > Botnets, mailing lists, all of that sort can drop
>> >> traffic on you in
>> >> >> > one heck of a hurry at times.
>> >> >> > --
>> >> >> > MailScanner mailing list
>> >> >> > mailscanner@lists.mailscanner.info
>> >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >> >
>> >> >> > Before posting, read http://wiki.mailscanner.info/posting
>> >> >> >
>> >> >> > Support MailScanner development - buy the book off
>> the website!
>> >> >> >
>> >> >> --
>> >> >> MailScanner mailing list
>> >> >> mailscanner@lists.mailscanner.info
>> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >>
>> >> >> Before posting, read http://wiki.mailscanner.info/posting
>> >> >>
>> >> >> Support MailScanner development - buy the book off the website!
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> *********************************************************************
>> >> *
>> >> > Confidentiality : This e-mail and any attachments are
>> >> intended for the
>> >> > addressee only and may be confidential. If they come to you
>> >> in error
>> >> > you must take no action based on them, nor must you copy or
>> >> show them
>> >> > to anyone. Please advise the sender by replying to this e-mail
>> >> > immediately and then delete the original from your computer.
>> >> > Opinion : Any opinions expressed in this e-mail are
>> >> entirely those of
>> >> > the author and unless specifically stated to the
>> contrary, are not
>> >> > necessarily those of the author's employer.
>> >> > Security Warning : Internet e-mail is not necessarily a secure
>> >> > communications medium and can be subject to data
>> >> corruption. We advise
>> >> > that you consider this fact when e-mailing us.
>> >> > Viruses : We have taken steps to ensure that this e-mail and any
>> >> > attachments are free from known viruses but in keeping with good
>> >> > computing practice, you should ensure that they are virus free.
>> >> >
>> >> > Red Lion 49 Ltd T/A Solid State Logic Registered as a limited
>> >> > company in England and Wales (Company
>> >> > No:5362730) Registered Office: 25 Spring Hill Road,
>> >> Begbroke, Oxford
>> >> > OX5 1RU, United Kingdom
>> >> >
>> >>
>> *********************************************************************
>> >> *
>> >> >
>> >> > --
>> >> > MailScanner mailing list
>> >> > mailscanner@lists.mailscanner.info
>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >
>> >> > Before posting, read http://wiki.mailscanner.info/posting
>> >> >
>> >> > Support MailScanner development - buy the book off the website!
>> >> >
>> >> --
>> >> MailScanner mailing list
>> >> mailscanner@lists.mailscanner.info
>> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >>
>> >> Before posting, read http://wiki.mailscanner.info/posting
>> >>
>> >> Support MailScanner development - buy the book off the website!
>> >>
>> >
>> >
>> >
>> >
>> >
>> **********************************************************************
>> > Confidentiality : This e-mail and any attachments are
>> intended for the
>> > addressee only and may be confidential. If they come to you
>> in error
>> > you must take no action based on them, nor must you copy or
>> show them
>> > to anyone. Please advise the sender by replying to this e-mail
>> > immediately and then delete the original from your computer.
>> > Opinion : Any opinions expressed in this e-mail are
>> entirely those of
>> > the author and unless specifically stated to the contrary, are not
>> > necessarily those of the author's employer.
>> > Security Warning : Internet e-mail is not necessarily a secure
>> > communications medium and can be subject to data
>> corruption. We advise
>> > that you consider this fact when e-mailing us.
>> > Viruses : We have taken steps to ensure that this e-mail and any
>> > attachments are free from known viruses but in keeping with good
>> > computing practice, you should ensure that they are virus free.
>> >
>> > Red Lion 49 Ltd T/A Solid State Logic
>> > Registered as a limited company in England and Wales (Company
>> > No:5362730) Registered Office: 25 Spring Hill Road,
>> Begbroke, Oxford
>> > OX5 1RU, United Kingdom
>> >
>> **********************************************************************
>> >
>> > --
>> > MailScanner mailing list
>> > mailscanner@lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From pal at mssl.ucl.ac.uk  Tue Jul  8 17:39:25 2008
From: pal at mssl.ucl.ac.uk (Paul Lamb)
Date: Tue Jul  8 17:39:36 2008
Subject: Mailscanner is not detecting eicar
Message-ID: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk>

MailScanner version 4.69.9 is not detecting the eicar test "virus".

(This has not worked previously; I downloaded it a couple of weeks ago 
but have only just configured it.)

Eicar is forwarded whether included in the message text

   mail pal < /etc/mail/EICAR-TEST-FILE

or as at attachment
   
   echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal

I have tested with eicar included in the parameter Non-Forging Viruses 
and with it not included.

Please note that MailScanner does detect and quarantine the virus 
W32/MyDoom-O and Sophos sweep does detect eicar

   /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE 
   [snip]
   >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
 
Any suggestions would be appreciated.

Paul Lamb
From peter at farrows.org  Tue Jul  8 18:39:52 2008
From: peter at farrows.org (Peter Farrow)
Date: Tue Jul  8 18:40:13 2008
Subject: OT: Sendmail(?) Help
In-Reply-To: <D695CB42A59ABB428898D9FCDDE59132039A06ED@exchange03.CBOCS.com>
References: <D695CB42A59ABB428898D9FCDDE59132039A06ED@exchange03.CBOCS.com>
Message-ID: <4873A668.6020903@farrows.org>


Andrews Carl 455 wrote:
> I realize this is not MS related but if someone can help or point me 
> in right direction .... THANKS
>  
> I have a smtp proxy in the DMZ which passes email to my MS box 
> (mdaemon2). USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com> is an 
> external address sending to my domain. I have been trying to find what 
> defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but 
> without any luck. I found one result on experts exchange which oddly 
> enough concluded that the message was not accepted because of a quota 
> policy. Not a great deal of help there. I have checked my 
> sendmail.cf(mc) and do not see where I have defined any quotas, but 
> then I honestly do not know what option I am looking for either.
>  
> Log extract:
>  
> Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: 
> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, delay=00:00:09, 
> xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. 
> [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 <USERNAME@DOMAIN.com 
> <mailto:USERNAME@DOMAIN.com>>: Recipient address rejected: Policy 
> Rejection- 274 -- Sender Quota Exceeded.
>  
> Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: 
> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, delay=00:08:52, 
> xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. 
> [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 <USERNAME@DOMAIN.com 
> <mailto:USERNAME@DOMAIN.com>>: Recipient address rejected: Policy 
> Rejection- 274 -- Sender Quota Exceeded.
>  
>  
> Thanks!
> Carl
>
> -- 
> This message has been scanned for viruses and
> dangerous content by the *Inexcom* <http://www.inexcom.co.uk/> system 
> scanner,
> and is believed to be clean.
> Advanced heuristic mail scanning server [-].

Whats in your sendmail mc file?

P.


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/4a4781a7/attachment.html
From peter at farrows.org  Tue Jul  8 18:44:49 2008
From: peter at farrows.org (Peter Farrow)
Date: Tue Jul  8 18:45:08 2008
Subject: OT: Sendmail(?) Help
In-Reply-To: <D695CB42A59ABB428898D9FCDDE59132039A06ED@exchange03.CBOCS.com>
References: <D695CB42A59ABB428898D9FCDDE59132039A06ED@exchange03.CBOCS.com>
Message-ID: <4873A791.1080700@farrows.org>



Andrews Carl 455 wrote:
> I realize this is not MS related but if someone can help or point me 
> in right direction .... THANKS
>  
> I have a smtp proxy in the DMZ which passes email to my MS box 
> (mdaemon2). USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com> is an 
> external address sending to my domain. I have been trying to find what 
> defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but 
> without any luck. I found one result on experts exchange which oddly 
> enough concluded that the message was not accepted because of a quota 
> policy. Not a great deal of help there. I have checked my 
> sendmail.cf(mc) and do not see where I have defined any quotas, but 
> then I honestly do not know what option I am looking for either.
>  
> Log extract:
>  
> Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: 
> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, delay=00:00:09, 
> xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. 
> [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 <USERNAME@DOMAIN.com 
> <mailto:USERNAME@DOMAIN.com>>: Recipient address rejected: Policy 
> Rejection- 274 -- Sender Quota Exceeded.
>  
> Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: 
> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, delay=00:08:52, 
> xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. 
> [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 <USERNAME@DOMAIN.com 
> <mailto:USERNAME@DOMAIN.com>>: Recipient address rejected: Policy 
> Rejection- 274 -- Sender Quota Exceeded.
>  
>  
> Thanks!
> Carl
>
> -- 
> This message has been scanned for viruses and
> dangerous content by the *Inexcom* <http://www.inexcom.co.uk/> system 
> scanner,
> and is believed to be clean.
> Advanced heuristic mail scanning server [-].
Also - what is your local mailer (delivery agent).

P.


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/b12c245d/attachment.html
From steve.freegard at fsl.com  Tue Jul  8 18:50:59 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue Jul  8 18:51:14 2008
Subject: OT: Sendmail(?) Help
In-Reply-To: <D695CB42A59ABB428898D9FCDDE59132039A06ED@exchange03.CBOCS.com>
References: <D695CB42A59ABB428898D9FCDDE59132039A06ED@exchange03.CBOCS.com>
Message-ID: <4873A903.7060609@fsl.com>

Andrews Carl 455 wrote:
> I realize this is not MS related but if someone can help or point me in 
> right direction .... THANKS
>  
> I have a smtp proxy in the DMZ which passes email to my MS box 
> (mdaemon2). USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com> is an 
> external address sending to my domain. I have been trying to find what 
> defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but without 
> any luck. I found one result on experts exchange which oddly enough 
> concluded that the message was not accepted because of a quota policy. 
> Not a great deal of help there. I have checked my sendmail.cf(mc) and do 
> not see where I have defined any quotas, but then I honestly do not know 
> what option I am looking for either.
>  
> Log extract:
>  
> Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: 
> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, delay=00:00:09, 
> xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com. 
> [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 <USERNAME@DOMAIN.com 
> <mailto:USERNAME@DOMAIN.com>>: Recipient address rejected: Policy 
> Rejection- 274 -- Sender Quota Exceeded.
>  
> Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: 
> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, delay=00:08:52, 
> xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com. 
> [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 <USERNAME@DOMAIN.com 
> <mailto:USERNAME@DOMAIN.com>>: Recipient address rejected: Policy 
> Rejection- 274 -- Sender Quota Exceeded.
>  

Nothing wrong with your sendmail.  The "Recipient address rejected: 
Policy Rejection- 274 -- Sender Quota Exceeded" tempfail is coming from 
65.182.102.90 when Sendmail is attempting to deliver the message.

Maybe you've messed up your mailertable - is DOMAIN.com mail 
(obfuscating the domain really doesn't help on a list like this) 
supposed to go to 65.182.102.90?  Or should it have been delivered locally?

Regards,
Steve.
From steve.freegard at fsl.com  Tue Jul  8 18:59:28 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue Jul  8 18:59:56 2008
Subject: Mailscanner is not detecting eicar
In-Reply-To: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk>
References: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk>
Message-ID: <4873AB00.4070709@fsl.com>

Paul Lamb wrote:
> MailScanner version 4.69.9 is not detecting the eicar test "virus".
> 
> (This has not worked previously; I downloaded it a couple of weeks ago 
> but have only just configured it.)
> 
> Eicar is forwarded whether included in the message text
> 
>    mail pal < /etc/mail/EICAR-TEST-FILE
> 
> or as at attachment
>    
>    echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal
> 
> I have tested with eicar included in the parameter Non-Forging Viruses 
> and with it not included.
> 
> Please note that MailScanner does detect and quarantine the virus 
> W32/MyDoom-O and Sophos sweep does detect eicar
> 
>    /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE 
>    [snip]
>    >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
>  
> Any suggestions would be appreciated.

I'm not really sure when you say 'MailScanner' doesn't detect it; 
MailScanner is not a virus scanner itself - it runs external virus 
scanners and reports the results.

The EICAR attachment you created will get detected as text/plain by the 
filetype checks (as it isn't an executable).  If you name it .com/.exe 
etc. then the filename checks will trigger.  MailScanner doesn't 
specifically look for the EICAR sting.

So what you are seeing isn't a problem.

Kind regards,
Steve
From pal at mssl.ucl.ac.uk  Tue Jul  8 19:20:17 2008
From: pal at mssl.ucl.ac.uk (Paul Lamb)
Date: Tue Jul  8 19:20:30 2008
Subject: Mailscanner is not detecting eicar (Paul Lamb)
Message-ID: <200807081820.m68IKHRS790849@alpha2.mssl.ucl.ac.uk>

From pal at mssl.ucl.ac.uk  Tue Jul  8 19:20:37 2008
From: pal at mssl.ucl.ac.uk (Paul Lamb)
Date: Tue Jul  8 19:20:47 2008
Subject: Mailscanner is not detecting eicar (Paul Lamb)
Message-ID: <200807081820.m68IKbWF789943@alpha2.mssl.ucl.ac.uk>

Steve Freegard wrote:

>Paul Lamb wrote:
>> MailScanner version 4.69.9 is not detecting the eicar test "virus".
>> 
>> (This has not worked previously; I downloaded it a couple of weeks ago 
>> but have only just configured it.)
>> 
>> Eicar is forwarded whether included in the message text
>> 
>>    mail pal < /etc/mail/EICAR-TEST-FILE
>> 
>> or as at attachment
>>    
>>    echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal
>> 
>> I have tested with eicar included in the parameter Non-Forging Viruses 
>> and with it not included.
>> 
>> Please note that MailScanner does detect and quarantine the virus 
>> W32/MyDoom-O and Sophos sweep does detect eicar
>> 
>>    /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE 
>>    [snip]
>>    >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
>>  
>> Any suggestions would be appreciated.
>
>I'm not really sure when you say 'MailScanner' doesn't detect it; 
>MailScanner is not a virus scanner itself - it runs external virus 
>scanners and reports the results.
>
>The EICAR attachment you created will get detected as text/plain by the 
>filetype checks (as it isn't an executable).  If you name it .com/.exe 
>etc. then the filename checks will trigger.  MailScanner doesn't 
>specifically look for the EICAR sting.
>
>So what you are seeing isn't a problem.
>
>Kind regards,
>Steve


Steve, 

My first sentence was imprecise but I do have a problem.

The system has the Sophos sweep AV software installed.

Sweep _does_ detect EICAR.

When MailScanner invokes sweep, sweep does _not_ detect EICAR or. if it
does, this is not correctly handled by MailScanner. (However, 
MailScanner + sweep _does_ detect at least one real virus.)

Regards,
Paul
From gregg at mochabomb.com  Tue Jul  8 20:14:18 2008
From: gregg at mochabomb.com (Gregg Lain)
Date: Tue Jul  8 20:16:38 2008
Subject: Run MScanner in a virtualized environment.
In-Reply-To: <3411CC12BB577F4FAEAC8A694780866BE9189D@ITMAIL.town.barnstable.ma.us>
References: <3411CC12BB577F4FAEAC8A694780866BE9189D@ITMAIL.town.barnstable.ma.us>
Message-ID: <4873BC8A.6050700@mochabomb.com>

I have used it on various 200-1GB RAM all-in one CentOS Xen guests 
(Apache/MySQL/PHP/dns/email XEN VPS) on AMD 2.4GHz/software RAID for 
months - set the time for 60+sec, 1 child for the minimal configs, 
better for the higher configs - lag is at most around a minute.

Obviously for the lower configs performance/speediness was not an issue.

Running clam 0.92..

Gregg

Ghetti, Ron wrote:
> Thanks for that Matt,
> 
> running postfix & MailScanner on ubuntu  w/400+ users.
> I'm not even sure how I ended up with this version,
> I think it was based on an article I'd read somewhere...
> 
> -Ron
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt
> Hampton
> Sent: Tuesday, July 08, 2008 8:15 AM
> To: MailScanner discussion
> Subject: Re: Run MScanner in a virtualized environment.
> 
> 
> Ghetti, Ron wrote:
>> Well I will say that it could be my impementation
>> Of clam, I've heard tell that it can be setup as a
>> Daemon and that will reduce overhead, however I've no idea how. 
>> At the time we went with the defaults.  
>> I think this brought the overhead up past the breaking point for us.
>>
>> Again, I would like to re-enable it if I could find 
>> A good resource on how to set it up for my specifics.
>>   
> Assuming that your are running a RedHat esque linux......
> 
> http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav
> :switch_to_rpm_clamd
> 
> 
From Carl.Andrews at crackerbarrel.com  Tue Jul  8 21:03:06 2008
From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455)
Date: Tue Jul  8 21:03:18 2008
Subject: OT: Sendmail(?) Help
In-Reply-To: <4873A668.6020903@farrows.org>
Message-ID: <D695CB42A59ABB428898D9FCDDE59132039A0711@exchange03.CBOCS.com>


sendmail.mc (with comments removed - lines beginning with 'dnl' or '#')

define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.13.5. 2006-08-14 08:49:38 cowboy Exp
$') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl 
include(`/etc/mail/tls/starttls.m4')dnl
undefine(`confHOST_STATUS_DIRECTORY')dnl 
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=0.0.0.0')dnl
DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission,
Addr=0.0.0.0')dnl define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobo
dyreturn,authwarnings')dnl
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl 
FEATURE(`greet_pause', `10000')dnl 10 seconds 
FEATURE(`delay_checks', `friend', `n')dnl 
define(`confBAD_RCPT_THROTTLE',`3')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl 
FEATURE(`ratecontrol', `nodelay', `terminate')dnl 
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl


________________________________

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter
Farrow
Sent: Tuesday, July 08, 2008 12:40 PM
To: MailScanner discussion
Subject: Re: OT: Sendmail(?) Help



Andrews Carl 455 wrote: 

	I realize this is not MS related but if someone can help or
point me in right direction .... THANKS
	 
	I have a smtp proxy in the DMZ which passes email to my MS box
(mdaemon2). USERNAME@DOMAIN.com is an external address sending to my
domain. I have been trying to find what defines the "Policy Rejection-
274 -- Sender Quota Exceeded" but without any luck. I found one result
on experts exchange which oddly enough concluded that the message was
not accepted because of a quota policy. Not a great deal of help there.
I have checked my sendmail.cf(mc) and do not see where I have defined
any quotas, but then I honestly do not know what option I am looking for
either.
	 
	Log extract:
	 
	Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097:
to=<USERNAME@DOMAIN.com>, delay=00:00:09, xdelay=00:00:01, mailer=esmtp,
pri=120991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0,
stat=Deferred: 450 <USERNAME@DOMAIN.com>: Recipient address rejected:
Policy Rejection- 274 -- Sender Quota Exceeded.
	 
	Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097:
to=<USERNAME@DOMAIN.com>, delay=00:08:52, xdelay=00:00:01, mailer=esmtp,
pri=210991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0,
stat=Deferred: 450 <USERNAME@DOMAIN.com>: Recipient address rejected:
Policy Rejection- 274 -- Sender Quota Exceeded.
	
	 
	 
	Thanks!
	Carl

	-- 
	This message has been scanned for viruses and 
	dangerous content by the Inexcom <http://www.inexcom.co.uk/>
system scanner, 
	and is believed to be clean. 
	Advanced heuristic mail scanning server [-].


Whats in your sendmail mc file?

P.


-- 
This message has been scanned for viruses and 
dangerous content by the Inexcom <http://www.inexcom.co.uk/>  system
scanner, 
and is believed to be clean. 
Advanced heuristic mail scanning server [-]. 
From Carl.Andrews at crackerbarrel.com  Tue Jul  8 21:10:44 2008
From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455)
Date: Tue Jul  8 21:10:55 2008
Subject: OT: Sendmail(?) Help
In-Reply-To: <4873A791.1080700@farrows.org>
Message-ID: <D695CB42A59ABB428898D9FCDDE59132039A0712@exchange03.CBOCS.com>

Ashamed to say, I do not know. sendmail.mc just lists
"MILER(`local')dnl". procmail is installed but I have no idea ...?
 
Nothing is delivered locally, this is just a gateway to the exchange
server.

________________________________

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter
Farrow
Sent: Tuesday, July 08, 2008 12:45 PM
To: MailScanner discussion
Subject: Re: OT: Sendmail(?) Help




Andrews Carl 455 wrote: 

	I realize this is not MS related but if someone can help or
point me in right direction .... THANKS
	 
	I have a smtp proxy in the DMZ which passes email to my MS box
(mdaemon2). USERNAME@DOMAIN.com is an external address sending to my
domain. I have been trying to find what defines the "Policy Rejection-
274 -- Sender Quota Exceeded" but without any luck. I found one result
on experts exchange which oddly enough concluded that the message was
not accepted because of a quota policy. Not a great deal of help there.
I have checked my sendmail.cf(mc) and do not see where I have defined
any quotas, but then I honestly do not know what option I am looking for
either.
	 
	Log extract:
	 
	Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097:
to=<USERNAME@DOMAIN.com>, delay=00:00:09, xdelay=00:00:01, mailer=esmtp,
pri=120991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0,
stat=Deferred: 450 <USERNAME@DOMAIN.com>: Recipient address rejected:
Policy Rejection- 274 -- Sender Quota Exceeded.
	 
	Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097:
to=<USERNAME@DOMAIN.com>, delay=00:08:52, xdelay=00:00:01, mailer=esmtp,
pri=210991, relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0,
stat=Deferred: 450 <USERNAME@DOMAIN.com>: Recipient address rejected:
Policy Rejection- 274 -- Sender Quota Exceeded.
	
	 
	 
	Thanks!
	Carl

	-- 
	This message has been scanned for viruses and 
	dangerous content by the Inexcom <http://www.inexcom.co.uk/>
system scanner, 
	and is believed to be clean. 
	Advanced heuristic mail scanning server [-].

Also - what is your local mailer (delivery agent).

P.


-- 
This message has been scanned for viruses and 
dangerous content by the Inexcom <http://www.inexcom.co.uk/>  system
scanner, 
and is believed to be clean. 
Advanced heuristic mail scanning server [-]. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/5787555e/attachment.html
From Carl.Andrews at crackerbarrel.com  Tue Jul  8 21:21:32 2008
From: Carl.Andrews at crackerbarrel.com (Andrews Carl 455)
Date: Tue Jul  8 21:21:51 2008
Subject: OT: Sendmail(?) Help
In-Reply-To: <4873A903.7060609@fsl.com>
Message-ID: <D695CB42A59ABB428898D9FCDDE59132039A0713@exchange03.CBOCS.com>

USERNAME@DOMAIN.com is  mrobbins@synergyconsultingteam.com and account
and domain external to ours - crackerbarrel.com.  As we have incoming
email separated from outgoing email I assumed (yeah I know) that this
was a very odd incoming message. I completely missed the to=... This
message is MS reporting to mrobbins that an attachment in their message
was not accepted. I thought this was my server reporting the "quota
limit" but as you said it is not. I was not expecting an outgoing
message on this server so I got confused.

Thanks!
Carl
-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve
Freegard
Sent: Tuesday, July 08, 2008 12:51 PM
To: MailScanner discussion
Subject: Re: OT: Sendmail(?) Help

Andrews Carl 455 wrote:
> I realize this is not MS related but if someone can help or point me 
> in right direction .... THANKS
>  
> I have a smtp proxy in the DMZ which passes email to my MS box 
> (mdaemon2). USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com> is an 
> external address sending to my domain. I have been trying to find what

> defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but 
> without any luck. I found one result on experts exchange which oddly 
> enough concluded that the message was not accepted because of a quota
policy.
> Not a great deal of help there. I have checked my sendmail.cf(mc) and 
> do not see where I have defined any quotas, but then I honestly do not

> know what option I am looking for either.
>  
> Log extract:
>  
> Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: 
> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, delay=00:00:09,

> xdelay=00:00:01, mailer=esmtp, pri=120991, relay=mail.DOMAIN.com.
> [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 <USERNAME@DOMAIN.com
> <mailto:USERNAME@DOMAIN.com>>: Recipient address rejected: Policy
> Rejection- 274 -- Sender Quota Exceeded.
>  
> Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: 
> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, delay=00:08:52,

> xdelay=00:00:01, mailer=esmtp, pri=210991, relay=mail.DOMAIN.com.
> [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 <USERNAME@DOMAIN.com
> <mailto:USERNAME@DOMAIN.com>>: Recipient address rejected: Policy
> Rejection- 274 -- Sender Quota Exceeded.
>  

Nothing wrong with your sendmail.  The "Recipient address rejected: 
Policy Rejection- 274 -- Sender Quota Exceeded" tempfail is coming from
65.182.102.90 when Sendmail is attempting to deliver the message.

Maybe you've messed up your mailertable - is DOMAIN.com mail
(obfuscating the domain really doesn't help on a list like this)
supposed to go to 65.182.102.90?  Or should it have been delivered
locally?

Regards,
Steve.
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From peter at farrows.org  Tue Jul  8 21:23:13 2008
From: peter at farrows.org (Peter Farrow)
Date: Tue Jul  8 21:23:34 2008
Subject: OT: Sendmail(?) Help
In-Reply-To: <D695CB42A59ABB428898D9FCDDE59132039A0712@exchange03.CBOCS.com>
References: <D695CB42A59ABB428898D9FCDDE59132039A0712@exchange03.CBOCS.com>
Message-ID: <4873CCB1.4050403@farrows.org>


Andrews Carl 455 wrote:
> Ashamed to say, I do not know. sendmail.mc just lists 
> "MILER(`local')dnl". procmail is installed but I have no idea ...?
>  
> Nothing is delivered locally, this is just a gateway to the exchange 
> server.
>
> ------------------------------------------------------------------------
> *From:* mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of 
> *Peter Farrow
> *Sent:* Tuesday, July 08, 2008 12:45 PM
> *To:* MailScanner discussion
> *Subject:* Re: OT: Sendmail(?) Help
>
>
>
> Andrews Carl 455 wrote:
>> I realize this is not MS related but if someone can help or point me 
>> in right direction .... THANKS
>>  
>> I have a smtp proxy in the DMZ which passes email to my MS box 
>> (mdaemon2). USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com> is an 
>> external address sending to my domain. I have been trying to find 
>> what defines the "Policy Rejection- 274 -- Sender Quota Exceeded" but 
>> without any luck. I found one result on experts exchange which oddly 
>> enough concluded that the message was not accepted because of a quota 
>> policy. Not a great deal of help there. I have checked my 
>> sendmail.cf(mc) and do not see where I have defined any quotas, but 
>> then I honestly do not know what option I am looking for either.
>>  
>> Log extract:
>>  
>> Jul 8 08:22:35 mdaemon2 sendmail[29122]: m68DMPE8029097: 
>> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, 
>> delay=00:00:09, xdelay=00:00:01, mailer=esmtp, pri=120991, 
>> relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 
>> <USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>: Recipient address 
>> rejected: Policy Rejection- 274 -- Sender Quota Exceeded.
>>  
>> Jul 8 08:31:18 mdaemon2 sm-que[30789]: m68DMPE8029097: 
>> to=<USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>, 
>> delay=00:08:52, xdelay=00:00:01, mailer=esmtp, pri=210991, 
>> relay=mail.DOMAIN.com. [65.182.102.90], dsn=4.2.0, stat=Deferred: 450 
>> <USERNAME@DOMAIN.com <mailto:USERNAME@DOMAIN.com>>: Recipient address 
>> rejected: Policy Rejection- 274 -- Sender Quota Exceeded.
>>  
>>  
>> Thanks!
>> Carl
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by the *Inexcom* <http://www.inexcom.co.uk/> system 
>> scanner,
>> and is believed to be clean.
>> Advanced heuristic mail scanning server [-].
> Also - what is your local mailer (delivery agent).
>
> P.
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by the *Inexcom* <http://www.inexcom.co.uk/> system 
> scanner,
> and is believed to be clean.
> Advanced heuristic mail scanning server [-].
> -- 
> This message has been scanned for viruses and
> dangerous content by the *Inexcom* <http://www.inexcom.co.uk/> system 
> scanner,
> and is believed to be clean.
> Advanced heuristic mail scanning server [-]. 

Ok,

then its the downstream relay that is 450 deferring the message, the 
problem is probably on that server as I think has been mentioned.

You should telnet to port 25 on the downstream machine from your 
mailscanner box, and type through the smtp process, to see exactly the 
returned error, as follows:

telnet 65.182.102.90 25
(wait for greeting)

helo <yourhostname here>
(wait for response)
mail from:<your email address here>
(wait for response)
rcpt to:<destination email valid on the downstream box>
(wait for response)
data
(enter data with a '.' on line by itself to end)

Its unlikely that you will get all the way to the end, before the 
downstream box comes back with the rejection, this will prove its the 
downstream box, here is an example:

[root@mail ~]# *telnet lionel.farrows.org 25*
Trying 212.21.120.10...
Connected to lionel.farrows.org (212.21.120.10).
Escape character is '^]'.
220 lionel.farrows.org ESMTP Sendmail 8.13.1/8.13.1; Tue, 8 Jul 2008 
21:19:30 +0100
*helo mail.skeltongroup.com*
250 lionel.farrows.org Hello mail.skeltongroup.com [212.46.155.18], 
pleased to meet you
*mail from:administrator@skeltongroup.com*
250 2.1.0 administrator@skeltongroup.com... Sender ok
*rcpt to:peter@farrows.org*
250 2.1.5 peter@farrows.org... Recipient ok
*data*
354 Enter mail, end with "." on a line by itself
*test
.*
250 2.0.0 m68KJUCO027572 Message accepted for delivery

The stuff I typed is in bold...I receive an email from 
administrator@skeltongroup.com with the word "test" in the body....

Pete



-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/7ebd42a1/attachment.html
From ssilva at sgvwater.com  Wed Jul  9 00:28:34 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul  9 00:29:12 2008
Subject: [M] how can i delete footer?
In-Reply-To: <beefb8bf0807080715m52c6d54dub75b2838b2c4853a@mail.gmail.com>
References: <beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>	<3B204024-B9B2-4D8C-8E73-4207182E73B3@rtpty.com>
	<beefb8bf0807080715m52c6d54dub75b2838b2c4853a@mail.gmail.com>
Message-ID: <g50t79$9hu$1@ger.gmane.org>

on 7-8-2008 7:15 AM Marco mangione spake the following:
> ehm yes :) but in standard configuration i have it.. probably i can 
> disable in mailscanner.conf ?
>
The "standard" configuration is just a set that should work out of the box for 
99% of the people installing MailScanner. You are free to customize it as much 
as you want.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/72740551/signature.bin
From ssilva at sgvwater.com  Wed Jul  9 00:35:16 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul  9 00:35:51 2008
Subject: [M] how can i delete footer?
In-Reply-To: <beefb8bf0807080721w52232a81ue0c6c8e711cbf782@mail.gmail.com>
References: <beefb8bf0807080653o56c682cdn33f815a58447ba43@mail.gmail.com>	<9391e70b20835b429dc0ceda323fb5c0@solidstatelogic.com>
	<beefb8bf0807080721w52232a81ue0c6c8e711cbf782@mail.gmail.com>
Message-ID: <g50tjt$ckr$1@ger.gmane.org>

on 7-8-2008 7:21 AM Marco mangione spake the following:
> i done that! but after mailscanner restart:
> 
> root@filtro1:/# /etc/init.d/mailscanner restart
>  * Restarting mail spam/virus scanner 
> MailScanner                                                                                                                                                    
> Syntax error(s) in configuration file: at 
> /usr/share/MailScanner//MailScanner/Config.pm line 1918
> Unrecognised keyword "inlinehtmlsignature" at line 1163 at 
> /usr/share/MailScanner//MailScanner/Config.pm line 1921
> Unrecognised keyword "inlinetextsignature" at line 1164 at 
> /usr/share/MailScanner//MailScanner/Config.pm line 1921
> Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at 
> /usr/share/MailScanner//MailScanner/Config.pm line 1926
>                                                                                                                                                                                               
> [ OK ]
Did you have blank entries, or comment out the entries with a #?

Inline HTML Signature =
Inline Text Signature =

is valid but

#Inline HTML Signature =
#Inline Text Signature =
probably isn't

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/122341e2/signature.bin
From ssilva at sgvwater.com  Wed Jul  9 00:43:25 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul  9 00:43:55 2008
Subject: Mailscanner is not detecting eicar (Paul Lamb)
In-Reply-To: <200807081820.m68IKbWF789943@alpha2.mssl.ucl.ac.uk>
References: <200807081820.m68IKbWF789943@alpha2.mssl.ucl.ac.uk>
Message-ID: <g50u36$ckr$2@ger.gmane.org>

on 7-8-2008 11:20 AM Paul Lamb spake the following:
> Steve Freegard wrote:
> 
>> Paul Lamb wrote:
>>> MailScanner version 4.69.9 is not detecting the eicar test "virus".
>>>
>>> (This has not worked previously; I downloaded it a couple of weeks ago 
>>> but have only just configured it.)
>>>
>>> Eicar is forwarded whether included in the message text
>>>
>>>    mail pal < /etc/mail/EICAR-TEST-FILE
>>>
>>> or as at attachment
>>>    
>>>    echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal
>>>
>>> I have tested with eicar included in the parameter Non-Forging Viruses 
>>> and with it not included.
>>>
>>> Please note that MailScanner does detect and quarantine the virus 
>>> W32/MyDoom-O and Sophos sweep does detect eicar
>>>
>>>    /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE 
>>>    [snip]
>>>    >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
>>>  
>>> Any suggestions would be appreciated.
>> I'm not really sure when you say 'MailScanner' doesn't detect it; 
>> MailScanner is not a virus scanner itself - it runs external virus 
>> scanners and reports the results.
>>
>> The EICAR attachment you created will get detected as text/plain by the 
>> filetype checks (as it isn't an executable).  If you name it .com/.exe 
>> etc. then the filename checks will trigger.  MailScanner doesn't 
>> specifically look for the EICAR sting.
>>
>> So what you are seeing isn't a problem.
>>
>> Kind regards,
>> Steve
> 
> 
> Steve, 
> 
> My first sentence was imprecise but I do have a problem.
> 
> The system has the Sophos sweep AV software installed.
> 
> Sweep _does_ detect EICAR.
> 
> When MailScanner invokes sweep, sweep does _not_ detect EICAR or. if it
> does, this is not correctly handled by MailScanner. (However, 
> MailScanner + sweep _does_ detect at least one real virus.)
> 
> Regards,
> Paul
I would install clamav as a backup until you get this sorted out. If it is not 
hitting on eicar, it might miss some other virus. While you are working on the 
problem, who knows what might get through.

Just my 2c, which is more than clamav will cost you!




-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080708/3b4c0551/signature.bin
From indunil75 at gmail.com  Wed Jul  9 06:02:29 2008
From: indunil75 at gmail.com (Indunil Jayasooriya)
Date: Wed Jul  9 06:02:54 2008
Subject: unwanted mails in the queue
Message-ID: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com>

Dear ALL,

I am running MailScanner with Postfix. I have a lot of mails in the
queue. sender is mailer-daemon. Destination varies.  How does it
happen?

has it become an openrelay?

Could you pls let me know what causes such problems.

How to slove this ?








-- 
Thank you
Indunil Jayasooriya
From ram at netcore.co.in  Wed Jul  9 07:33:28 2008
From: ram at netcore.co.in (ram)
Date: Wed Jul  9 07:34:08 2008
Subject: unwanted mails in the queue
In-Reply-To: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com>
References: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com>
Message-ID: <1215585208.25204.33.camel@localhost.localdomain>





On Wed, 2008-07-09 at 10:32 +0530, Indunil Jayasooriya wrote:
> Dear ALL,
> 
> I am running MailScanner with Postfix. I have a lot of mails in the
> queue. sender is mailer-daemon. Destination varies.  How does it
> happen?
> 
> has it become an openrelay?
> 
> Could you pls let me know what causes such problems.

If you are a mail admin , you should atleast be able to say if the mails
in queue are legitimate
Look up your mailserver ips on blacklists, Read the mails you suspect in
queue ( postcat -q ) , Check for open relays. 

It may also be that someones mail account in your organization is
compromised, just check.

Thanks
Ram




From ms-list at alexb.ch  Wed Jul  9 07:46:10 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Wed Jul  9 07:46:21 2008
Subject: Watch it: Multiple DNS implementations vulnerable to cache poisoning
Message-ID: <48745EB2.8050404@alexb.ch>

Multiple DNS implementations vulnerable to cache poisoning

http://www.kb.cert.org/vuls/id/800113

Centos 4.x and 5.x provide udates

yum update bind

happy updating...

Alex



From gmatt at nerc.ac.uk  Wed Jul  9 08:57:56 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Wed Jul  9 08:58:20 2008
Subject: About spam attack
In-Reply-To: <1964AAFBC212F742958F9275BF63DBB07613D6@winchester.andrewscompanies.com>
References: <e850166768a7f44995de44ed91b25c34@solidstatelogic.com><1215506732.9713.6.camel@cX>	<7d9b3cf20807080710l71d03355y3e6c3740fccdbba6@mail.gmail.com>
	<1964AAFBC212F742958F9275BF63DBB07613D6@winchester.andrewscompanies.com>
Message-ID: <48746F84.1050509@nerc.ac.uk>

Steven Andrews wrote:
> You would also need to have your outbound mail pass through the
> mailscanner box for milter-null, correct?

not entirely - you need outbound mail to pass through an MTA with 
milter-null configured with the same secret.

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From gmatt at nerc.ac.uk  Wed Jul  9 08:59:46 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Wed Jul  9 09:00:11 2008
Subject: ClamAV 0.93 released
In-Reply-To: <00b401c8e10b$c02bb980$40832c80$@dk>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk>	<1208464860.2962.75.camel@morticia.pert.com.ar>	<48160C77.5070602@USherbrooke.ca>	<Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>	<487376FF.4050107@nerc.ac.uk>
	<00b401c8e10b$c02bb980$40832c80$@dk>
Message-ID: <48746FF2.8020909@nerc.ac.uk>

Jonas Akrouh Larsen wrote:
> I can confirm the module works with the 0.93.1 version of clam and newer
> Mailscanner's.

great - thanks guys.

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From martinh at solidstatelogic.com  Wed Jul  9 09:06:33 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed Jul  9 09:06:45 2008
Subject: unwanted mails in the queue
In-Reply-To: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com>
Message-ID: <48da73f322e7b040a85d0447190cf75e@solidstatelogic.com>

Hi

Check they aren't undeliverable 'bounces' from people / challenge response type stuff.

Check you aren't accepting all incoming recipients reguardless of if they are valid or not.

Look at the optimizsation tips section of the wiki.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Indunil Jayasooriya
> Sent: 09 July 2008 06:02
> To: MailScanner discussion
> Subject: unwanted mails in the queue
>
> Dear ALL,
>
> I am running MailScanner with Postfix. I have a lot of mails
> in the queue. sender is mailer-daemon. Destination varies.
> How does it happen?
>
> has it become an openrelay?
>
> Could you pls let me know what causes such problems.
>
> How to slove this ?
>
>
>
>
>
>
>
>
> --
> Thank you
> Indunil Jayasooriya
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From Sylvain.Phaneuf at imsu.ox.ac.uk  Wed Jul  9 10:03:48 2008
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Wed Jul  9 10:04:05 2008
Subject: filename checks = wrong filename report
In-Reply-To: <48709609.9050202@ecs.soton.ac.uk>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>
	<48709609.9050202@ecs.soton.ac.uk>
Message-ID: <48748D04.FEA8.00EB.0@imsu.ox.ac.uk>

Hi all,

I have been alerted by a user that we're blocking attachments that they feel should be allowed through. Basically we want to block  attachments with multiple extensions, and this works as designed. However, sometimes the report generated by MailScanner appears to contain the  wrong file name, which in this case clearly has a single, perfectly acceptable extension. 

Our maillog shows this:
----------------------------
Jul  4 09:25:56 mailscn1 MailScanner[30927]: Filename Checks:  (m648PtwN031886 CNU0701SF00084(Sent200807041022)2.mail.pdf)
Jul  4 09:25:56 mailscn1 MailScanner[30927]: Other Checks: Found 1 problems
Jul  4 09:25:56 mailscn1 MailScanner[30927]: Virus Scanning completed at 237901 bytes per second
Jul  4 09:25:56 mailscn1 MailScanner[30927]: Saved entire message to /var/spool/MailScanner/quarantine/20080704/m648PtwN031886
Jul  4 09:25:56 mailscn1 MailScanner[30927]: Saved infected "CNU0701SF00084.pdf" to  /var/spool/MailScanner/quarantine/20080704/m648PtwN031886
Jul  4 09:25:56 mailscn1 MailScanner[30927]: Cleaned: Delivered 1 cleaned messages
----------------------------

which is exactly what we want. 

The mime message shows this:
----------------------------
Content-Type: application/pdf;
        name="CNU0701SF00084(Sent200807041022)2.mail.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename="CNU0701SF00084(Sent200807041022)2.mail.pdf"
----------------------------


But the user gets this in the report that is produced:
----------------------------
Warning: This message has had one or more attachments removed: CNU0701SF00084.pdf

The original e-mail attachment "CNU0701SF00084.pdf"
is on the list of unacceptable attachments and has been
replaced by this warning message by the IMSU MailScanner 
E-Mail Protection Service. 

On Fri Jul  4 09:25:55 2008 the virus scanner said:
   Found possible filename hiding (CNU0701SF00084.pdf)
----------------------------

So my question is why is there a discrepancy between the filename reported by MailScanner to the user and that in maillog?

I looked at the MailScanner archives and something similar was reported last November, but the issue could not be reproduced  apparently. 
-----
from	Rose, Bobby <brose@med.xxx>
date	Sat, Nov 10, 2007 at 3:37 PM
subject	Mailscanner filename check and report
-----

I could sent you the message if it can help diagnose the problem. The pdf contains personal information, so  it is not appropriate to  post it here...

Regards,

Sylvain


Our system:

MailScanner -v
Running on
Linux mailscn1 2.6.16.21-0.13-smp #1 SMP Mon Jul 17 17:22:44 UTC 2006 i686 i686 i386 GNU/Linux
This is SUSE LINUX 10.1 (i586)
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.70.6
Module versions are:
... 
removed
...  I will add this if you think it can help - I hate long messages...   (!!!)

-- 

============================================
Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323
Information Management Services Unit - Medical Sciences Division 
Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk 
Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322
Oxford, OX3 9DU,   UK
============================================ 

From james at gray.net.au  Wed Jul  9 10:11:49 2008
From: james at gray.net.au (James Gray)
Date: Wed Jul  9 10:12:02 2008
Subject: Feature request: logical AND in rulesets
In-Reply-To: <1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
References: <1215505583.28803.33.camel@gblades-suse.linguaphone-intranet.co.uk>
Message-ID: <EBA74ED2-5A77-4CDD-98A2-C01F5E0F8A57@gray.net.au>


On 08/07/2008, at 6:26 PM, Gareth wrote:

> My setup:
> I have MailScanner running on a machine and fetchmail pulls mail down
> from a pop3 server and delivers it to postfix and then MailScanner  
> picks
> it up and processes it.
> I have fetchmail deliver the mail to the servers real IP address and  
> not
> the loopback address.
>
> So I can create a ruleset to bypass scannig for mail from 127.0.0.1  
> and
> this enables me to release mesages from quarantine and stops logwatch
> reports from being detected as spam or viruses. The problem however is
> that if people use webmail it bypasses all checks since webmail calls
> sendmail directly and cannot be configured to send to the real IP
> address.
>
> What would be perfect would be if I could do something like :-
> From:    127.0.0.1 AND root@myserver.mydomain.com    no

Erm, it's already there....here's a snippet from my WORKING rules:

From:  127.0.1.1  AND  From: root@myserver.mydomain no

HTH,

James
From shuttlebox at gmail.com  Wed Jul  9 10:26:48 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Wed Jul  9 10:26:57 2008
Subject: filename checks = wrong filename report
In-Reply-To: <48748D04.FEA8.00EB.0@imsu.ox.ac.uk>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>
	<48709609.9050202@ecs.soton.ac.uk>
	<48748D04.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>

On Wed, Jul 9, 2008 at 11:03 AM, Sylvain Phaneuf
<Sylvain.Phaneuf@imsu.ox.ac.uk> wrote:
> But the user gets this in the report that is produced:
> ----------------------------
> Warning: This message has had one or more attachments removed: CNU0701SF00084.pdf

The filename in the report is the sanitized version. I've had the same
problem explaining to users that the original filename was longer than
150 characters when the reported one is clearly shorter. I just added
a few explaining words to the reports to solve the problem.

-- 
Emo Philips  - "I got some new underwear the other day. Well, new to me."
From peter at farrows.org  Wed Jul  9 10:31:22 2008
From: peter at farrows.org (Peter Farrow)
Date: Wed Jul  9 10:31:46 2008
Subject: Watch it: Multiple DNS implementations vulnerable to cache
	poisoning
In-Reply-To: <48745EB2.8050404@alexb.ch>
References: <48745EB2.8050404@alexb.ch>
Message-ID: <4874856A.5000605@farrows.org>




Alex Broens wrote:
> Multiple DNS implementations vulnerable to cache poisoning
>
> http://www.kb.cert.org/vuls/id/800113
>
> Centos 4.x and 5.x provide udates
>
> yum update bind
>
> happy updating...
>
> Alex
>
>
>
thanks Alex!

Pete

-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From Sylvain.Phaneuf at imsu.ox.ac.uk  Wed Jul  9 10:43:12 2008
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Wed Jul  9 10:43:28 2008
Subject: filename checks = wrong filename report
In-Reply-To: <625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>
	<48709609.9050202@ecs.soton.ac.uk> <48748D04.FEA8.00EB.0@imsu.ox.ac.uk>
	<625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>
Message-ID: <4874963F.FEA8.00EB.0@imsu.ox.ac.uk>

>>> On 09/07/2008 at 10:26, shuttlebox <shuttlebox@gmail.com> wrote:
> The filename in the report is the sanitized version. I've had the same
> problem explaining to users that the original filename was longer than
> 150 characters when the reported one is clearly shorter. I just added
> a few explaining words to the reports to solve the problem.

I would rather have a report that is not using a "sanitized version" if it were possible. 

I would prefer not saying to the user: trust us, we know this attachment is not good for you, even if the filename appears OK. 

And in the case I am reporting, the filename is less than 150 characters long anyway...

Sylvain

From pedro.hoffmann at gmail.com  Wed Jul  9 14:54:08 2008
From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus)
Date: Wed Jul  9 14:54:45 2008
Subject: Phishing Links
In-Reply-To: <A9C08832-CEBB-4E92-B6CE-258C96527EC4@nz.lemon-computing.com>
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
	<g4isc7$iq6$2@ger.gmane.org> <20080707122437.GA19043@cgi.jachomes.com>
	<A9C08832-CEBB-4E92-B6CE-258C96527EC4@nz.lemon-computing.com>
Message-ID: <21be6cae0807090654w7a65c0c3nc6a9e73f1426b23a@mail.gmail.com>

If it removes some important link I can't do nothing. My client should go
after the link with the contact.
I don't think is the best ideia to remove the links, but my client want.

Is there a way to do that?

(stupied people click on the links with the message or not, can

2008/7/7 Nick Phillips <nwp@nz.lemon-computing.com>:

> On 8/07/2008, at 12:24 AM, Jay R. Ashworth wrote:
>
>>
>> Indeed; this is a topic the RISKS Digest covers fairly often: lots of
>> legitimate organizations sub out their emailing, to companies that
>> aren't smart enough to not make legit emails *look* like phishes.
>>
>
> Or indeed who *are* smart enough to realise that we care about this more
> than they do, which allows them to shit all over their own doorstep and have
> us clean up the mess :-(
>
> In other words, block the buggers and they might think about stopping.
>
>
> Cheers,
>
>
> Nick
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/926df655/attachment.html
From pedro.hoffmann at gmail.com  Wed Jul  9 14:54:36 2008
From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus)
Date: Wed Jul  9 14:54:46 2008
Subject: Phishing Links
In-Reply-To: <21be6cae0807090654w7a65c0c3nc6a9e73f1426b23a@mail.gmail.com>
References: <21be6cae0807030658m7b348d6che60b999ef7d2497@mail.gmail.com>
	<g4isc7$iq6$2@ger.gmane.org> <20080707122437.GA19043@cgi.jachomes.com>
	<A9C08832-CEBB-4E92-B6CE-258C96527EC4@nz.lemon-computing.com>
	<21be6cae0807090654w7a65c0c3nc6a9e73f1426b23a@mail.gmail.com>
Message-ID: <21be6cae0807090654u64412345s89c3061ada8b3a59@mail.gmail.com>

If it removes some important link I can't do nothing. My client should go
after the link with the contact.
I don't think is the best ideia to remove the links, but my client want.

Is there a way to do that?

(stupied people click on the links with the message or not, cant do much
about it, just remove the links)


> 2008/7/7 Nick Phillips <nwp@nz.lemon-computing.com>:
>
> On 8/07/2008, at 12:24 AM, Jay R. Ashworth wrote:
>>
>>>
>>> Indeed; this is a topic the RISKS Digest covers fairly often: lots of
>>> legitimate organizations sub out their emailing, to companies that
>>> aren't smart enough to not make legit emails *look* like phishes.
>>>
>>
>> Or indeed who *are* smart enough to realise that we care about this more
>> than they do, which allows them to shit all over their own doorstep and have
>> us clean up the mess :-(
>>
>> In other words, block the buggers and they might think about stopping.
>>
>>
>> Cheers,
>>
>>
>> Nick
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/fc2736a7/attachment.html
From gordon at itnt.co.za  Wed Jul  9 15:42:33 2008
From: gordon at itnt.co.za (Gordon Colyn)
Date: Wed Jul  9 15:43:09 2008
Subject: Sendmail/mailscanner intermittent problem with sendmail
	acceptingmessages but not being handed to mailscanner
References: <C838BD3BF2974C9E9AE046FE901CC01F@gordon>
Message-ID: <CA6FB0F084A94E0BB2E895B80D3FB4D1@gordon>

Hi,

Is anyone experiencing problems where mail is just disappearing.  We get the 
initial mail coming in but then it seems to just disappear...
Jul  9 16:00:30 mx01 sendmail[25610]: m69DxOSG025610: 
from=<Cristina.Kusterle@illy.it>, size=0, class=0, nrcpts=1, proto=ESMTP, 
daemon=MTA, relay=host134-57-static.82-213-b.business.telecomitalia.it 
[213.82.57.134]No more records....

----- Original Message ----- 
From: "Gordon Colyn" <gordon@itnt.co.za>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Friday, June 20, 2008 3:16 PM
Subject: Sendmail/mailscanner intermittent problem with sendmail 
acceptingmessages but not being handed to mailscanner


ITNT BannerI have a problem where I am getting mail delivered to our servers
(problem is on all 4) and showing up in the log but not being handled by
Mailscanner.  I only see one line in the log confirming that the mail was
accepted by sendmail, but then nothing after that;

Anyone have any ideas?

Example;
sendmail[8388]: m5K9VKpL008388: from=<bouncebox@faxfx.biz>, size=0, class=0,
nrcpts=1, proto=ESMTP, daemon=MTA, relay=mail.faxfx.biz [196.31.203.114]
and
sendmail[7246]: m5K9S7tF007246: from=<bouncebox@faxfx.biz>, size=0, class=0,
nrcpts=1, proto=ESMTP, daemon=MTA, relay=gatew2.faxfx.biz [196.31.203.114]

I should see this;
sentinal sendmail[21377]: m5KDF2r7021377: from=<bstangeb@ha-nett.no>,
size=2534, class=0, nrcpts=1,
msgid=<000a01c8d2d7$04661f3d$8d3f1f8d@evvrwqfu>, proto=ESMTP, daemon=MTA,
relay=client-201.240.26.201.speedy.net.pe [201.240.26.201] (may be forged)
sendmail[21377]: m5KDF2r7021377: to=<salesd@lpa.co.za>, delay=00:00:01,
mailer=esmtp, pri=32534, stat=queued
MailScanner[13169]: Logging message m5KDF2r7021377 to SQL
 MailScanner[13148]: m5KDF2r7021377: Logged to MailWatch SQL

I have this issue on a number of emails from different senders, this is just
2 of many examples.

I am running Mailscanner 4.69.9, sendmail 8.14.1, spamassassin 3.2.5, clamd
0.93


Regards
Gordon Colyn
Office : 086 123 ITNT (4868)
Cell : 083 296 7534
Fax : 086 520 0885
InTheNet Technologies
www.itnt.co.za
MSN:gordoncolyn@hotmail.com
SKYPE:gordoncolyn

Confidentiality: This e-mail including any attachments is intended for the
above named addressee(s) only and contains confidential information. If you
have received this email in error you must take no action based on its
contents, nor must you reproduce or show the e-mail or any attachments or
any part thereof or communicate the contents to anyone; please reply to the
sender of this e-mail informing them of the error.

Viruses: We recommend that in keeping with good computing practice the
recipient should ensure that e-mails received are virus free before opening.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

From fabien.garziano at caliseo.com  Wed Jul  9 16:10:30 2008
From: fabien.garziano at caliseo.com (Fabien GARZIANO)
Date: Wed Jul  9 16:10:57 2008
Subject: Mailscanner / postfix Timeout in the SMTP dialog
Message-ID: <A2E2DF4BA44A5948A3E18F3ACF43797C3E09D1@srv01.Caliseo.local>

Thanks for your answer Denis.

I'll apply this patch ASAP and send feedback in this list if it's not misplaced.
 
 
> Fabien,
> 
> I don't know it this applies to you but I had to apply the 
> following patch to my kernel setup on RHEL 5 to stop that 
> knid of problems:
> tail /etc/sysctl.conf
> # Fix for tcp window scaling issue related to broken Internet 
> routers net.ipv4.tcp_wmem = 4096 16384 131072 
> net.ipv4.tcp_rmem = 4096 87380 174760
> 
> # From S. Freegard fsl.com
> # increase Linux autotuning TCP buffer limits # min, default, 
> and max number of bytes to use #net.ipv4.tcp_rmem = 4096 
> 87380 16777216 #net.ipv4.tcp_wmem = 4096 65536 16777216
> 
> I also included the values Steeve Freegard is using.  You 
> will have to restart your server after modifying your 
> sysctl.conf file (or you could use the sysctl command to make 
> the changes dynamically).
> 
> Denis
> 
> -- 
>    _
>   ?v?   Denis Beauchemin, analyste
>  /(_)\  Universit? de Sherbrooke, S.T.I.
>   ^ ^   T: 819.821.8000x62252 F: 819.821.8045
From ka at pacific.net  Wed Jul  9 16:21:04 2008
From: ka at pacific.net (Ken A)
Date: Wed Jul  9 16:21:07 2008
Subject: Sendmail/mailscanner intermittent problem with
 sendmail	acceptingmessages but not being handed to mailscanner
In-Reply-To: <CA6FB0F084A94E0BB2E895B80D3FB4D1@gordon>
References: <C838BD3BF2974C9E9AE046FE901CC01F@gordon>
	<CA6FB0F084A94E0BB2E895B80D3FB4D1@gordon>
Message-ID: <4874D760.8080202@pacific.net>

Gordon Colyn wrote:
> Hi,
> 
> Is anyone experiencing problems where mail is just disappearing.  We get the 
> initial mail coming in but then it seems to just disappear...
> Jul  9 16:00:30 mx01 sendmail[25610]: m69DxOSG025610: 
> from=<Cristina.Kusterle@illy.it>, size=0, class=0, nrcpts=1, proto=ESMTP, 
> daemon=MTA, relay=host134-57-static.82-213-b.business.telecomitalia.it 
> [213.82.57.134]No more records....

I assume you added that "No more records...." to the end.
That log entry (minus the "No more records....") just means that 
213.82.57.134 connected, then quit. You can duplicate this on the server 
with this:

telnet localhost 25
helo localhost
mail from: <you@yourdomain.com>
rcpt to: <you@yourdomain.com>
quit

You can turn up the logging in sendmail if you want more info, or use 
tcpdump to see this happening.

Ken

> 
> ----- Original Message ----- 
> From: "Gordon Colyn" <gordon@itnt.co.za>
> To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
> Sent: Friday, June 20, 2008 3:16 PM
> Subject: Sendmail/mailscanner intermittent problem with sendmail 
> acceptingmessages but not being handed to mailscanner
> 
> 
> ITNT BannerI have a problem where I am getting mail delivered to our servers
> (problem is on all 4) and showing up in the log but not being handled by
> Mailscanner.  I only see one line in the log confirming that the mail was
> accepted by sendmail, but then nothing after that;
> 
> Anyone have any ideas?
> 
> Example;
> sendmail[8388]: m5K9VKpL008388: from=<bouncebox@faxfx.biz>, size=0, class=0,
> nrcpts=1, proto=ESMTP, daemon=MTA, relay=mail.faxfx.biz [196.31.203.114]
> and
> sendmail[7246]: m5K9S7tF007246: from=<bouncebox@faxfx.biz>, size=0, class=0,
> nrcpts=1, proto=ESMTP, daemon=MTA, relay=gatew2.faxfx.biz [196.31.203.114]
> 
> I should see this;
> sentinal sendmail[21377]: m5KDF2r7021377: from=<bstangeb@ha-nett.no>,
> size=2534, class=0, nrcpts=1,
> msgid=<000a01c8d2d7$04661f3d$8d3f1f8d@evvrwqfu>, proto=ESMTP, daemon=MTA,
> relay=client-201.240.26.201.speedy.net.pe [201.240.26.201] (may be forged)
> sendmail[21377]: m5KDF2r7021377: to=<salesd@lpa.co.za>, delay=00:00:01,
> mailer=esmtp, pri=32534, stat=queued
> MailScanner[13169]: Logging message m5KDF2r7021377 to SQL
>  MailScanner[13148]: m5KDF2r7021377: Logged to MailWatch SQL
> 
> I have this issue on a number of emails from different senders, this is just
> 2 of many examples.
> 
> I am running Mailscanner 4.69.9, sendmail 8.14.1, spamassassin 3.2.5, clamd
> 0.93
> 
> 
> Regards
> Gordon Colyn
> Office : 086 123 ITNT (4868)
> Cell : 083 296 7534
> Fax : 086 520 0885
> InTheNet Technologies
> www.itnt.co.za
> MSN:gordoncolyn@hotmail.com
> SKYPE:gordoncolyn
> 
> Confidentiality: This e-mail including any attachments is intended for the
> above named addressee(s) only and contains confidential information. If you
> have received this email in error you must take no action based on its
> contents, nor must you reproduce or show the e-mail or any attachments or
> any part thereof or communicate the contents to anyone; please reply to the
> sender of this e-mail informing them of the error.
> 
> Viruses: We recommend that in keeping with good computing practice the
> recipient should ensure that e-mails received are virus free before opening.
> 


-- 
Ken Anderson
Pacific.Net

From paul.hutchings at mira.co.uk  Wed Jul  9 20:46:47 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Wed Jul  9 20:46:58 2008
Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
Message-ID: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>

As subject, there's a major bunch of updates been released for CentOS 5
recently.

I know nothing is concrete, but has anyone here taken the plunge and do
you know if there there any known/major issues between these, and
MailScanner 4.70?

Thanks in advance.


-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


From dnsadmin at 1bigthink.com  Wed Jul  9 21:43:36 2008
From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com)
Date: Wed Jul  9 21:43:59 2008
Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk
 >
References: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
Message-ID: <200807092043.m69KhiL4016816@mxt.1bigthink.com>

At 03:46 PM 7/9/2008, you wrote:
>As subject, there's a major bunch of updates been released for CentOS 5
>recently.
>
>I know nothing is concrete, but has anyone here taken the plunge and do
>you know if there there any known/major issues between these, and
>MailScanner 4.70?
>
>Thanks in advance.

Been lurking on both list groups.. waiting for the dust to settle, still.

Glenn



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From rcooper at dwford.com  Wed Jul  9 22:08:36 2008
From: rcooper at dwford.com (Rick Cooper)
Date: Wed Jul  9 22:08:51 2008
Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
Message-ID: <BE4F1A0B36894F5A8FA3CF1B0D4D6D79@SAHOMELT>

 

 > -----Original Message-----
 > From: mailscanner-bounces@lists.mailscanner.info 
 > [mailto:mailscanner-bounces@lists.mailscanner.info] On 
 > Behalf Of Paul Hutchings
 > Sent: Wednesday, July 09, 2008 3:47 PM
 > To: MailScanner discussion
 > Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
 > 
 > As subject, there's a major bunch of updates been released 
 > for CentOS 5
 > recently.
 > 
 > I know nothing is concrete, but has anyone here taken the 
 > plunge and do
 > you know if there there any known/major issues between these, and
 > MailScanner 4.70?
 > 
 > Thanks in advance.
 > 
 > 

I have not as of yet let yum do the updates as it updates from 5.1 to 5.2. I
would look at the recent thread regarding 5.2, perl and MailScanner

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From bbecken at aafp.org  Wed Jul  9 22:24:39 2008
From: bbecken at aafp.org (Brad Beckenhauer)
Date: Wed Jul  9 22:25:07 2008
Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
Message-ID: <4874E642.D87E.0068.3@aafp.org>

I'm running CentOS release 5.2 (Final), but I have *not* upgraded mysql
or the perl packages as shown below.  This box is a basic MailScanner
server without the GUI.

# uname -a
Linux xxx.aafp.org 2.6.18-92.1.6.el5 #1 SMP Wed Jun 25 13:49:24 EDT
2008 i686 i686 i386 GNU/Linux

Everything is running fine for the last couple of days.


Here's the output of my system after I removed ALL the excludes from
the yum.conf file.

# yum update
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
 * rpmforge: mirror.cpsc.ucalgary.ca
 * base: mirrors.liquidweb.com
 * updates: mirrors.liquidweb.com
 * addons: dist1.800hosting.com
 * extras: dist1.800hosting.com
rpmforge                  100% |=========================| 1.1 kB   
00:04
base                      100% |=========================| 1.1 kB   
00:00
updates                   100% |=========================|  951 B   
00:00
addons                    100% |=========================|  951 B   
00:00
extras                    100% |=========================| 1.1 kB   
00:00
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package perl-DBI.i386 0:1.605-1.el5.rf set to be updated
---> Package perl-IO.i386 0:1.2301-1.el5.rf set to be updated
---> Package perl-OLE-Storage_Lite.noarch 0:0.17-1.el5.rf set to be
updated
---> Package mysql-server.i386 0:5.0.45-7.el5 set to be updated
---> Package perl-IO-Compress-Zlib.noarch 0:2.011-1.el5.rf set to be
updated
---> Package perl-bignum.noarch 0:0.23-1.el5.rf set to be updated
---> Package perl-File-Temp.noarch 0:0.20-1.el5.rf set to be updated
---> Package mysql.i386 0:5.0.45-7.el5 set to be updated
---> Package perl-Compress-Zlib.noarch 0:2.011-1.el5.rf set to be
updated
---> Package perl-Math-BigInt.noarch 0:1.89-1.el5.rf set to be updated
---> Package perl-IO-Compress-Base.noarch 0:2.011-1.el5.rf set to be
updated
---> Package perl-Compress-Raw-Zlib.i386 0:2.011-1.el5.rf set to be
updated
---> Package perl-Math-BigRat.noarch 0:0.22-1.el5.rf set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository       
Size
=============================================================================
Updating:
 mysql                   i386       5.0.45-7.el5     base             
4.1 M
 mysql-server            i386       5.0.45-7.el5     base             
9.7 M
 perl-Compress-Raw-Zlib  i386       2.011-1.el5.rf   rpmforge         
163 k
 perl-Compress-Zlib      noarch     2.011-1.el5.rf   rpmforge          
34 k
 perl-DBI                i386       1.605-1.el5.rf   rpmforge         
864 k
 perl-File-Temp          noarch     0.20-1.el5.rf    rpmforge          
46 k
 perl-IO                 i386       1.2301-1.el5.rf  rpmforge          
99 k
 perl-IO-Compress-Base   noarch     2.011-1.el5.rf   rpmforge          
56 k
 perl-IO-Compress-Zlib   noarch     2.011-1.el5.rf   rpmforge         
142 k
 perl-Math-BigInt        noarch     1.89-1.el5.rf    rpmforge         
174 k
 perl-Math-BigRat        noarch     0.22-1.el5.rf    rpmforge          
30 k
 perl-OLE-Storage_Lite   noarch     0.17-1.el5.rf    rpmforge          
21 k
 perl-bignum             noarch     0.23-1.el5.rf    rpmforge          
40 k

Transaction Summary
=============================================================================
Install      0 Package(s)
Update      13 Package(s)
Remove       0 Package(s)

Total download size: 15 M
Is this ok [y/N]: n




>>> "Paul Hutchings" <paul.hutchings@mira.co.uk> 7/9/2008 2:46 PM >>>
As subject, there's a major bunch of updates been released for CentOS
5
recently.

I know nothing is concrete, but has anyone here taken the plunge and
do
you know if there there any known/major issues between these, and
MailScanner 4.70?

Thanks in advance.


-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use
of the intended recipient.
If you receive this e-mail in error, please delete it and notify us
either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the
e-mail as this is prohibited.


--
MailScanner mailing list
mailscanner@lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website!
From mkettler at evi-inc.com  Wed Jul  9 22:39:05 2008
From: mkettler at evi-inc.com (Matt Kettler)
Date: Wed Jul  9 22:39:50 2008
Subject: filename checks = wrong filename report
In-Reply-To: <4874963F.FEA8.00EB.0@imsu.ox.ac.uk>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>	<48709609.9050202@ecs.soton.ac.uk>
	<48748D04.FEA8.00EB.0@imsu.ox.ac.uk>	<625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>
	<4874963F.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <48752FF9.2010700@evi-inc.com>

Sylvain Phaneuf wrote:
>>>> On 09/07/2008 at 10:26, shuttlebox <shuttlebox@gmail.com> wrote:
>> The filename in the report is the sanitized version. I've had the same
>> problem explaining to users that the original filename was longer than
>> 150 characters when the reported one is clearly shorter. I just added
>> a few explaining words to the reports to solve the problem.
> 
> I would rather have a report that is not using a "sanitized version" if it were possible. 
> 
> I would prefer not saying to the user: trust us, we know this attachment is not good for you, even if the filename appears OK. 
> 
> And in the case I am reporting, the filename is less than 150 characters long anyway...

I don't think that's possible at present.

You could edit the report template to indicate that the filename is sanitized 
and may have some characters stripped out, but I don't see a way to get the 
un-sanitized name into the report.

From ssilva at sgvwater.com  Wed Jul  9 23:02:41 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul  9 23:03:06 2008
Subject: filename checks = wrong filename report
In-Reply-To: <4874963F.FEA8.00EB.0@imsu.ox.ac.uk>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>	<48709609.9050202@ecs.soton.ac.uk>
	<48748D04.FEA8.00EB.0@imsu.ox.ac.uk>	<625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>
	<4874963F.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <g53ci1$a9o$1@ger.gmane.org>

on 7-9-2008 2:43 AM Sylvain Phaneuf spake the following:
>>>> On 09/07/2008 at 10:26, shuttlebox <shuttlebox@gmail.com> wrote:
>> The filename in the report is the sanitized version. I've had the same
>> problem explaining to users that the original filename was longer than
>> 150 characters when the reported one is clearly shorter. I just added
>> a few explaining words to the reports to solve the problem.
> 
> I would rather have a report that is not using a "sanitized version" if it were possible. 
> 
> I would prefer not saying to the user: trust us, we know this attachment is not good for you, even if the filename appears OK. 
> 
> And in the case I am reporting, the filename is less than 150 characters long anyway...
> 
> Sylvain
> 
But if the un-sanitized name has some buffer overflow or other attack in it, 
you have a possible problem for the user. That is one reason why filenames are 
sanitized.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/a10bdda8/signature.bin
From ssilva at sgvwater.com  Wed Jul  9 23:04:54 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul  9 23:10:16 2008
Subject: unwanted mails in the queue
In-Reply-To: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com>
References: <7ed6b0aa0807082202g5a9d91dcja956d205e6ddc18c@mail.gmail.com>
Message-ID: <g53cm6$a9o$2@ger.gmane.org>

on 7-8-2008 10:02 PM Indunil Jayasooriya spake the following:
> Dear ALL,
> 
> I am running MailScanner with Postfix. I have a lot of mails in the
> queue. sender is mailer-daemon. Destination varies.  How does it
> happen?
> 
> has it become an openrelay?
> 
> Could you pls let me know what causes such problems.
> 
> How to slove this ?
> 
Learn how to tell what is legitimate for YOUR system. What we might find 
objectionable or bad, might be very important to your organization.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/ebaba698/signature.bin
From mkettler at evi-inc.com  Wed Jul  9 23:19:56 2008
From: mkettler at evi-inc.com (Matt Kettler)
Date: Wed Jul  9 23:20:16 2008
Subject: filename checks = wrong filename report
In-Reply-To: <g53ci1$a9o$1@ger.gmane.org>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>	<48709609.9050202@ecs.soton.ac.uk>	<48748D04.FEA8.00EB.0@imsu.ox.ac.uk>	<625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>	<4874963F.FEA8.00EB.0@imsu.ox.ac.uk>
	<g53ci1$a9o$1@ger.gmane.org>
Message-ID: <4875398C.5010207@evi-inc.com>

Scott Silva wrote:
> on 7-9-2008 2:43 AM Sylvain Phaneuf spake the following:
>>>>> On 09/07/2008 at 10:26, shuttlebox <shuttlebox@gmail.com> wrote:
>>> The filename in the report is the sanitized version. I've had the same
>>> problem explaining to users that the original filename was longer than
>>> 150 characters when the reported one is clearly shorter. I just added
>>> a few explaining words to the reports to solve the problem.
>>
>> I would rather have a report that is not using a "sanitized version" 
>> if it were possible.
>> I would prefer not saying to the user: trust us, we know this 
>> attachment is not good for you, even if the filename appears OK.
>> And in the case I am reporting, the filename is less than 150 
>> characters long anyway...
>>
>> Sylvain
>>
> But if the un-sanitized name has some buffer overflow or other attack in 
> it, you have a possible problem for the user. That is one reason why 
> filenames are sanitized.

And this would be feasible in the body text of a text/plain message section? 
(which is ultimately what the report is)

At that point they could just send the exploit in a message body and not bother 
with a file in the first place.

ooohoheresmyreallyscarrrylongfilenamethatcouldbufferoverflowyourpcandletmerunwhateverIwantonit.exe


See, nothing happened, did it? Even if it was thousands of characters long, it 
would be no different, because it's in the body text.











From ssilva at sgvwater.com  Wed Jul  9 23:43:28 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed Jul  9 23:43:48 2008
Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
Message-ID: <g53euf$ibc$1@ger.gmane.org>

on 7-9-2008 12:46 PM Paul Hutchings spake the following:
> As subject, there's a major bunch of updates been released for CentOS 5
> recently.
> 
> I know nothing is concrete, but has anyone here taken the plunge and do
> you know if there there any known/major issues between these, and
> MailScanner 4.70?
> 
> Thanks in advance.
> 
> 
I have one system that seems to be fine. MailScanner running great. All other 
mailscanner servers I have are on 4.6.

You have to jump through some hoops to get everything installed though. Search 
the list for answers.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/ea599509/signature.bin
From ka at pacific.net  Wed Jul  9 23:50:11 2008
From: ka at pacific.net (Ken A)
Date: Wed Jul  9 23:50:14 2008
Subject: Watch it: Multiple DNS implementations vulnerable to
	cache	poisoning
In-Reply-To: <4874856A.5000605@farrows.org>
References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org>
Message-ID: <487540A3.7050701@pacific.net>

This nice little tool was posted to the dns operations list.
Cut and paste this into your linux or BSD (Mac) to check your configured 
DNS resolver for cache poisoning vulnerability.

dig +short porttest.dns-oarc.net TXT

In windows you can use nslookup
 > nslookup
 > set type=txt
 > porttest.dns-oarc.net

Might be good to know how spoofable the DNS you are using is!

Ken


Peter Farrow wrote:
> 
> 
> 
> Alex Broens wrote:
>> Multiple DNS implementations vulnerable to cache poisoning
>>
>> http://www.kb.cert.org/vuls/id/800113
>>
>> Centos 4.x and 5.x provide udates
>>
>> yum update bind
>>
>> happy updating...
>>
>> Alex
>>
>>
>>
> thanks Alex!
> 
> Pete
> 


-- 
Ken Anderson
Pacific.Net

From ssilva at sgvwater.com  Thu Jul 10 00:00:58 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu Jul 10 00:01:22 2008
Subject: filename checks = wrong filename report
In-Reply-To: <4875398C.5010207@evi-inc.com>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>	<48709609.9050202@ecs.soton.ac.uk>	<48748D04.FEA8.00EB.0@imsu.ox.ac.uk>	<625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>	<4874963F.FEA8.00EB.0@imsu.ox.ac.uk>	<g53ci1$a9o$1@ger.gmane.org>
	<4875398C.5010207@evi-inc.com>
Message-ID: <g53fv9$kbm$1@ger.gmane.org>

on 7-9-2008 3:19 PM Matt Kettler spake the following:
> Scott Silva wrote:
>> on 7-9-2008 2:43 AM Sylvain Phaneuf spake the following:
>>>>>> On 09/07/2008 at 10:26, shuttlebox <shuttlebox@gmail.com> wrote:
>>>> The filename in the report is the sanitized version. I've had the same
>>>> problem explaining to users that the original filename was longer than
>>>> 150 characters when the reported one is clearly shorter. I just added
>>>> a few explaining words to the reports to solve the problem.
>>>
>>> I would rather have a report that is not using a "sanitized version" 
>>> if it were possible.
>>> I would prefer not saying to the user: trust us, we know this 
>>> attachment is not good for you, even if the filename appears OK.
>>> And in the case I am reporting, the filename is less than 150 
>>> characters long anyway...
>>>
>>> Sylvain
>>>
>> But if the un-sanitized name has some buffer overflow or other attack 
>> in it, you have a possible problem for the user. That is one reason 
>> why filenames are sanitized.
> 
> And this would be feasible in the body text of a text/plain message 
> section? (which is ultimately what the report is)
> 
> At that point they could just send the exploit in a message body and not 
> bother with a file in the first place.
> 
> ooohoheresmyreallyscarrrylongfilenamethatcouldbufferoverflowyourpcandletmerunwhateverIwantonit.exe 
> 
> 
> 
> See, nothing happened, did it? Even if it was thousands of characters 
> long, it would be no different, because it's in the body text.
How about when that longscaryfilename..... gets sent to syslog. That is 
another reason to sanitize the names.

Julian didn't set it that way to be easier, or to mess with users. He has 
listed all the reasons in the past, I just can't remember them all.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080709/72e10116/signature.bin
From shuttlebox at gmail.com  Thu Jul 10 00:47:40 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Thu Jul 10 00:48:02 2008
Subject: Watch it: Multiple DNS implementations vulnerable to cache
	poisoning
In-Reply-To: <487540A3.7050701@pacific.net>
References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org>
	<487540A3.7050701@pacific.net>
Message-ID: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>

On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka@pacific.net> wrote:
> This nice little tool was posted to the dns operations list.
> Cut and paste this into your linux or BSD (Mac) to check your configured DNS
> resolver for cache poisoning vulnerability.
>
> dig +short porttest.dns-oarc.net TXT

What's a good result supposed to look like?

I understand that this is not good since it's classified as poor and
comes from only one source port:

"a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00"

But why is this also classified as poor when all 44 queries come from new ports?

"e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43"

By the way, I don't know if server e.f.g.h is updated or not, I'm just
curious about the result.

-- 
Emo Philips  - "I got some new underwear the other day. Well, new to me."
From ka at pacific.net  Thu Jul 10 02:54:53 2008
From: ka at pacific.net (Ken A)
Date: Thu Jul 10 02:54:59 2008
Subject: Watch it: Multiple DNS implementations vulnerable to
	cache	poisoning
In-Reply-To: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
References: <48745EB2.8050404@alexb.ch>
	<4874856A.5000605@farrows.org>	<487540A3.7050701@pacific.net>
	<625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
Message-ID: <48756BED.30608@pacific.net>

shuttlebox wrote:
> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka@pacific.net> wrote:
>> This nice little tool was posted to the dns operations list.
>> Cut and paste this into your linux or BSD (Mac) to check your configured DNS
>> resolver for cache poisoning vulnerability.
>>
>> dig +short porttest.dns-oarc.net TXT
> 
> What's a good result supposed to look like?
> 

# dig +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.106.118.3 is GOOD: 26 queries in 0.2 seconds from 26 ports with std 
dev 17159.50"

> I understand that this is not good since it's classified as poor and
> comes from only one source port:
> 
> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00"
> 
> But why is this also classified as poor when all 44 queries come from new ports?
> 

They are probably not random enough. You can look at them with netstat 
or lsof -i

Ken

> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43"
> 
> By the way, I don't know if server e.f.g.h is updated or not, I'm just
> curious about the result.
> 


-- 
Ken Anderson
Pacific.Net

From rcooper at dwford.com  Thu Jul 10 04:36:50 2008
From: rcooper at dwford.com (Rick Cooper)
Date: Thu Jul 10 04:37:07 2008
Subject: Watch it: Multiple DNS implementations vulnerable to
	cachepoisoning
In-Reply-To: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
References: <48745EB2.8050404@alexb.ch>
	<4874856A.5000605@farrows.org><487540A3.7050701@pacific.net>
	<625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
Message-ID: <D7022D18FA79475F8015A22498BFCA0E@SAHOMELT>

 

 > -----Original Message-----
 > From: mailscanner-bounces@lists.mailscanner.info 
 > [mailto:mailscanner-bounces@lists.mailscanner.info] On 
 > Behalf Of shuttlebox
 > Sent: Wednesday, July 09, 2008 7:48 PM
 > To: MailScanner discussion
 > Subject: Re: Watch it: Multiple DNS implementations 
 > vulnerable to cachepoisoning
 > 
 > On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka@pacific.net> wrote:
 > > This nice little tool was posted to the dns operations list.
 > > Cut and paste this into your linux or BSD (Mac) to check 
 > your configured DNS
 > > resolver for cache poisoning vulnerability.
 > >
 > > dig +short porttest.dns-oarc.net TXT
 > 
 > What's a good result supposed to look like?
 > 
 > I understand that this is not good since it's classified as poor and
 > comes from only one source port:
 > 
 > "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports 
 > with std dev 0.00"
 > 
 > But why is this also classified as poor when all 44 queries 
 > come from new ports?
 > 
 > "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports 
 > with std dev 165.43"
 > 
 > By the way, I don't know if server e.f.g.h is updated or 
 > not, I'm just
 > curious about the result.
 > 

Look at the standard deviation on yours above then look at this one

is GOOD: 26 queries in 1.6 seconds from 26 ports with std dev 19681.46

Huge difference and would be virutaly impossible to "guess"

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From lists at designmedia.com  Thu Jul 10 07:25:10 2008
From: lists at designmedia.com (Henry Kwan)
Date: Thu Jul 10 07:25:36 2008
Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
References: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
Message-ID: <loom.20080710T062149-338@post.gmane.org>

Paul Hutchings <paul.hutchings <at> mira.co.uk> writes:

> 
> As subject, there's a major bunch of updates been released for CentOS 5
> recently.
> 
> I know nothing is concrete, but has anyone here taken the plunge and do
> you know if there there any known/major issues between these, and
> MailScanner 4.70?
> 

I took the plunge a few weeks ago and aside from one hiccup (see the "Can't
install CentOS 5.2 update?" thread), everything seems to be running fine (with
4.70.7-1).


From mailing_lists+mailscanner at caleotech.com  Thu Jul 10 07:32:49 2008
From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin)
Date: Thu Jul 10 07:33:02 2008
Subject: Watch it: Multiple DNS implementations vulnerable to cache 
 poisoning
In-Reply-To: <625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org>
	<487540A3.7050701@pacific.net>
	<625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
Message-ID: <53875.172.16.1.42.1215671569.squirrel@www.caleotech.com>

> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka@pacific.net> wrote:
>> This nice little tool was posted to the dns operations list.
>> Cut and paste this into your linux or BSD (Mac) to check your configured
>> DNS
>> resolver for cache poisoning vulnerability.
>>
>> dig +short porttest.dns-oarc.net TXT
>
> What's a good result supposed to look like?
>
> I understand that this is not good since it's classified as poor and
> comes from only one source port:
>
> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev
> 0.00"
>
> But why is this also classified as poor when all 44 queries come from new
> ports?
>
> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev
> 165.43"
>
> By the way, I don't know if server e.f.g.h is updated or not, I'm just
> curious about the result.
>
> --
> Emo Philips  - "I got some new underwear the other day. Well, new to me."
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

Hi,

Look in your named.conf and remove lines like:
query-source    port 53;
query-source-v6 port 53;

and run the test again. The directive above will force your dns to use
port 53 which is the source of this vulnerability.

      Jens
From ram at netcore.co.in  Thu Jul 10 08:14:02 2008
From: ram at netcore.co.in (ram)
Date: Thu Jul 10 08:14:20 2008
Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB0A36@mail03.mira.co.uk>
Message-ID: <1215674042.5691.26.camel@localhost.localdomain>


On Wed, 2008-07-09 at 20:46 +0100, Paul Hutchings wrote:
> As subject, there's a major bunch of updates been released for CentOS 5
> recently.
> 
> I know nothing is concrete, but has anyone here taken the plunge and do
> you know if there there any known/major issues between these, and
> MailScanner 4.70?
> 
> Thanks in advance.
> 


I always do an clean rpm install of mailscanner. ( not using the install
script  because I have to everything from a yum repository according to
rules here :-) ) 


With mailscanner 4.7.0 , I have to force install of 1 rpm
perl-IO-1.2301-1.noarch.rpm because of conflicts with perl 5.8 


Rest everything works fine, but systems guys here are not happy 


Thanks
Ram






From Sylvain.Phaneuf at imsu.ox.ac.uk  Thu Jul 10 08:29:24 2008
From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf)
Date: Thu Jul 10 08:29:40 2008
Subject: filename checks = wrong filename report
In-Reply-To: <g53fv9$kbm$1@ger.gmane.org>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>	<48709609.9050202@ecs.soton.ac.uk>	<48748D04.FEA8.00EB.0@imsu.ox.ac.uk>	<625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>	<4874963F.FEA8.00EB.0@imsu.ox.ac.uk>	<g53ci1$a9o$1@ger.gmane.org>
	<4875398C.5010207@evi-inc.com><4875398C.5010207@evi-inc.com>
	<g53fv9$kbm$1@ger.gmane.org>
Message-ID: <4875C865.FEA8.00EB.0@imsu.ox.ac.uk>



>>> Scott Silva <ssilva@sgvwater.com> 10/07/2008 00:00 >>>

> And this would be feasible in the body text of a text/plain message 
> section? (which is ultimately what the report is)
> 
> At that point they could just send the exploit in a message body and not 
> bother with a file in the first place.
> 
>> ooohoheresmyreallyscarrrylongfilenamethatcouldbufferoverflowyourpcandletmerunwhateverIwantonit.exe 
>> 
>> 
>> 
>> See, nothing happened, did it? Even if it was thousands of characters 
>> long, it would be no different, because it's in the body text.
> How about when that longscaryfilename..... gets sent to syslog. That is 
> another reason to sanitize the names.
> 
> Julian didn't set it that way to be easier, or to mess with users. He has 
> listed all the reasons in the past, I just can't remember them all.

Sorry, I had not realised this had been discussed in the past. I can't keep up with the MailScanner list people!

I will try to search the archives... 

I see the point about 150 characters limit, but the filename I see in my log is 
CNU0701SF00084(Sent200807041022)2.mail.pdf
and it is 42 characters long.  This attachment was not > 150 characters and yet it's name was sanitized. That's what is really confusing. The sanitizing hides the real fact that caused it to be blocked: it contains multiple extensions. Could the length of the filename trigger a different report that when an attachment has multiple extensions?

Sylvain 

From shuttlebox at gmail.com  Thu Jul 10 08:52:21 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Thu Jul 10 08:52:31 2008
Subject: filename checks = wrong filename report
In-Reply-To: <4875C865.FEA8.00EB.0@imsu.ox.ac.uk>
References: <EMEW-k64Im71c12df9f67ebd192953d8fb46925baab-486FAE8A.5020007@ntlworld.com>
	<48709609.9050202@ecs.soton.ac.uk>
	<48748D04.FEA8.00EB.0@imsu.ox.ac.uk>
	<625385e30807090226v521749d1k6ff3b4547d77bbb6@mail.gmail.com>
	<4874963F.FEA8.00EB.0@imsu.ox.ac.uk> <g53ci1$a9o$1@ger.gmane.org>
	<4875398C.5010207@evi-inc.com> <g53fv9$kbm$1@ger.gmane.org>
	<4875C865.FEA8.00EB.0@imsu.ox.ac.uk>
Message-ID: <625385e30807100052h2c18e65dve274890368fbde92@mail.gmail.com>

On Thu, Jul 10, 2008 at 9:29 AM, Sylvain Phaneuf
<Sylvain.Phaneuf@imsu.ox.ac.uk> wrote:
> I see the point about 150 characters limit, but the filename I see in my log is
> CNU0701SF00084(Sent200807041022)2.mail.pdf
> and it is 42 characters long.  This attachment was not > 150 characters and yet it's name was sanitized. That's what is really confusing. The sanitizing hides the real fact that caused it to be blocked: it contains multiple extensions. Could the length of the filename trigger a different report that when an attachment has multiple extensions?

I just mentioned the 150 character thing because I've also had some
explaining to do to my users. It has nothing to do with why your
attachment got blocked, it's a separate test in the filename rules and
they all cause the same report.

Most of us has solved this by editing the reports, you could for
example add "(filename shown may not be the original one)" or
something like that. That stopped users asking me why their file was
blocked.

-- 
George Burns  - "Don't stay in bed, unless you can make money in bed."
From peter at farrows.org  Thu Jul 10 09:00:49 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu Jul 10 09:01:15 2008
Subject: Watch it: Multiple DNS implementations vulnerable to cache
	poisoning
In-Reply-To: <53875.172.16.1.42.1215671569.squirrel@www.caleotech.com>
References: <48745EB2.8050404@alexb.ch>
	<4874856A.5000605@farrows.org>	<487540A3.7050701@pacific.net>	<625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
	<53875.172.16.1.42.1215671569.squirrel@www.caleotech.com>
Message-ID: <4875C1B1.2030604@farrows.org>


horizontal ruler




Jens Ahlin wrote:
>> On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka@pacific.net> wrote:
>>     
>>> This nice little tool was posted to the dns operations list.
>>> Cut and paste this into your linux or BSD (Mac) to check your configured
>>> DNS
>>> resolver for cache poisoning vulnerability.
>>>
>>> dig +short porttest.dns-oarc.net TXT
>>>       
>> What's a good result supposed to look like?
>>
>> I understand that this is not good since it's classified as poor and
>> comes from only one source port:
>>
>> "a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev
>> 0.00"
>>
>> But why is this also classified as poor when all 44 queries come from new
>> ports?
>>
>> "e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev
>> 165.43"
>>
>> By the way, I don't know if server e.f.g.h is updated or not, I'm just
>> curious about the result.
>>
>> --
>> Emo Philips  - "I got some new underwear the other day. Well, new to me."
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>     
>
> Hi,
>
> Look in your named.conf and remove lines like:
> query-source    port 53;
> query-source-v6 port 53;
>
> and run the test again. The directive above will force your dns to use
> port 53 which is the source of this vulnerability.
>
>       Jens
>   

Just for the record my DNS server returned:

dig +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"212.21.120.10 is GOOD: 26 queries in 4.5 seconds from 26 ports with std 
dev 19299.85"

But I patched it yesterday...

P.


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
Skipped content of type multipart/related
From a.peacock at chime.ucl.ac.uk  Thu Jul 10 09:15:52 2008
From: a.peacock at chime.ucl.ac.uk (Anthony Peacock)
Date: Thu Jul 10 09:16:06 2008
Subject: Mailscanner is not detecting eicar
In-Reply-To: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk>
References: <200807081639.m68GdPYx789089@alpha2.mssl.ucl.ac.uk>
Message-ID: <4875C538.1000208@chime.ucl.ac.uk>

Hi Paul,

Paul Lamb wrote:
> MailScanner version 4.69.9 is not detecting the eicar test "virus".
> 
> (This has not worked previously; I downloaded it a couple of weeks ago 
> but have only just configured it.)
> 
> Eicar is forwarded whether included in the message text
> 
>    mail pal < /etc/mail/EICAR-TEST-FILE
> 
> or as at attachment
>    
>    echo test | pine -attach /etc/mail/EICAR-TEST-FILE pal
> 
> I have tested with eicar included in the parameter Non-Forging Viruses 
> and with it not included.
> 
> Please note that MailScanner does detect and quarantine the virus 
> W32/MyDoom-O and Sophos sweep does detect eicar
> 
>    /usr/lib/MailScanner/sophos-wrapper /usr/local/Sophos EICAR-TEST-FILE 
>    [snip]
>    >>> Virus 'EICAR-AV-Test' found in file EICAR-TEST-FILE
>  
> Any suggestions would be appreciated.

Mailscanner and Sophos are working fine here and detecting EICAR.

"The following e-mails were found to have: Bad Filename Detected : Virus 
Detected

     Sender: a.peacock@chime.ucl.ac.uk
IP Address: 128.40.182.49
  Recipient: a.peacock@chime.ucl.ac.uk
    Subject: Test of eicar
  MessageID: m697INiw012407
Quarantine: /var/spool/MailScanner/quarantine/20080709/m697INiw012407
     Report: Clamd: eicar.com was infected: ./m697INiw012407/eicar.com: 
Eicar-Test-Signature FOUND
             SophosSAVI: eicar.com was infected by EICAR-AV-Test
             MailScanner: Executable DOS/Windows programs are dangerous 
in email (eicar.com)"

All I can suggest is to run MailScanner in debug mode and see if there 
is anything obvious in the debug output.

-- 
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
From fabien.garziano at caliseo.com  Thu Jul 10 09:22:00 2008
From: fabien.garziano at caliseo.com (Fabien GARZIANO)
Date: Thu Jul 10 09:22:27 2008
Subject: Mailscanner / postfix Timeout in the SMTP dialog
Message-ID: <A2E2DF4BA44A5948A3E18F3ACF43797C3E0A15@srv01.Caliseo.local>

 
Hi People, Hi Denis,

Unfortunately, I've applied the patch. 
I've tried the first one. Edit sysctl.conf, then reboot. I still got the same errors in maillog. 
I did the same with the 2nd fix but got the same result.

I'm still digging.

Anyway, thanks again for the answer.


> -----Message d'origine-----
> De : mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] De la 
> part de Fabien GARZIANO
> Envoy? : mercredi 9 juillet 2008 17:11
> ? : MailScanner discussion
> Objet : RE: Mailscanner / postfix Timeout in the SMTP dialog
> 
> Thanks for your answer Denis.
> 
> I'll apply this patch ASAP and send feedback in this list if 
> it's not misplaced.
>  
>  
> > Fabien,
> > 
> > I don't know it this applies to you but I had to apply the 
> following 
> > patch to my kernel setup on RHEL 5 to stop that knid of problems:
> > tail /etc/sysctl.conf
> > # Fix for tcp window scaling issue related to broken 
> Internet routers 
> > net.ipv4.tcp_wmem = 4096 16384 131072 net.ipv4.tcp_rmem = 
> 4096 87380 
> > 174760
> > 
> > # From S. Freegard fsl.com
> > # increase Linux autotuning TCP buffer limits # min, 
> default, and max 
> > number of bytes to use #net.ipv4.tcp_rmem = 4096 87380 16777216 
> > #net.ipv4.tcp_wmem = 4096 65536 16777216
> > 
> > I also included the values Steeve Freegard is using.  You 
> will have to 
> > restart your server after modifying your sysctl.conf file (or you 
> > could use the sysctl command to make the changes dynamically).
> > 
> > Denis
> > 
> > -- 
> >    _
> >   ?v?   Denis Beauchemin, analyste
> >  /(_)\  Universit? de Sherbrooke, S.T.I.
> >   ^ ^   T: 819.821.8000x62252 F: 819.821.8045
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
From shuttlebox at gmail.com  Thu Jul 10 09:42:03 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Thu Jul 10 09:42:12 2008
Subject: Watch it: Multiple DNS implementations vulnerable to cache
	poisoning
In-Reply-To: <48756BED.30608@pacific.net>
References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org>
	<487540A3.7050701@pacific.net>
	<625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
	<48756BED.30608@pacific.net>
Message-ID: <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com>

On Thu, Jul 10, 2008 at 3:54 AM, Ken A <ka@pacific.net> wrote:
> They are probably not random enough. You can look at them with netstat or
> lsof -i

OK, it's the standard deviation that is key to the result. Unique
ports but all in a row for example is of course not good.

I have now patched one server and it shows GOOD with a high std dev.

/peter
-- 
Robert Benchley  - "Drawing on my fine command of the English
language, I said nothing."
From seb at esfnet.co.uk  Thu Jul 10 09:49:51 2008
From: seb at esfnet.co.uk (Seb James)
Date: Thu Jul 10 09:50:23 2008
Subject: CRLF in attachments being replaced by LF
Message-ID: <1215679791.16028.16.camel@localhost>

Hi list,

I have a problem with some attachments being sent to me.

I am using postfix and MailScanner and SpamAssassin to process incoming
mail.

The attachments are raw print data, containing escape characters of
various types and also CRLF pairs, as well as formfeeds, and lonely LF
characters.

Somewhere, the CRLF are being converted to LF, which messes up the print
data (test docs sent to me by customers for testing and problem
resolution).

I suspect spamassassin, am I right?

Any way to turn spamassassin off for certain attachment file types, such
as any files ending in .prn and .dat? I know I can deny or allow files
based on file types, but what about spamassassin scanning depending on
file type?

Thanks in advance for any help,

Seb James



From topper at libero.it  Thu Jul 10 10:28:42 2008
From: topper at libero.it (topper@libero.it)
Date: Thu Jul 10 10:28:51 2008
Subject: Infected message Requeued
Message-ID: <14367963.14221215682122344.JavaMail.defaultUser@defaultHost>

Hello,

I have a trouble using SaneSecurity signature for Phishing and Scam.

My installation is Debian Etch with:

Postfix 2.3.8-2+b1
Clamav 0.93.1.dfsg-volatile1
MailScanner 4.55.10-3 (from Debian Stable) and MailScanner MailScanner-4.70.7-
1 from tar.gz.

This is the trouble:

Jul 10 11:23:23 mx1 postfix/smtpd[22669]: 478BC4C245: client=unknown[x.x.x.
x]
Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: hold: header 
Received: from [x.x.x.x] (unknown [x.x.x.x])??by mx6.xxx.xx (Postfix) with 
ESMTP id 478BC4C245??for <com@xx.it>; Thu, 10 Jul 2008 11:22:39 +0200 (CEST) 
from unknown[x.x.x.x]; from=<Dunning-updm@FA-WHV.NIEDERSACHSEN.DE> to=<com@xx.
it> proto=ESMTP helo=<x.x.x.x]>
Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: message-id=<21CD3BE3.
51%Dunning-updm@FA-WHV.NIEDERSACHSEN.DE>
Jul 10 11:23:36 mx1 MailScanner[22482]: 
/var/spool/MailScanner/incoming/22482/./478BC4C245.36DF1.message: Email.Spam.
Gen2986.Sanesecurity.08041408 FOUND
Jul 10 11:23:36 mx1 MailScanner[22482]: Infected message 478BC4C245.36DF1.
message came from
Jul 10 11:23:37 mx1 MailScanner[22482]: Requeue: 478BC4C245.36DF1 to 
C207D4C264

As you can see the message is recognized as infected, but MailScanner Requeue 
the message. This occur only when is recognized infected with the Sanesecurity 
signature. When the message in recognized infected by a virus it is quarantined 
and not delivered as expected.

The same thing occurs with del default package of MailScanner in Debian 
Stable and with the latest stable versione fro tar.gz.
From Neal at Morgan-Systems.com  Thu Jul 10 10:34:28 2008
From: Neal at Morgan-Systems.com (Neal Morgan)
Date: Thu Jul 10 10:35:15 2008
Subject: CRLF in attachments being replaced by LF
In-Reply-To: <1215679791.16028.16.camel@localhost>
References: <1215679791.16028.16.camel@localhost>
Message-ID: <7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net>

Seb James wrote:
> Hi list,
>
> I have a problem with some attachments being sent to me.
>
> I am using postfix and MailScanner and SpamAssassin to process
incoming
> mail.
>
> The attachments are raw print data, containing escape characters of
> various types and also CRLF pairs, as well as formfeeds, and lonely LF
> characters.
>
> Somewhere, the CRLF are being converted to LF, which messes up the
print
> data (test docs sent to me by customers for testing and problem
> resolution).
>
> I suspect spamassassin, am I right?
>
> Any way to turn spamassassin off for certain attachment file types,
such
> as any files ending in .prn and .dat? I know I can deny or allow files
> based on file types, but what about spamassassin scanning depending on
> file type?
>
> Thanks in advance for any help,
>
> Seb James

Just a wild guess - but since SMTP expects <CRLF>.<CRLF> to end the data
phase, is it possible that MUA (sending side) is performing this
replacement to prevent message truncation during delivery?

Try having the sender zip the file or rename to a type that Windows
doesn't consider text...


From list-mailscanner at linguaphone.com  Thu Jul 10 10:42:16 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Thu Jul 10 10:42:26 2008
Subject: Infected message Requeued
In-Reply-To: <14367963.14221215682122344.JavaMail.defaultUser@defaultHost>
References: <14367963.14221215682122344.JavaMail.defaultUser@defaultHost>
Message-ID: <1215682936.2680.1.camel@gblades-suse.linguaphone-intranet.co.uk>

Dont use the debian stable version of Mailscanner it is not kept up to
date and version 4.55 is very old and may not work with with some latter
postfix and perl module versions.

On Thu, 2008-07-10 at 10:28, topper@libero.it wrote:
> Hello,
> 
> I have a trouble using SaneSecurity signature for Phishing and Scam.
> 
> My installation is Debian Etch with:
> 
> Postfix 2.3.8-2+b1
> Clamav 0.93.1.dfsg-volatile1
> MailScanner 4.55.10-3 (from Debian Stable) and MailScanner MailScanner-4.70.7-
> 1 from tar.gz.
> 
> This is the trouble:
> 
> Jul 10 11:23:23 mx1 postfix/smtpd[22669]: 478BC4C245: client=unknown[x.x.x.
> x]
> Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: hold: header 
> Received: from [x.x.x.x] (unknown [x.x.x.x])??by mx6.xxx.xx (Postfix) with 
> ESMTP id 478BC4C245??for <com@xx.it>; Thu, 10 Jul 2008 11:22:39 +0200 (CEST) 
> from unknown[x.x.x.x]; from=<Dunning-updm@FA-WHV.NIEDERSACHSEN.DE> to=<com@xx.
> it> proto=ESMTP helo=<x.x.x.x]>
> Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: message-id=<21CD3BE3.
> 51%Dunning-updm@FA-WHV.NIEDERSACHSEN.DE>
> Jul 10 11:23:36 mx1 MailScanner[22482]: 
> /var/spool/MailScanner/incoming/22482/./478BC4C245.36DF1.message: Email.Spam.
> Gen2986.Sanesecurity.08041408 FOUND
> Jul 10 11:23:36 mx1 MailScanner[22482]: Infected message 478BC4C245.36DF1.
> message came from
> Jul 10 11:23:37 mx1 MailScanner[22482]: Requeue: 478BC4C245.36DF1 to 
> C207D4C264
> 
> As you can see the message is recognized as infected, but MailScanner Requeue 
> the message. This occur only when is recognized infected with the Sanesecurity 
> signature. When the message in recognized infected by a virus it is quarantined 
> and not delivered as expected.
> 
> The same thing occurs with del default package of MailScanner in Debian 
> Stable and with the latest stable versione fro tar.gz.

From seb at esfnet.co.uk  Thu Jul 10 10:48:47 2008
From: seb at esfnet.co.uk (Seb James)
Date: Thu Jul 10 10:49:55 2008
Subject: CRLF in attachments being replaced by LF
In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net>
References: <1215679791.16028.16.camel@localhost>
	<7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net>
Message-ID: <1215683327.16028.21.camel@localhost>

On Thu, 2008-07-10 at 02:34 -0700, Neal Morgan wrote:
> Seb James wrote:
> > Hi list,
> >
> > I have a problem with some attachments being sent to me.
> >
> > I am using postfix and MailScanner and SpamAssassin to process
> incoming
> > mail.
> >
> > The attachments are raw print data, containing escape characters of
> > various types and also CRLF pairs, as well as formfeeds, and lonely LF
> > characters.
> >
> > Somewhere, the CRLF are being converted to LF, which messes up the
> print
> > data (test docs sent to me by customers for testing and problem
> > resolution).
> >
> > I suspect spamassassin, am I right?
> >
> > Any way to turn spamassassin off for certain attachment file types,
> such
> > as any files ending in .prn and .dat? I know I can deny or allow files
> > based on file types, but what about spamassassin scanning depending on
> > file type?
> >
> > Thanks in advance for any help,
> >
> > Seb James
> 
> Just a wild guess - but since SMTP expects <CRLF>.<CRLF> to end the data
> phase, is it possible that MUA (sending side) is performing this
> replacement to prevent message truncation during delivery?
> 
> Try having the sender zip the file or rename to a type that Windows
> doesn't consider text...

Thanks for the reply Neil,

I think the attachment would be base64 encoded, meaning that the sending
side wouldn't see any CRLF to strip out.

I'm sure this is happening in my MTA, because the same message sent to
multiple recipients including me and someone receiving their email via a
different chain (including some Linux based MTA for their domain then a
Windows mail client) arrived with the attachment different in each case.

I really want to avoid asking the sender to do anything if I can
possibly get these mails to arrive intact!

best,

Seb



From J.Ede at birchenallhowden.co.uk  Thu Jul 10 11:14:43 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Thu Jul 10 11:15:06 2008
Subject: Watch it: Multiple DNS implementations vulnerable to cache
	poisoning
In-Reply-To: <625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com>
References: <48745EB2.8050404@alexb.ch> <4874856A.5000605@farrows.org>
	<487540A3.7050701@pacific.net>
	<625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com>
	<48756BED.30608@pacific.net>
	<625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local>

I've patched some servers and they're showing good, but on one behind a firewall its still showing as poor despite the update being run... Its running Centos5.1

Jason


> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of shuttlebox
> Sent: 10 July 2008 09:42
> To: MailScanner discussion
> Subject: Re: Watch it: Multiple DNS implementations vulnerable to cache
> poisoning
>
> On Thu, Jul 10, 2008 at 3:54 AM, Ken A <ka@pacific.net> wrote:
> > They are probably not random enough. You can look at them with
> netstat or
> > lsof -i
>
> OK, it's the standard deviation that is key to the result. Unique
> ports but all in a row for example is of course not good.
>
> I have now patched one server and it shows GOOD with a high std dev.
>
> /peter
> --
> Robert Benchley  - "Drawing on my fine command of the English
> language, I said nothing."
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From topper at libero.it  Thu Jul 10 11:19:30 2008
From: topper at libero.it (topper@libero.it)
Date: Thu Jul 10 11:19:38 2008
Subject: R: Re: Infected message Requeued
Message-ID: <14970417.18091215685170170.JavaMail.defaultUser@defaultHost>

Yes of course I've installed MailScanner 4.70.7 with no progession.

But I've found that all messages (and not only Sanesecurity's one) are 
delivered also if marked as Infected. The only difference is that I can't see 
them in the quarantine directory. So actually it seems that MailScanner is only 
reporting Infected messages but requeue all them and I can't understand why.

>----Messaggio originale----
>Da: list-mailscanner@linguaphone.com
>Data: 10/07/2008 11.42
>A: "MailScanner discussion"<mailscanner@lists.mailscanner.info>
>Ogg: Re: Infected message Requeued
>
>Dont use the debian stable version of Mailscanner it is not kept up to
>date and version 4.55 is very old and may not work with with some latter
>postfix and perl module versions.
>
>On Thu, 2008-07-10 at 10:28, topper@libero.it wrote:
>> Hello,
>> 
>> I have a trouble using SaneSecurity signature for Phishing and Scam.
>> 
>> My installation is Debian Etch with:
>> 
>> Postfix 2.3.8-2+b1
>> Clamav 0.93.1.dfsg-volatile1
>> MailScanner 4.55.10-3 (from Debian Stable) and MailScanner MailScanner-
4.70.7-
>> 1 from tar.gz.
>> 
>> This is the trouble:
>> 
>> Jul 10 11:23:23 mx1 postfix/smtpd[22669]: 478BC4C245: client=unknown[x.x.
x.
>> x]
>> Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: hold: header 
>> Received: from [x.x.x.x] (unknown [x.x.x.x])??by mx6.xxx.xx (Postfix) 
with 
>> ESMTP id 478BC4C245??for <com@xx.it>; Thu, 10 Jul 2008 11:22:39 +0200 
(CEST) 
>> from unknown[x.x.x.x]; from=<Dunning-updm@FA-WHV.NIEDERSACHSEN.DE> 
to=<com@xx.
>> it> proto=ESMTP helo=<x.x.x.x]>
>> Jul 10 11:23:29 mx1 postfix/cleanup[23212]: 478BC4C245: message-
id=<21CD3BE3.
>> 51%Dunning-updm@FA-WHV.NIEDERSACHSEN.DE>
>> Jul 10 11:23:36 mx1 MailScanner[22482]: 
>> /var/spool/MailScanner/incoming/22482/./478BC4C245.36DF1.message: Email.
Spam.
>> Gen2986.Sanesecurity.08041408 FOUND
>> Jul 10 11:23:36 mx1 MailScanner[22482]: Infected message 478BC4C245.
36DF1.
>> message came from
>> Jul 10 11:23:37 mx1 MailScanner[22482]: Requeue: 478BC4C245.36DF1 to 
>> C207D4C264
>> 
>> As you can see the message is recognized as infected, but MailScanner 
Requeue 
>> the message. This occur only when is recognized infected with the 
Sanesecurity 
>> signature. When the message in recognized infected by a virus it is 
quarantined 
>> and not delivered as expected.
>> 
>> The same thing occurs with del default package of MailScanner in Debian 
>> Stable and with the latest stable versione fro tar.gz.

From prandal at herefordshire.gov.uk  Thu Jul 10 11:32:06 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jul 10 11:32:29 2008
Subject: Watch it: Multiple DNS implementations vulnerable to
	cachepoisoning
In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local>
References: <48745EB2.8050404@alexb.ch>
	<4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local>
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk>

Have you made sure that in named.conf there are no

  query-source    port 53;	
  query-source-v6 port 53;

lines?

Cheers,

Phil

--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason
Ede
Sent: 10 July 2008 11:15
To: MailScanner discussion
Subject: RE: Watch it: Multiple DNS implementations vulnerable to
cachepoisoning

I've patched some servers and they're showing good, but on one behind a
firewall its still showing as poor despite the update being run... Its
running Centos5.1

Jason


> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- 
> bounces@lists.mailscanner.info] On Behalf Of shuttlebox
> Sent: 10 July 2008 09:42
> To: MailScanner discussion
> Subject: Re: Watch it: Multiple DNS implementations vulnerable to 
> cache poisoning
>
> On Thu, Jul 10, 2008 at 3:54 AM, Ken A <ka@pacific.net> wrote:
> > They are probably not random enough. You can look at them with
> netstat or
> > lsof -i
>
> OK, it's the standard deviation that is key to the result. Unique 
> ports but all in a row for example is of course not good.
>
> I have now patched one server and it shows GOOD with a high std dev.
>
> /peter
> --
> Robert Benchley  - "Drawing on my fine command of the English 
> language, I said nothing."
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From J.Ede at birchenallhowden.co.uk  Thu Jul 10 12:03:24 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Thu Jul 10 12:03:45 2008
Subject: Watch it: Multiple DNS implementations vulnerable to
	cachepoisoning
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk>
References: <48745EB2.8050404@alexb.ch>
	<4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local>
	<7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49FC@server02.bhl.local>

Got it... I commented those lines out from the named.caching-nameserver.conf file and its all happy and reporting as good now...

That file is as delivered by Centos yum install caching-nameserver.

Jason

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Randal, Phil
> Sent: 10 July 2008 11:32
> To: MailScanner discussion
> Subject: RE: Watch it: Multiple DNS implementations vulnerable to
> cachepoisoning
>
> Have you made sure that in named.conf there are no
>
>   query-source    port 53;
>   query-source-v6 port 53;
>
> lines?
>
> Cheers,
>
> Phil
>
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason
> Ede
> Sent: 10 July 2008 11:15
> To: MailScanner discussion
> Subject: RE: Watch it: Multiple DNS implementations vulnerable to
> cachepoisoning
>
> I've patched some servers and they're showing good, but on one behind a
> firewall its still showing as poor despite the update being run... Its
> running Centos5.1
>
> Jason
>
>
> > -----Original Message-----
> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> > bounces@lists.mailscanner.info] On Behalf Of shuttlebox
> > Sent: 10 July 2008 09:42
> > To: MailScanner discussion
> > Subject: Re: Watch it: Multiple DNS implementations vulnerable to
> > cache poisoning
> >
> > On Thu, Jul 10, 2008 at 3:54 AM, Ken A <ka@pacific.net> wrote:
> > > They are probably not random enough. You can look at them with
> > netstat or
> > > lsof -i
> >
> > OK, it's the standard deviation that is key to the result. Unique
> > ports but all in a row for example is of course not good.
> >
> > I have now patched one server and it shows GOOD with a high std dev.
> >
> > /peter
> > --
> > Robert Benchley  - "Drawing on my fine command of the English
> > language, I said nothing."
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From cobalt-users1 at fishnet.co.uk  Thu Jul 10 12:50:38 2008
From: cobalt-users1 at fishnet.co.uk (Ian)
Date: Thu Jul 10 12:50:58 2008
Subject: Watch it: Multiple DNS implementations vulnerable to cache
	poisoning
In-Reply-To: <487540A3.7050701@pacific.net>
References: <48745EB2.8050404@alexb.ch>, <4874856A.5000605@farrows.org>,
	<487540A3.7050701@pacific.net>
Message-ID: <4876059E.6432.350E75@cobalt-users1.fishnet.co.uk>

On 9 Jul 2008 at 17:50, Ken A wrote:

> This nice little tool was posted to the dns operations list.
> Cut and paste this into your linux or BSD (Mac) to check your configured 
> DNS resolver for cache poisoning vulnerability.
> 
> dig +short porttest.dns-oarc.net TXT
> 
> In windows you can use nslookup
>  > nslookup
>  > set type=txt
>  > porttest.dns-oarc.net
> 
> Might be good to know how spoofable the DNS you are using is!
> 
> Ken

Hi,

Thanks for this Ken, its helped me fix several configs that I thought were ok! They were 
patched but still had a query-source set.  Had to fiddle with some firewalls too.

On windows though I don't see the same results as on linux:

nslookup
 > set type=txt
 > set timeout=30
 > porttest.dns-oarc.net

porttest.dns-oarc.net   canonical name = 
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net 

ie no actual TXT record

Any ideas?

Regards

Ian
-- 


From peter at farrows.org  Thu Jul 10 13:06:55 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu Jul 10 13:07:19 2008
Subject: Watch it: Multiple DNS implementations vulnerable
	to	cachepoisoning
In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk>
References: <48745EB2.8050404@alexb.ch>	<4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com>	<4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local>
	<7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk>
Message-ID: <4875FB5F.8030906@farrows.org>

If you're running a public DNS server or a DNS server for your LAN 
clients then these lines are an extremely good idea...

P.


Randal, Phil wrote:
> Have you made sure that in named.conf there are no
>
>   query-source    port 53;	
>   query-source-v6 port 53;
>
> lines?
>
> Cheers,
>
> Phil
>
> --
> Phil Randal
> Networks Engineer
> Herefordshire Council
> Hereford, UK
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason
> Ede
> Sent: 10 July 2008 11:15
> To: MailScanner discussion
> Subject: RE: Watch it: Multiple DNS implementations vulnerable to
> cachepoisoning
>
> I've patched some servers and they're showing good, but on one behind a
> firewall its still showing as poor despite the update being run... Its
> running Centos5.1
>
> Jason
>
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- 
>> bounces@lists.mailscanner.info] On Behalf Of shuttlebox
>> Sent: 10 July 2008 09:42
>> To: MailScanner discussion
>> Subject: Re: Watch it: Multiple DNS implementations vulnerable to 
>> cache poisoning
>>
>> On Thu, Jul 10, 2008 at 3:54 AM, Ken A <ka@pacific.net> wrote:
>>     
>>> They are probably not random enough. You can look at them with
>>>       
>> netstat or
>>     
>>> lsof -i
>>>       
>> OK, it's the standard deviation that is key to the result. Unique 
>> ports but all in a row for example is of course not good.
>>
>> I have now patched one server and it shows GOOD with a high std dev.
>>
>> /peter
>> --
>> Robert Benchley  - "Drawing on my fine command of the English 
>> language, I said nothing."
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website! 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>   

-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/cdc71509/attachment.html
From seb at esfnet.co.uk  Thu Jul 10 13:15:19 2008
From: seb at esfnet.co.uk (Seb James)
Date: Thu Jul 10 13:15:38 2008
Subject: CRLF in attachments being replaced by LF
In-Reply-To: <1215683327.16028.21.camel@localhost>
References: <1215679791.16028.16.camel@localhost>
	<7D1CC61717004141A57CA6CA1C8087EC38DF7F@server-16.MorganSys.net>
	<1215683327.16028.21.camel@localhost>
Message-ID: <1215692119.16028.32.camel@localhost>

On Thu, 2008-07-10 at 10:48 +0100, Seb James wrote:
> On Thu, 2008-07-10 at 02:34 -0700, Neal Morgan wrote:
> > Seb James wrote:
> > > Hi list,
> > >
> > > I have a problem with some attachments being sent to me.
> > >
> > > I am using postfix and MailScanner and SpamAssassin to process
> > incoming
> > > mail.
> > >
> > > The attachments are raw print data, containing escape characters of
> > > various types and also CRLF pairs, as well as formfeeds, and lonely LF
> > > characters.
> > >
> > > Somewhere, the CRLF are being converted to LF, which messes up the
> > print
> > > data (test docs sent to me by customers for testing and problem
> > > resolution).
> > >
> > > I suspect spamassassin, am I right?
> > >
> > > Any way to turn spamassassin off for certain attachment file types,
> > such
> > > as any files ending in .prn and .dat? I know I can deny or allow files
> > > based on file types, but what about spamassassin scanning depending on
> > > file type?
> > >
> > > Thanks in advance for any help,
> > >
> > > Seb James
> > 
> > Just a wild guess - but since SMTP expects <CRLF>.<CRLF> to end the data
> > phase, is it possible that MUA (sending side) is performing this
> > replacement to prevent message truncation during delivery?
> > 
> > Try having the sender zip the file or rename to a type that Windows
> > doesn't consider text...
> 
> Thanks for the reply Neil,
> 
> I think the attachment would be base64 encoded, meaning that the sending
> side wouldn't see any CRLF to strip out.

In fact, now I look back at the messsage source, the attachment transfer
encoding was quoted-printable, rather than base64, so the problems with
CRLF being modified into LF are quite understandable.

&*$&%? MS Outlook (the MUA here) for allowing users to send attachments
quoted-printable!

> I'm sure this is happening in my MTA, because the same message sent to
> multiple recipients including me and someone receiving their email via a
> different chain (including some Linux based MTA for their domain then a
> Windows mail client) arrived with the attachment different in each case.
> 
> I really want to avoid asking the sender to do anything if I can
> possibly get these mails to arrive intact!
> 
> best,
> 
> Seb
> 
> 
> 



From prandal at herefordshire.gov.uk  Thu Jul 10 13:20:42 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Thu Jul 10 13:21:00 2008
Subject: Watch it: Multiple DNS implementations
	vulnerableto	cachepoisoning
In-Reply-To: <4875FB5F.8030906@farrows.org>
References: <48745EB2.8050404@alexb.ch>	<4874856A.5000605@farrows.org><487540A3.7050701@pacific.net><625385e30807091647n54dc6556ube297c7b650860a1@mail.gmail.com><48756BED.30608@pacific.net><625385e30807100142w395688d1j656adf5d541e99f7@mail.gmail.com>	<4CAB0118AEC63A4FAAE77E6BCBDF760C65717C49F9@server02.bhl.local><7EF0EE5CB3B263488C8C18823239BEBA0430DC31@HC-MBX02.herefordshire.gov.uk>
	<4875FB5F.8030906@farrows.org>
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0430DC8E@HC-MBX02.herefordshire.gov.uk>

query-source defines the IP address (IPv4 or IPv6) and optional port to
be used as the source for outgoing queries from the server.
 
The default is a random unprivileged port.
 
There may, of course, be over-zealous firewall rules (or SELinux
policies) which mistakenly insist that the source and destination ports
are both 53, but that's plain wrong.
 
And dangerous.
 
Cheers,
 
Phil

-- 
Phil Randal 
Networks Engineer 
Herefordshire Council 
Hereford, UK 

 

________________________________

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Peter
Farrow
Sent: 10 July 2008 13:07
To: MailScanner discussion
Subject: Re: Watch it: Multiple DNS implementations vulnerableto
cachepoisoning


If you're running a public DNS server or a DNS server for your LAN
clients then these lines are an extremely good idea...

P.


Randal, Phil wrote: 

	Have you made sure that in named.conf there are no
	
	  query-source    port 53;	
	  query-source-v6 port 53;
	
	lines?
	
	Cheers,
	
	Phil
	
	--
	Phil Randal
	Networks Engineer
	Herefordshire Council
	Hereford, UK
	
	-----Original Message-----
	From: mailscanner-bounces@lists.mailscanner.info
	[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Jason
	Ede
	Sent: 10 July 2008 11:15
	To: MailScanner discussion
	Subject: RE: Watch it: Multiple DNS implementations vulnerable
to
	cachepoisoning
	
	I've patched some servers and they're showing good, but on one
behind a
	firewall its still showing as poor despite the update being
run... Its
	running Centos5.1
	
	Jason
	
	
	  

		-----Original Message-----
		From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner- 
		bounces@lists.mailscanner.info] On Behalf Of shuttlebox
		Sent: 10 July 2008 09:42
		To: MailScanner discussion
		Subject: Re: Watch it: Multiple DNS implementations
vulnerable to 
		cache poisoning
		
		On Thu, Jul 10, 2008 at 3:54 AM, Ken A <ka@pacific.net>
<mailto:ka@pacific.net>  wrote:
		    

			They are probably not random enough. You can
look at them with
			      

		netstat or
		    

			lsof -i
			      

		OK, it's the standard deviation that is key to the
result. Unique 
		ports but all in a row for example is of course not
good.
		
		I have now patched one server and it shows GOOD with a
high std dev.
		
		/peter
		--
		Robert Benchley  - "Drawing on my fine command of the
English 
		language, I said nothing."
		--
		MailScanner mailing list
		mailscanner@lists.mailscanner.info
	
http://lists.mailscanner.info/mailman/listinfo/mailscanner
		
		Before posting, read
http://wiki.mailscanner.info/posting
		
		Support MailScanner development - buy the book off the
website!
		    

	--
	MailScanner mailing list
	mailscanner@lists.mailscanner.info
	http://lists.mailscanner.info/mailman/listinfo/mailscanner
	
	Before posting, read http://wiki.mailscanner.info/posting
	
	Support MailScanner development - buy the book off the website! 
	--
	MailScanner mailing list
	mailscanner@lists.mailscanner.info
	http://lists.mailscanner.info/mailman/listinfo/mailscanner
	
	Before posting, read http://wiki.mailscanner.info/posting
	
	Support MailScanner development - buy the book off the website!
	
	  


-- 
This message has been scanned for viruses and 
dangerous content by the Inexcom <http://www.inexcom.co.uk/>  system
scanner, 
and is believed to be clean. 
Advanced heuristic mail scanning server [-]. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/9ce2c728/attachment.html
From davejones70 at gmail.com  Thu Jul 10 13:23:17 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Thu Jul 10 13:23:27 2008
Subject: MailScanner 4.70 and latest raft of CentOS5 updates?
Message-ID: <67a55ed50807100523y75c6e95dj35794579b3a516ce@mail.gmail.com>

>>
>> As subject, there's a major bunch of updates been released for CentOS 5
>> recently.
>>
>> I know nothing is concrete, but has anyone here taken the plunge and do
>> you know if there there any known/major issues between these, and
>> MailScanner 4.70?
>>

You will either need to "yum update --exclude=perl*" or force install it.

Unrelated to MailScanner and perl, I was bitten by this bug in the
CentOS/RHEL 5.2 kernel:
http://bugs.centos.org/view.php?id=2912

So don't do this update remotely and expect it to boot back up.  You might
want to exclude kernel* for now on older AMD K8 and Intel P3 CPUs.  My
problem box is a P3 500.

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080710/82f5d3ee/attachment.html
From peter at farrows.org  Thu Jul 10 13:31:03 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu Jul 10 13:31:54 2008
Subject: Watch it: Multiple DNS implementations vulnerable to
 cachepoisoning (fwd)
In-Reply-To: <Pine.LNX.4.64.0807102222320.29088@ebfjryy.nhfvpf.arg>
References: <Pine.LNX.4.64.0807102222320.29088@ebfjryy.nhfvpf.arg>
Message-ID: <48760107.8090101@farrows.org>

Yeah,

I misread the whole thing, so sorry about that,  just checked my public 
name servers and I already have it commented out when I set them up a 
few years ago...

oh how time flies when you're having fun 

:-)



horizontal ruler




Res wrote:
> I think your confusing what those options do, a properly configured 
> DNS server does not need those lines, they are a risk.
>
>
> ---------- Forwarded message ----------
> Date: Thu, 10 Jul 2008 13:06:55 +0100
> From: Peter Farrow <peter@farrows.org>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: Re: Watch it: Multiple DNS implementations vulnerable to 
> cachepoisoning
>
> If you're running a public DNS server or a DNS server for your LAN
> clients then these lines are an extremely good idea...
>
> P.
>
>
> Randal, Phil wrote:
>> Have you ma